Privacy Policy
Rafo-B, Israel Works Ltd
Privacy Policy
Rafo-B, Israel Works Ltd
Privacy Policy
Rafo-B, Israel Works Ltd
Overview
The entity contracting with partners and users is:
Effective date: 10 September 2025
Controller: Israel Works Ltd. (Company no. 516259774)
Registered address: Herzl Street 1, Tel Aviv-Yafo, Israel
Contact: info@rafo-b.io
Group disclosure: raf-b.il is part of ISR WORKS HONGKONG LIMITED; all rights reserved. This notice explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, where we transfer it, your rights, and how to contact us or a regulator. It is designed to satisfy GDPR/UK GDPR transparency duties (Articles 13–14).
Who we are & roles
Israel Works Ltd. is generally the controller for the processing described here. We use service providers as processors. For regulated financial features, some partners that power our Banking‑as‑a‑Service functions (e.g., Airwallex) may act as independent controllers for their own regulated obligations (KYC/AML, fraud prevention, network compliance).
Data we collect
Identifiers/contact (name, email, phone, address, date of birth); account credentials.
Government/KYC data (ID/passport, residency/tax ID, sanctions/PEP screening results where required).
Financial/transaction data (account/card details via secure partners; amounts, currency, timestamps, counterparties, merchant descriptors).
Device/usage (IP, device IDs, app/browser type, diagnostics/crash logs, pages and events).
Location data (IP-based or GPS if enabled).
Support & communications (calls/chats/emails and related metadata).
Marketing preferences and cookie/SDK choices; optional demographics/employment for business onboarding.
Sources: directly from you, automatically from your device/app, and from third parties (identity/KYC services, financial institutions, payment networks, analytics/advertising providers) where permitted by law.
Purposes & legal bases
Provide the services & support: create accounts, process payments/transfers/cards, show balances/activity, maintain your profile.
Bases: contract; legitimate interests.
Compliance & risk: KYC/AML/CFT, fraud monitoring, sanctions screening, recordkeeping, regulatory reporting.
Bases: legal obligation; substantial public interest where applicable.
Security & integrity: detect/prevent fraud/abuse; protect our apps and infrastructure.
Bases: legitimate interests; legal obligation.
Improvement & analytics: usage insights, performance, troubleshooting.
Bases: legitimate interests; consent where required.
Marketing & personalization: only as permitted; with opt‑out or consent as required.
Bases: consent where required; legitimate interests otherwise.
Legal claims & enforcement: exercise/defend claims, investigate misuse, enforce terms.
Cookies & similar technologies
We use cookies, SDKs, pixels, and local storage to operate the service, keep you signed in, measure usage, prevent fraud, and—where you allow—analyze and tailor content/ads. In the UK/EU, non‑essential cookies require prior, informed, active consent. You can manage choices via our banner and your browser/device settings. See our Cookie/SDK section below.
Sharing your information
Service providers (processors): hosting, security, analytics, communications, identity/KYC, payments, support—bound by contract and only per our instructions. Financial partners & payment networks: to issue cards, process payments, execute transfers, and comply with network rules/regulation (some act as independent controllers). Affiliates; regulators/authorities (where required by law); professional advisers under confidentiality; and with your direction/consent. We do not sell personal information. If we ever engage in “sharing” for cross‑context advertising under certain U.S. state laws, we will provide a clear opt‑out.
International transfers
For EU/EEA data, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). For UK data, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs. We assess transfer risks and apply supplementary measures where needed.
Retention
We retain data only as long as necessary for the purposes above and to meet legal obligations (including AML recordkeeping). Baselines: Identification & KYC/AML—7 years; Financial/transaction—7 years; Technical/security logs—24 months; Customer support—36 months; Marketing preferences—until opt‑out; Cookie/SDK data—per the Cookie/SDK section.
Your rights
EU/UK: rights of access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with a supervisory authority. Israel: rights under the Protection of Privacy Law, 5741–1981; oversight by the Israeli Privacy Protection Authority. To exercise rights, email info@rafo-b.io. We will verify your request and respond within applicable timelines.
Children’s privacy
Our services are not directed to children under the minimum age in their jurisdiction (e.g., 13 or 16). If we learn we collected such data, we will delete it.
