We, at Midot – Ethics Computerized Diagnostic Systems LTD. (“Midot”, “we”, “us” or “our”) respect your privacy and put great efforts in securing Personal Data and in processing it lawfully.
The term “Personal Data” refers to information that identifies an individual or relates to an identifiable individual. For example, Personal Data includes personal details such as your name, email address and telephone number, and further includes our analysis of your answers and response to a Test, and information that we collect or receive in relation to you from others.
Providing Personal Data to us is voluntary. You are not required by law to provide us with Personal Data, and any Personal Data that you do provide is subject to your choice and consent. If you chose not to provide us with the Personal Data that is necessary for us to administer and process your Test, you will not be able take the Test.
Personal Data That You Provide Us
Before taking the Test, you are requested to fill-in an online registration form with details about you. These details will include either your full name or your government-issued identification card number, and our Client may request you to add the email address and phone number. In addition, our Client can request you to fill-in an application form with additional information, such as address, gender, date of birth, photo, CV, education credentials and history of tests taken.
When you take the Test, you provide us with your response and answers to questions, including answers in free text, that we analyse and generate a report to the relevant organization that ordered the Test from us.
If you contact us, you will provide us with information as part of your communication with us, that may include Personal Data.
Ensuring the Integrity of Your Test
In the event that our Client has requested that we provide identity authentication services, we will collect and use photographs of you during the course of your examination in order to verify your authenticity. A notice (“Notice”) will be provided to you before the examination.
When you approve the Notice, your device’s camera will be used during the examination to take pictures of your face at various intervals. We will share your photographs with the Client providing the exam in order to authenticate your identity and confirm that the requirements have been met.
Alternatively, If our clients request it, we will use Amazon Rekognition as a third-party service provider to verify your identity. In that case, a Notice will be provided to you prior to the examination. Upon approval of the Notice, your device’s camera will be used to verify your identity during the examination. To find out more about the Amazon Rekognition service please see at: https://docs.aws.amazon.com/rekognition/latest/dg/what-is.html.
Personal Data That We Collect and Other Sources of Information
We will receive your personal details and other relevant Personal Data from our Client.
When you take that test, we use “cookies” (for further information about cookies, please see below) and we obtain information when your browser accesses our Service.
When you use the Service, we also receive information about your interaction with our Service from third-party analytics services. For more information, please see the “Aggregated and Analytical Information” section of this policy. Examples of such information we collect and analyze include the Internet Protocol (IP) address used to connect your access device to the Internet; browser type and version, time zone setting, browser plug-in types and versions and operating system, and platform.
How we Use Personal Data?
We use Personal Data for the following purposes:
- to administer your test and provide the Service to our customers, to manage and maintain the Service, to ensure the Service’s quality;
- to communicate with you;
- to manage our business operations, for example, for accounting purposes, internal auditing, planning and development;
- to train our personnel and to improve our Service and enhance it;
- for research purposes, for example, to ensure fairness and non-discrimination based on age, gender, language and education. We will ask for your specific consent to participate in our research.
- we will use Personal Data to enforce our test terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to prevent fraud, unauthorized use of data and our systems, misappropriation, infringements, identity thefts and any other misuse of the Service, to protect vital interests, and to take any action in any legal dispute and proceeding.
We will use Personal Data for additional purposes, if we reasonably consider that the additional purpose is compatible with the original purpose. If we need to use Personal Data for an incompatible purpose, we will request your consent beforehand.
The Legal Ground for Processing the Personal Data
We will process Personal Data when it is legally permitted. In some countries we rely on your consent only. In others, where there are additional legal grounds to process Personal Data, we will rely on those additional grounds, and more than one legal basis will apply to the processing of the same Personal Data, depending on the processing activity.
the following legal grounds apply to the processing of Personal Data:
- performance of contract between you and us for taking the test;
- our legitimate interest, for example, to maintain, protect and improve our Service and for legal proceedings;
- compliance with a legal obligation;
- your consent. If we require your consent then we will provide you with a consent form and explain the meaning of your consent.
We will process sensitive information, for example any psychological analysis, or information about your criminal convictions, only if we are allowed to by law, and for the specific purposes that we indicate in this policy, and subject to your explicit consent, if required by law.
Sharing Personal Data with Others
We do not sell, rent, lease Personal Data, or share Personal Data for targeted advertising purposes.
When you take the Test at the order of our customer who contracts us to provide our Service, you authorize us to deliver the Test results, our analysis, report and any other information received about you to our relevant customer in any format, as deemed appropriate by us. The customer may also instruct us to deliver this information to a third party acting on the customer’s behalf.
For the purposes described in this policy, we will share Personal Data with service providers, advisors and consultants, who support our Service and business activities, for example, for cloud hosting, analytics, data analysis and development, accounting and training.
We will also share Personal Data with our affiliated companies, as necessary to support the purposes of processing under this policy.
A merger, acquisition or any other corporate structural change will require us to share Personal Data to another entity, as part of the structural change.
We will need to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You must provide us with accurate and up-to-date personal details. You should not provide us with any personal details of other individuals, and you must not make any use or any attempt to use any information associated with others, while taking the Test or otherwise when using the Service.
