Privacy Policy

Last Updated: January 20, 2025
Effective Date: January 20, 2025

1. Introduction

Mine Marketing LTD ("we," "our," "us," or "Company") operates the website Insights-Daily.com and provides online courses in 3D printing and additive manufacturing (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with applicable privacy laws worldwide.

Our Commitment: We are committed to protecting your privacy and maintaining the highest standards of data protection across all jurisdictions where we operate or have users.

2. Company Information and Legal Basis

Legal Basis for Processing (GDPR Article 6):

• Consent (Article 6(1)(a)): Marketing communications, optional features
• Contract (Article 6(1)(b)): Course delivery, account management
• Legal Obligation (Article 6(1)(c)): Tax records, regulatory compliance
• Legitimate Interests (Article 6(1)(f)): Website analytics, fraud prevention, security

3. Information We Collect

3.1 Personal Information You Provide

• Account Information: Name, email address, username, password, profile photo
• Contact Information: Phone number, mailing address, billing address
• Educational Information: Course preferences, learning progress, completion certificates, grades, assessments
• Payment Information: Credit card details, billing information (processed by secure third-party payment processors)
• Communications: Messages sent through our platform, customer support inquiries, feedback
• Identity Verification: Age verification for COPPA compliance, government ID for certification programs

3.2 Information Collected Automatically

• Device Information: IP address, browser type and version, operating system, device identifiers, mobile network information
• Usage Data: Pages visited, time spent on pages, clicks, search queries, course interactions, learning patterns
• Location Information: General geographic location based on IP address
• Technical Data: Browser fingerprinting data, screen resolution, time zone, language preferences

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies as managed by our InMobi Consent Management Platform (CMP). Categories include:

• Essential Cookies: Required for website functionality, account login, security
• Performance Cookies: Website analytics and optimization
• Functional Cookies: Enhanced features, preferences, personalization
• Marketing Cookies: Advertising, remarketing, cross-site tracking

Third-Party Analytics and Advertising:

Google Analytics 4:

• Tracks website usage, course engagement, conversion events
• Demographics and interests reporting when consent provided
• Enhanced ecommerce tracking for course purchases
• Data retention: 14 months (configurable)
• Consent Mode v2 implemented for EU compliance

Google Ads:

• Conversion tracking and attribution
• Remarketing to website visitors
• Custom audience creation
• Enhanced conversions for better attribution
• Cross-device tracking capabilities

Facebook Pixel:

• Tracks website events and conversions
• Custom audience creation from website visitors
• Lookalike audience generation
• Cross-device tracking and attribution
• Conversion API for enhanced data accuracy

3.4 Information from Third Parties

• Social Media: Profile information when you connect social accounts
• Payment Processors: Transaction verification and fraud detection data
• Educational Partners: Institution affiliations, prior certifications
• Marketing Partners: Lead generation data, referral information

4. How We Use Your Information

4.1 Primary Purposes

• Service Delivery: Providing courses, managing accounts, processing payments, issuing certificates
• Communication: Course updates, technical support, important notices, newsletters
• Personalization: Customizing course recommendations, learning paths, content
• Analytics: Understanding platform usage, improving course quality, optimizing user experience
• Security: Fraud prevention, account protection, platform security monitoring
• Legal Compliance: Meeting regulatory requirements, responding to legal requests

4.2 Marketing and Advertising

• Email Marketing: Course promotions, educational content, company updates (with consent)
• Targeted Advertising: Personalized ads across websites and social media platforms
• Remarketing: Re-engaging visitors who showed interest in our courses
• Affiliate Marketing: Partner referral programs and commission tracking

4.3 Educational Record Keeping

• Certification Records: Maintaining permanent records of completed courses and certifications for verification purposes
• Academic Progress: Tracking learning progress for educational effectiveness
• Institutional Reporting: Providing progress reports to affiliated educational institutions (with appropriate agreements)

5. Information Sharing and Disclosure

5.1 Service Providers and Business Partners

We share information with trusted third parties who provide services on our behalf:

• Payment Processors: Stripe, PayPal, and other secure payment platforms
• Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform
• Email Services: Mailchimp, SendGrid for transactional and marketing emails
• Customer Support: Zendesk, Intercom for helpdesk services
• Analytics Providers: Google Analytics, Hotjar, Mixpanel
• Educational Partners: Accredited institutions for certification verification
• Marketing Platforms: Google Ads, Facebook Ads, LinkedIn Marketing

5.2 Legal Requirements and Protection

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of our company, users, or others
• Investigate fraud, security issues, or technical problems
• Respond to emergency situations involving danger to health or safety

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity or successor company.