Security
We implement administrative, technical, and physical safeguards proportional to the risks, including access controls, encryption in transit, vulnerability management, logging/monitoring, and employee training.
Automated decision‑making & profiling
We may use automated checks (e.g., fraud/risk signals, sanctions screening, device risk) to protect you and comply with law. Where required, we provide meaningful information about the logic involved, explain significance/consequences, and offer a way to request human review.
Third‑party links & SDKs
Our sites/apps may link to third‑party sites or integrate third‑party SDKs. Their privacy practices are their own; please review their policies.
Region‑specific notes
EU/EEA & UK: disclosures required by GDPR/UK GDPR Articles 13–14; cross‑border transfers rely on SCCs/UK IDTA or Addendum. Israel: processing complies with the Protection of Privacy Law, 5741–1981 and related guidance. United States: no separate U.S. state addendum at this time; we will publish one if activities expand.
Contact & changes
Contact: info@rafo-b.io | Postal: Privacy Team, Israel Works Ltd., Herzl Street 1, Tel Aviv‑Yafo, Israel. EU/UK representative & DPO: none appointed at this time. We will update this notice when needed and change the Effective date above; for significant changes, we will notify you in‑app or by email.
Cookie & SDK policy summary
Categories: (1) strictly necessary; (2) analytics & performance; (3) functionality; (4) marketing/measurement (used only if deployed, and only with consent where required). Tool currently used: Google Analytics 4 (GA4). GA4 retention: typically 2 or 14 months for event/user‑level data (configurable). You can manage choices via the banner and yourbrowser/device settings.
Overview
The entity contracting with partners and users is:
Effective date: 10 September 2025
Controller: Israel Works Ltd. (Company no. 516259774)
Registered address: Herzl Street 1, Tel Aviv-Yafo, Israel
Contact: info@rafo-b.io
Group disclosure: raf-b.il is part of ISR WORKS HONGKONG LIMITED; all rights reserved. This notice explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, where we transfer it, your rights, and how to contact us or a regulator. It is designed to satisfy GDPR/UK GDPR transparency duties (Articles 13–14).
Who we are & roles
Israel Works Ltd. is generally the controller for the processing described here. We use service providers as processors. For regulated financial features, some partners that power our Banking‑as‑a‑Service functions (e.g., Airwallex) may act as independent controllers for their own regulated obligations (KYC/AML, fraud prevention, network compliance).
Data we collect
Identifiers/contact (name, email, phone, address, date of birth); account credentials.
Government/KYC data (ID/passport, residency/tax ID, sanctions/PEP screening results where required).
Financial/transaction data (account/card details via secure partners; amounts, currency, timestamps, counterparties, merchant descriptors).
Device/usage (IP, device IDs, app/browser type, diagnostics/crash logs, pages and events).
Location data (IP-based or GPS if enabled).
Support & communications (calls/chats/emails and related metadata).
Marketing preferences and cookie/SDK choices; optional demographics/employment for business onboarding.
Sources: directly from you, automatically from your device/app, and from third parties (identity/KYC services, financial institutions, payment networks, analytics/advertising providers) where permitted by law.
Purposes & legal bases
Provide the services & support: create accounts, process payments/transfers/cards, show balances/activity, maintain your profile.
Bases: contract; legitimate interests.
Compliance & risk: KYC/AML/CFT, fraud monitoring, sanctions screening, recordkeeping, regulatory reporting.
Bases: legal obligation; substantial public interest where applicable.
Security & integrity: detect/prevent fraud/abuse; protect our apps and infrastructure.
Bases: legitimate interests; legal obligation.
Improvement & analytics: usage insights, performance, troubleshooting.
Bases: legitimate interests; consent where required.
Marketing & personalization: only as permitted; with opt‑out or consent as required.
Bases: consent where required; legitimate interests otherwise.
Legal claims & enforcement: exercise/defend claims, investigate misuse, enforce terms.
Cookies & similar technologies
We use cookies, SDKs, pixels, and local storage to operate the service, keep you signed in, measure usage, prevent fraud, and—where you allow—analyze and tailor content/ads. In the UK/EU, non‑essential cookies require prior, informed, active consent. You can manage choices via our banner and your browser/device settings. See our Cookie/SDK section below.