When you take the test and provide your answers, you must not provide or disclose any personal information, and especially any sensitive data, related to others, including on friends, colleagues and members of your family.
Your Rights and Choice
You are eligible to the following rights associated with Personal Data, subject to the privacy and data protection laws that apply to our processing of the Personal Data.
We note that in separate, you have rights associated with Personal Data that you can exercise directly with our customer who ordered your Test.
If you wish to know if your are entitled to any certain right and if you wish to exercise any of your rights in relation to Personal Data, including exercising your choices or opt-out rights, please send us a message through: https://midot.com/contact-us/. We will process your request and respond as required and permitted by law, by answering your request favorably or by rejecting it, in whole or in part.
These are the following the rights:
- You can ask to withdraw your consent to the processing of Personal Data. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal and we can continue using data in a non-identifiable form.
- You can request to delete Personal Data. Please keep in mind that our Client may have already received Personal Data related to you and that any deletion of such data from the Client’s information systems is subject to a separate request to delete the data from the Client.
- You can request a copy of the Personal Data and associated information, in a standard available format, so that you could use it and transfer it to others, and you can further request to correct or delete inaccurate Personal Data or complete incomplete Personal Data.
- You can request to restrict access to Personal Data, object to its processing or limit its use.
- Our Service and the Tests are a supportive tool for our customers’ decision-making processes. It is not a decision making tool by itself and we do not process Personal Data for automated decision making purposes. Therefore, you the right not to be subject to a decision based solely on automated processing, is not relevant to the Service.
- You have a right to file complaint with a privacy or data protection supervisory authority of your place of residence, or work or where you believe that your privacy rights were violated. You do not need to contact us to exercise this right.
- Subject to limitations under applicable laws, you can request us to communicate your request to exercise your rights to our relevant service providers and other third parties with whom we share Personal Data in accordance with this policy, and request that they will also act according to your request.
We will respond timely to your request.
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
If you submit your request to us through an agent, we will require additional confirmation of an agency relations or a duly signed power of attorney between you and the agent.
If we need to delete Personal Data following your request, it will take some time until we completely delete residual copies of Personal Data from our active servers and from our backup systems. We also note that we will not delete data that is needed, or is likely to be needed, in a legal, administrative or regulatory proceeding.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Personal Data Retention
We retain different types of Personal Data for different periods, depending on the purposes for processing the information, our legitimate business purposes, and pursuant to legal requirements under applicable law.
We will maintain your contact details, to help us stay in contact with you.
Records of Tests will be retained for 7 years and will be completely and permanently deleted thereafter. We will securely delete these records on a periodical basis, a few times a year. Furthermore, 3 years after Tests are taken, all identifying details of Test takers will be detached from the records of the tests and kept in a secure and segregated environment, until the records are deleted.
However, if retention is reasonably necessary to resolve disputes, for legal proceedings, to prevent fraud and abuse, to enforce our legal terms or if we are otherwise required by law, we will retain the Personal Data, as required.
Meta data associated with the use of our Service, such as analytics data, and data associated with our business activities and your requests to exercise your rights will be maintained for up to 7 years, or as required by law.
At any time, you can contact our privacy team through: https://midot.com/contact-us/ and request to delete your contact details. Note that we will keep your details without using them if necessary, and for the necessary period of time, for legal requirements and proceedings.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
Transfer of Data Outside Your Territory
The Service is web-based. We store and process information, including Personal Data, either directly or using third parties, such as cloud hosting service providers. We use data centers within the European Economic Area (EEA), will further store, host and keep business continuity sites in, and access the Personal Data from, additional territories. The laws of these countries may differ from the laws of the country in which you live.
If the laws that apply to our processing of Personal Data require that a transfer of Personal Data to another jurisdiction requires your consent, then you provide us your freely given, express, specific and unambiguous consent to such transfer.
If such laws require additional safeguards, then we will apply those safeguards, for example, by relying on a formal decision of adequacy of personal data processing under the laws of the transferred country, or by engaging the transferred entity under contracts designed to protect your privacy right and the security and confidentiality of the Personal Data.
You can obtain a copy of the suitable safeguards that we use when transferring Personal Data as described above or receive further information about data transfer by contacting us through: https://midot.com/contact-us/
Aggregated and Analytical Information
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies, and they use their own cookies to provide their service (for further information about cookies, please see our Cookies and Similar Tracking Technologies Policy).
We use anonymous, statistical, or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from that information that we or others can associate specifically with you.
Midot is committed to ensuring the security of Personal Data. We and our hosting services implement systems, applications, and procedures to secure Personal Data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures are designed to provide a sound level of industry standard security.
However, no security system is impenetrable, and although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
Inquiries and Complaints
We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner. If you have any concerns about the way we process Personal Data, you are welcome to contact our privacy team through:
We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.
From time to time, we will update this policy. If the updates have minor if any consequences, they will take effect 14 days after we post a notice on the Service. Substantial changes will be effective 30 days after we initially posted the notice. However, if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law. We will make reasonable efforts to notify you about the changes in the policy.
Please contact our privacy team for further information through: https://midot.com/contact-us/.
Last Updated on November 1, 2022