5.4 Consent-Based Sharing

We may share information with your explicit consent for specific purposes not covered by this policy.

6. International Data Transfers

6.1 Cross-Border Data Processing

Your information may be transferred to and processed in countries other than your own, including:

• United States: For cloud hosting, analytics, and advertising services
• European Union: For EU-based services and compliance
• Other Countries: Where our service providers operate

6.2 Transfer Safeguards

We ensure adequate protection for international transfers through:

• EU Adequacy Decisions: Transfers to countries with adequate data protection (Israel has EU adequacy status)
• Standard Contractual Clauses: EU-approved data transfer agreements
• EU-US Data Privacy Framework: For certified US organizations
• Binding Corporate Rules: Internal transfer frameworks where applicable
• Explicit Consent: Your consent for specific transfers when legally required

6.3 Israeli Data Transfers

As an Israeli company, we benefit from the EU-Israel adequacy decision. However, we implement additional safeguards for transfers to countries without adequacy status, including standard contractual clauses and ongoing adequacy assessments.

7. Your Privacy Rights

7.1 Universal Rights

Regardless of your location, you have the right to:

• Access: Request information about how we process your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal limitations)
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent for consent-based processing

7.2 GDPR Rights (EU/EEA/UK Residents)

Under the General Data Protection Regulation, you also have:

• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Automated Decision-Making: Right not to be subject to solely automated decisions
• Supervisory Authority: Right to lodge complaints with data protection authorities

7.3 CCPA/CPRA Rights (California Residents)

Under California privacy laws, you have the right to:

• Know: Categories and specific pieces of personal information collected
• Delete: Request deletion of personal information
• Opt-Out: Opt out of sale/sharing of personal information
• Correct: Request correction of inaccurate personal information
• Limit: Limit use and disclosure of sensitive personal information
• Non-Discrimination: Equal service regardless of privacy rights exercise

California Shine the Light: You may request information about third-party disclosures for direct marketing purposes.

7.4 Other US State Rights

Residents of the following states have additional rights under applicable laws:

• Virginia (VCDPA): Consumer rights similar to GDPR
• Colorado (CPA): Enhanced data subject rights and opt-out mechanisms
• Connecticut (CTDPA): Comprehensive privacy rights
• Utah (UCPA): Access, deletion, and opt-out rights
• Texas (TDPSA): Broad privacy rights without revenue thresholds
• Iowa, Tennessee: Rights under new 2025 laws
• Future States: Indiana, Delaware, New Hampshire, Nebraska, Kentucky, Maryland, Minnesota, Rhode Island, New Jersey (2025-2026)

7.5 Israeli Privacy Rights

Under Israeli Privacy Protection Law (including Amendment 13, effective August 2025):

• Access and Correction: Right to access and correct personal data
• Deletion: Right to request deletion under certain circumstances
• Processing Limitation: Right to restrict processing
• Data Transfer Information: Right to know about international transfers
• Compensation: Right to compensation for privacy violations

7.6 Other International Rights

• UK GDPR: Similar rights to EU GDPR for UK residents
• Canadian Privacy Laws: Access, correction, and withdrawal rights under PIPEDA and provincial laws
• Brazilian LGPD: Comprehensive data subject rights
• Australian Privacy Act: Access, correction, and complaint rights

7.7 Exercising Your Rights

To exercise your privacy rights:

Primary Contact:

• Email: support@Insights-Daily.com
• Subject Line: "Privacy Rights Request"

Identity Verification: We may require identity verification to process requests and protect against fraud.

Response Timeframes:

• GDPR: 30 days (extendable to 60 days for complex requests)
• CCPA: 45 days (extendable to 90 days)
• Other Laws: As required by applicable legislation

Appeal Process: If unsatisfied with our response, you may appeal to relevant supervisory authorities or regulators in your jurisdiction.

8. Children's Privacy and Educational Compliance

8.1 COPPA Compliance (Under 13)

We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware of such collection, we will delete the information promptly.

For Educational Use: Schools may provide consent for educational purposes only, with no commercial use of student data permitted.