Sharing your information
Service providers (processors): hosting, security, analytics, communications, identity/KYC, payments, support—bound by contract and only per our instructions. Financial partners & payment networks: to issue cards, process payments, execute transfers, and comply with network rules/regulation (some act as independent controllers). Affiliates; regulators/authorities (where required by law); professional advisers under confidentiality; and with your direction/consent. We do not sell personal information. If we ever engage in “sharing” for cross‑context advertising under certain U.S. state laws, we will provide a clear opt‑out.
International transfers
For EU/EEA data, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). For UK data, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs. We assess transfer risks and apply supplementary measures where needed.
Retention
We retain data only as long as necessary for the purposes above and to meet legal obligations (including AML recordkeeping). Baselines: Identification & KYC/AML—7 years; Financial/transaction—7 years; Technical/security logs—24 months; Customer support—36 months; Marketing preferences—until opt‑out; Cookie/SDK data—per the Cookie/SDK section.
Your rights
EU/UK: rights of access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with a supervisory authority. Israel: rights under the Protection of Privacy Law, 5741–1981; oversight by the Israeli Privacy Protection Authority. To exercise rights, email info@rafo-b.io. We will verify your request and respond within applicable timelines.
Children’s privacy
Our services are not directed to children under the minimum age in their jurisdiction (e.g., 13 or 16). If we learn we collected such data, we will delete it.
Security
We implement administrative, technical, and physical safeguards proportional to the risks, including access controls, encryption in transit, vulnerability management, logging/monitoring, and employee training.
Automated decision‑making & profiling
We may use automated checks (e.g., fraud/risk signals, sanctions screening, device risk) to protect you and comply with law. Where required, we provide meaningful information about the logic involved, explain significance/consequences, and offer a way to request human review.
Third‑party links & SDKs
Our sites/apps may link to third‑party sites or integrate third‑party SDKs. Their privacy practices are their own; please review their policies.
Region‑specific notes
EU/EEA & UK: disclosures required by GDPR/UK GDPR Articles 13–14; cross‑border transfers rely on SCCs/UK IDTA or Addendum. Israel: processing complies with the Protection of Privacy Law, 5741–1981 and related guidance. United States: no separate U.S. state addendum at this time; we will publish one if activities expand.
Contact & changes
Contact: info@rafo-b.io | Postal: Privacy Team, Israel Works Ltd., Herzl Street 1, Tel Aviv‑Yafo, Israel. EU/UK representative & DPO: none appointed at this time. We will update this notice when needed and change the Effective date above; for significant changes, we will notify you in‑app or by email.
Cookie & SDK policy summary
Categories: (1) strictly necessary; (2) analytics & performance; (3) functionality; (4) marketing/measurement (used only if deployed, and only with consent where required). Tool currently used: Google Analytics 4 (GA4). GA4 retention: typically 2 or 14 months for event/user‑level data (configurable). You can manage choices via the banner and yourbrowser/device settings.
Overview
The entity contracting with partners and users is:
Effective date: 10 September 2025
Controller: Israel Works Ltd. (Company no. 516259774)
Registered address: Herzl Street 1, Tel Aviv-Yafo, Israel
Contact: info@rafo-b.io
Group disclosure: raf-b.il is part of ISR WORKS HONGKONG LIMITED; all rights reserved. This notice explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, where we transfer it, your rights, and how to contact us or a regulator. It is designed to satisfy GDPR/UK GDPR transparency duties (Articles 13–14).
Who we are & roles
Israel Works Ltd. is generally the controller for the processing described here. We use service providers as processors. For regulated financial features, some partners that power our Banking‑as‑a‑Service functions (e.g., Airwallex) may act as independent controllers for their own regulated obligations (KYC/AML, fraud prevention, network compliance).
Data we collect
Identifiers/contact (name, email, phone, address, date of birth); account credentials.
Government/KYC data (ID/passport, residency/tax ID, sanctions/PEP screening results where required).
Financial/transaction data (account/card details via secure partners; amounts, currency, timestamps, counterparties, merchant descriptors).
Device/usage (IP, device IDs, app/browser type, diagnostics/crash logs, pages and events).
Location data (IP-based or GPS if enabled).
Support & communications (calls/chats/emails and related metadata).
Marketing preferences and cookie/SDK choices; optional demographics/employment for business onboarding.
