HE

Book an apartment

ISTRA Association

Privacy Policy

ISTRA Association – Association of Short-Term Rental Apartment Operators in Israel (hereinafter: “the Association”)
Association Registration No.: 580717338
Address: Ramat Yishai POB 3058
Phone: 053-352-4873
Email: info@istra.org.il
Last Updated: September 19, 2025

1. General and Introduction

1.1 The ISTRA Association operates in accordance with the Privacy Protection Law, 1981 (hereinafter: “the Law”), and Amendment 13 to the Law which entered into force on August 14, 2025, including any regulation, order, directive, and/or professional guideline issued from time to time by the Israeli Privacy Protection Authority.

1.2 This document serves as the Privacy Policy and details the manner in which personal information provided to the Association is collected, used, stored, shared, transferred, and protected, whether directly or indirectly.

1.3 Use of the Association’s services, including use of its website and any online service or registration form, constitutes full consent to this Privacy Policy and to the website’s Terms of Use. A user who does not agree to these terms must immediately cease using the website. Providing personal information to the Association also constitutes full consent to this policy.

1.4 The masculine form used in this document is for convenience only and refers to all genders equally.

2. Definitions

“Personal Information” – as defined in Section 7 of the Law, including any information about a person whose identity is known or can reasonably be identified, including: first and last name, ID number, telephone number, email address, and any other information provided to the Association.

“Sensitive Information” – as defined in Amendment 13, including health data, biometric information, criminal background information, location data, and more. The Association does not collect sensitive information unless explicit written consent has been provided knowingly.

“Data Subject” – any person whose personal information is collected and/or held by the Association.

3. Types of Information Collected

The information we collect or store depends on the active provision of information during your interaction with us, including but not limited to:

  • First and last name
  • ID number
  • Telephone number
  • Email address (when provided)
  • Any additional details voluntarily provided by you for the purpose of interacting with the Association

4. Purposes of Using the Information

  • Providing services to Association members and the general public
  • Internal management and operation of the Association
  • Compliance with legal and regulatory requirements
  • Maintaining communication with Association members via email, SMS messages, and telephone calls
  • Cooperation with governmental bodies and external organizations

5. Collection and Storage of Information

The information is collected directly from you through registration forms, online inquiries, written documents, or any other method through which you provided the information.

The information is stored in a CRM system hosted on cloud servers located outside Israel.

The information may be stored within the same interface through which it was submitted.

The Association performs cross-border data transfers in accordance with the Law and Amendment 13.

Each online form on the Association’s website is connected to a secure database. Completing a form may require explicitly marking “I have read and agree to the privacy policy”, however even if this box is not marked, the mere provision of information constitutes consent to this policy. The database is reported to the Privacy Protection Authority where required by law.

6. Cookies and Technological Information

The website uses Cookies and similar monitoring tools in order to improve user experience, store preferences, perform statistical analysis, create custom audiences for advertising, and improve services. Users may change their browser settings to block cookies, however doing so may affect the browsing experience.

7. Payment Details

If donations or payments are collected through the website, they will be processed solely through secure payment providers. The Association does not store credit card numbers or full payment details within its systems.

8. Sharing Information with Third Parties

The Association will not sell or rent personal information to third parties.

Information will be shared only when legally required or when necessary for the Association’s activities, for example with CRM providers or IT service providers.

Service providers are contractually obligated to maintain information security in accordance with the law.

9. Data Retention

Information will be retained for the period necessary for the purposes described above or as required by law. At the end of the retention period, the information will be deleted or anonymized, unless there is a legal obligation to retain it further.

10. Data Subject Rights

According to Amendment 13 to the Law, you have the following rights:

  • The right to review information held about you.
  • The right to request correction of information that is incorrect or incomplete.
  • The right to request deletion of information, subject to legal obligations.
  • The right to receive information regarding transfers to third parties or abroad.

Requests may be sent to: info@istra.org.il

11. Information Security

The Association implements appropriate administrative, technological, and organizational security measures to protect information. However, it is known that no system is completely immune, and the Association shall not be responsible for damages resulting from events beyond its control.

The Association implements advanced security measures, including the use of HTTPS protocol, separate permission management for authorized users, database hardening, vulnerability monitoring, and incident response management for information security events.

12. Data Protection Officer (DPO)

12.1 In accordance with Amendment 13 to the Law, the Association is not required to appoint a designated Data Protection Officer (“DPO”), however it has decided to appoint one voluntarily, beyond what is required by law.

12.2 The DPO will be responsible for:

  • Supervising the Association’s compliance with applicable law
  • Handling inquiries from data subjects
  • Maintaining direct contact with the Privacy Protection Authority
  • Providing internal guidance to the Association’s management regarding privacy and data security

12.3 DPO Details:

Full Name: Itai Raz
Position in the Association: VP of Operations
Phone: 053-352-4873
Email: istrassociation@gmail.com
Date of Appointment: September 19, 2025

12.4 The Association will update the DPO details on its website and within this policy whenever relevant changes occur.

13. Consent to Receive Marketing Communications and Removal from Mailing Lists

By providing your details to the Association in any manner, you confirm that the Association may use your details for marketing or service-related communications. You may remove yourself from mailing lists at any time via a designated link or by sending a written request to the email address listed above.

14. Governing Law and Jurisdiction

This policy, the Terms of Use, and the use of the website are governed exclusively by Israeli law. Exclusive jurisdiction in any dispute arising from them shall be subject to arbitration by a single arbitrator in the city of Tel Aviv-Yafo. By using the website or the Association’s services, you agree to arbitration by a single arbitrator who is not bound by the rules of evidence and waive any right related to filing a class action against the Association.

15. Updates to the Privacy Policy

The Association may update this policy from time to time. An updated version will be published on the website and will take effect immediately unless stated otherwise.

Skip to content