Owner & Operator: Two Break Ltd., Company No. 516646205, 32 Yitzhak Sadeh St., Tel Aviv
Contact for privacy/data subject rights: [email protected] | Tel: +972-73-708-3012
Last Updated: 13/08/2025

Purpose of this Policy: To explain what personal information we collect, for what purposes, on what legal basis, with whom it may be shared, how it is secured, how long it is retained, and what your rights are. This policy complies with the main updates in the Privacy Protection Law (Amendment 13).

1. Scope of the Policy

1.1. This policy applies to the use of our website (including lead-generation pop-ups) and to bookings/purchases made via WooCommerce.

1.2. The website is intended for adults (18+) making a booking. Participation by a minor requires parental/guardian approval or accompaniment, as set out in the activity terms.

2. Types of Information We Process

2.1. Information You Provide Directly

• Lead-generation pop-ups: full name, phone number (and email marketing only with explicit consent).

• WooCommerce checkout: full name, phone, email, booking/invoice details, transaction identifiers.

• On-site before the activity: presentation of ID and signing a waiver (an ID number may be recorded for legal validity of the waiver).

• Customer service inquiries: inquiry details and contact information.

2.2. Payments

• Payment processing via “Meshulam – Credit Card Processing” (iframe/popup). We do not store card details on our servers.

2.3. Technical & Usage Data

• Online identifiers (IP/Device ID), website usage data (pages, session duration).

• Cookies/Pixels: Google Analytics is active for measurement; Facebook Pixel is installed and may be activated for future marketing.

3. Purposes of Use of Information

3.1. To perform bookings and provide services – scheduling, coordination, invoices, customer service.

3.2. To operate, secure, and improve – measurement, statistics, proper website operation.

3.3. Marketing communications – sending promotions/updates:

• For leads – only with prior explicit consent.

• For paying customers – about our similar services, with an unsubscribe option in every message.

  3.4. Compliance with the law – retention of documents/invoices, responses to authorities/court orders.

4. Legal Bases for Processing

(a) Consent (e.g., for marketing or non-essential cookies),

(b) Performance of a contract/taking steps prior to entering into it (booking),

(c) Legitimate interest (reasonable operation/security/analytics),

(d) Legal obligation (tax, court order).

5. Sharing with Third Parties

5.1. Processors & service providers: “Meshulam” (payment), hosting/backup infrastructure, Google Analytics/Tag, Meta/Facebook Pixel, WordPress plugins, email/SMS providers, accountants/consultants.

5.2. Authorities/Courts: where legally required or ordered.

5.3. Information is shared on a minimum necessary basis and subject to confidentiality and security obligations.

6. Cookies and Similar Technologies

6.1. We use cookies for essential operation, analytics, and marketing.

6.2. You can delete or block cookies through your browser settings.

7. Data Retention

• Lead data (name + phone): up to 24 months from last interaction, or until a deletion request – whichever comes first.

• Orders/invoices: in line with bookkeeping and tax obligations (generally up to 7 years).

• Technical/analytics logs (non-identifiable): retained as reasonably necessary for operational purposes.

8. Data Security

The site operates over HTTPS and we implement reasonable administrative, organizational, and technical safeguards. Access to information is restricted by role. Payment details are processed only by the payment provider and are not stored by us. In case of a security incident, we will act according to the law (documentation, remediation, notification where required).

9. Your Rights

You have the right to access your data, request correction/update, request deletion of data no longer needed (subject to retention obligations), and to object or withdraw consent for marketing at any time.

Requests: [email protected]. We will respond within the timelines required by law and may ask for identity verification.

10. Minors

Website bookings are for adults (18+). Participation of minors requires parental/guardian approval or accompaniment, and the signing/presentation of documents as required in the terms.

11. Data Transfers Outside Israel

Transfers may occur to cloud providers/processors outside Israel; such transfers will comply with applicable law and appropriate agreements.

12. Privacy Contact / Officer

Based on the scope of our activity, we are not currently required to appoint a Data Protection Officer (DPO). Privacy contact: [email protected].

13. Updates to the Policy

We may update this policy from time to time. The publication of the updated version on our website will be deemed effective.