Sources: directly from you, automatically from your device/app, and from third parties (identity/KYC services, financial institutions, payment networks, analytics/advertising providers) where permitted by law.
Purposes & legal bases
Provide the services & support: create accounts, process payments/transfers/cards, show balances/activity, maintain your profile.
Bases: contract; legitimate interests.
Compliance & risk: KYC/AML/CFT, fraud monitoring, sanctions screening, recordkeeping, regulatory reporting.
Bases: legal obligation; substantial public interest where applicable.
Security & integrity: detect/prevent fraud/abuse; protect our apps and infrastructure.
Bases: legitimate interests; legal obligation.
Improvement & analytics: usage insights, performance, troubleshooting.
Bases: legitimate interests; consent where required.
Marketing & personalization: only as permitted; with opt‑out or consent as required.
Bases: consent where required; legitimate interests otherwise.
Legal claims & enforcement: exercise/defend claims, investigate misuse, enforce terms.
Cookies & similar technologies
We use cookies, SDKs, pixels, and local storage to operate the service, keep you signed in, measure usage, prevent fraud, and—where you allow—analyze and tailor content/ads. In the UK/EU, non‑essential cookies require prior, informed, active consent. You can manage choices via our banner and your browser/device settings. See our Cookie/SDK section below.
Sharing your information
Service providers (processors): hosting, security, analytics, communications, identity/KYC, payments, support—bound by contract and only per our instructions. Financial partners & payment networks: to issue cards, process payments, execute transfers, and comply with network rules/regulation (some act as independent controllers). Affiliates; regulators/authorities (where required by law); professional advisers under confidentiality; and with your direction/consent. We do not sell personal information. If we ever engage in “sharing” for cross‑context advertising under certain U.S. state laws, we will provide a clear opt‑out.
International transfers
For EU/EEA data, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). For UK data, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs. We assess transfer risks and apply supplementary measures where needed.
Retention
We retain data only as long as necessary for the purposes above and to meet legal obligations (including AML recordkeeping). Baselines: Identification & KYC/AML—7 years; Financial/transaction—7 years; Technical/security logs—24 months; Customer support—36 months; Marketing preferences—until opt‑out; Cookie/SDK data—per the Cookie/SDK section.
Your rights
EU/UK: rights of access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with a supervisory authority. Israel: rights under the Protection of Privacy Law, 5741–1981; oversight by the Israeli Privacy Protection Authority. To exercise rights, email info@rafo-b.io. We will verify your request and respond within applicable timelines.
Children’s privacy
Our services are not directed to children under the minimum age in their jurisdiction (e.g., 13 or 16). If we learn we collected such data, we will delete it.
Security
We implement administrative, technical, and physical safeguards proportional to the risks, including access controls, encryption in transit, vulnerability management, logging/monitoring, and employee training.
Automated decision‑making & profiling
We may use automated checks (e.g., fraud/risk signals, sanctions screening, device risk) to protect you and comply with law. Where required, we provide meaningful information about the logic involved, explain significance/consequences, and offer a way to request human review.
Third‑party links & SDKs
Our sites/apps may link to third‑party sites or integrate third‑party SDKs. Their privacy practices are their own; please review their policies.
Region‑specific notes
EU/EEA & UK: disclosures required by GDPR/UK GDPR Articles 13–14; cross‑border transfers rely on SCCs/UK IDTA or Addendum. Israel: processing complies with the Protection of Privacy Law, 5741–1981 and related guidance. United States: no separate U.S. state addendum at this time; we will publish one if activities expand.
Contact & changes
Contact: info@rafo-b.io | Postal: Privacy Team, Israel Works Ltd., Herzl Street 1, Tel Aviv‑Yafo, Israel. EU/UK representative & DPO: none appointed at this time. We will update this notice when needed and change the Effective date above; for significant changes, we will notify you in‑app or by email.
Cookie & SDK policy summary
Categories: (1) strictly necessary; (2) analytics & performance; (3) functionality; (4) marketing/measurement (used only if deployed, and only with consent where required). Tool currently used: Google Analytics 4 (GA4). GA4 retention: typically 2 or 14 months for event/user‑level data (configurable). You can manage choices via the banner and yourbrowser/device settings.