8.2 Enhanced Protection for Minors (13-16)

For users between 13-16, we implement enhanced protections:

• Simplified Privacy Notices: Age-appropriate language and explanations
• Limited Data Collection: Minimized data processing for this age group
• Parental Notification: Where required by local law
• Restricted Marketing: Limited marketing communications

8.3 FERPA Considerations

When our courses create "educational records" under FERPA:

• Educational Purpose Limitation: Data used only for legitimate educational purposes
• School Official Exception: Operating under direct institutional control where applicable
• Directory Information: Clear policies on what constitutes directory information
• Consent Requirements: Explicit consent for non-educational uses

8.4 Student Data Commitments

We commit to:

• Educational Purpose: Using student data only for educational services
• No Advertising: Not using student data for targeted advertising
• Data Minimization: Collecting only data necessary for educational purposes
• Secure Deletion: Deleting student data when no longer needed for educational purposes

9. Data Security and Breach Notification

9.1 Security Measures

We implement comprehensive security measures including:

Technical Safeguards:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication, role-based access, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Regular Updates: Automatic security patches and vulnerability management

Organizational Safeguards:

• Employee Training: Regular privacy and security awareness training
• Background Checks: Security screening for personnel with data access
• Incident Response: Documented procedures for security incident management
• Vendor Management: Security assessments for all third-party processors

Physical Safeguards:

• Data Centers: SOC 2 certified facilities with biometric access controls
• Device Security: Encrypted laptops, secure workstations, remote work policies

9.2 Data Breach Notification

In the event of a data breach, we will:

Regulatory Notification:

• EU/UK: Notify supervisory authorities within 72 hours if high risk
• Israel: Notify Privacy Protection Authority as required by Amendment 13
• US States: Notify attorneys general as required by state breach laws
• Other Jurisdictions: Comply with local notification requirements

Individual Notification:

• High Risk: Notify affected individuals without undue delay
• Content: Description of breach, likely consequences, mitigation measures
• Method: Email, website notice, or other appropriate communication
• Languages: Notifications in primary languages of affected users

9.3 Incident Response Process

• Detection and Assessment: Immediate breach identification and risk assessment
• Containment: Immediate steps to contain and minimize impact
• Investigation: Forensic analysis to determine scope and cause
• Notification: Timely notifications to authorities and individuals
• Remediation: Corrective actions and preventive measures
• Documentation: Comprehensive incident documentation for regulatory compliance

10. Data Retention and Deletion

10.1 Retention Principles

We retain personal information only as long as necessary for:

• Service Provision: Active account maintenance and course delivery
• Legal Compliance: Meeting regulatory and tax obligations
• Legitimate Business Purposes: Security, fraud prevention, legal claims

10.2 Specific Retention Periods

Account and Course Data:

• Active Accounts: Duration of account plus 3 years
• Closed Accounts: 1 year after closure (unless legal obligation requires longer)
• Course Records: 7 years for certification verification and compliance
• Assessment Data: 10 years for educational accreditation purposes

Communication Records:

• Customer Support: 3 years after resolution
• Marketing Communications: Until consent withdrawn plus 1 year
• Legal Communications: 7 years or as required by legal proceedings

Technical and Security Data:

• Log Files: 90 days for security monitoring
• Backup Data: 1 year with automatic deletion
• Security Incident Records: 7 years for incident analysis

Financial Records:

• Payment Information: 7 years for tax and regulatory compliance
• Transaction Records: 10 years for audit and legal requirements

10.3 Automated Deletion

We implement automated deletion systems to ensure timely data removal:

• Scheduled Reviews: Quarterly assessments of retention requirements
• Automated Purging: System-driven deletion of expired data
• Manual Review: Human oversight for complex retention decisions

10.4 Secure Deletion

When deleting data, we ensure:

• Complete Removal: Data deleted from all systems and backups
• Verification: Confirmation of successful deletion
• Third-Party Notification: Instructing processors to delete shared data
• Documentation: Records of deletion for compliance auditing

11. Cookies and Tracking Technologies

11.1 Cookie Management Platform

We use InMobi Consent Management Platform (CMP) to manage your cookie preferences and ensure compliance with applicable laws including:

• GDPR and ePrivacy Directive (EU/EEA)
• UK GDPR and PECR (United Kingdom)
• CalOPPA (California)
• Other applicable cookie laws worldwide

11.2 Cookie Categories and Purposes

Essential Cookies (Always Active):

• Authentication: Maintaining login sessions
• Security: CSRF protection, fraud prevention
• Functionality: Shopping cart, language preferences
• Load Balancing: Distributing traffic across servers

Performance Cookies (Opt-in Required):

• Google Analytics: Website usage analysis, user behavior tracking
• Performance Monitoring: Page load times, error tracking
• A/B Testing: Feature optimization and user experience testing

Functional Cookies (Opt-in Required):

• Personalization: Customized content and recommendations
• Preferences: Saved settings and user choices
• Chat Support: Live chat functionality and history

Marketing Cookies (Opt-in Required):

• Google Ads: Conversion tracking, remarketing, audience building
• Facebook Pixel: Conversion tracking, custom audiences, attribution
• Cross-Site Tracking: Multi-platform advertising coordination

11.3 Third-Party Cookie Providers

Google Services:

• Analytics: Google Analytics 4 with Consent Mode v2
• Advertising: Google Ads, DoubleClick, YouTube embedded content
• Other Services: Google Fonts, Google Maps, reCAPTCHA

Facebook/Meta Services:

• Facebook Pixel: Conversion tracking and audience building
• Facebook Login: Social authentication (when used)
• Instagram: Embedded content and advertising

Other Third Parties:

• Payment Processors: Stripe, PayPal for secure payment processing
• Content Delivery: CloudFlare for performance and security
• Customer Support: Zendesk, Intercom for helpdesk functionality

11.4 Cookie Control and Withdrawal

Managing Preferences:

• CMP Interface: InMobi consent manager for granular control
• Browser Settings: Native browser cookie controls
• Opt-Out Links: Direct links to third-party opt-out mechanisms
• Account Settings: User dashboard for marketing preferences

Global Privacy Control (GPC): We honor Global Privacy Control signals where legally required, automatically opting you out of data sales and sharing.

Do Not Track: While we honor GPC signals, traditional Do Not Track signals lack industry consensus on implementation.

12. Marketing and Communications

12.1 Email Marketing

Types of Communications:

• Transactional: Order confirmations, course updates, account notifications
• Educational: Course-related content, learning resources, tips
• Promotional: New course announcements, special offers, company updates
• Administrative: Policy changes, important notices, security alerts

Consent and Opt-Out:

• Explicit Consent: Required for promotional communications
• Easy Unsubscribe: One-click unsubscribe in all marketing emails
• Granular Preferences: Choose specific types of communications
• Opt-Out Honor: Immediate processing of unsubscribe requests

12.2 Social Media and Advertising

Platforms Used:

• Facebook/Instagram: Course promotion, community building
• LinkedIn: Professional networking, B2B marketing
• YouTube: Educational content, course previews
• Google Ads: Search and display advertising

Targeted Advertising:

• Custom Audiences: Based on website visitors and customer lists
• Lookalike Audiences: Finding similar potential customers
• Retargeting: Re-engaging previous website visitors
• Interest-Based: Targeting based on declared interests and behaviors

12.3 Affiliate and Partner Marketing

• Referral Programs: Tracking and attribution for referral partnerships
• Affiliate Networks: Commission-based marketing partnerships
• Educational Partnerships: Collaborations with institutions and organizations
• Cross-Promotion: Marketing partnerships with complementary services

13. Third-Party Services and Integrations

13.1 Educational Technology Partners

• Learning Management Systems: Integration with institutional LMS platforms
• Certification Bodies: Verification and accreditation partnerships
• Assessment Platforms: Third-party testing and evaluation services
• Content Delivery Networks: Optimized course content distribution

13.2 Payment and Financial Services

• Payment Processors: Stripe, PayPal, and other secure payment platforms
• Fraud Detection: Advanced fraud prevention and risk assessment
• Currency Conversion: Real-time exchange rate and conversion services
• Tax Calculation: Automated tax computation for global transactions

13.3 Customer Support and Communication

• Helpdesk Software: Zendesk, Intercom for customer support ticketing
• Live Chat: Real-time customer assistance platforms
• Communication APIs: Twilio for SMS and voice communications
• Video Conferencing: Zoom, Google Meet for live instruction sessions

13.4 Analytics and Business Intelligence

• Web Analytics: Google Analytics, Adobe Analytics for comprehensive tracking
• User Behavior: Hotjar, FullStory for session recording and heatmaps
• Business Intelligence: Tableau, Power BI for data analysis and reporting
• A/B Testing: Optimizely, Google Optimize for feature testing

14. Special Categories of Data

14.1 Sensitive Personal Information

We may process sensitive personal information in limited circumstances:

Educational Records:

• Learning Disabilities: Accommodations and accessibility requirements
• Academic Performance: Grades, assessments, and progress tracking
• Disciplinary Records: Academic integrity and conduct issues

Demographic Information:

• Age: For COPPA compliance and age-appropriate content
• Location: For content localization and legal compliance
• Language: For accessibility and user experience

Financial Information:

• Payment Data: Processed by certified PCI-DSS compliant processors
• Billing Information: Encrypted and stored securely
• Tax Documentation: For compliance with international tax laws

14.2 Biometric Information

We do not collect biometric information such as fingerprints, voiceprints, or facial recognition data.

14.3 Health Information

We do not intentionally collect health information. If such information is inadvertently provided, we will:

• Minimize Processing: Limit use to essential purposes only
• Enhanced Security: Apply additional security measures
• Limited Retention: Delete when no longer necessary
• User Notification: Inform users of inadvertent collection

15. Automated Decision-Making and Profiling

15.1 Automated Processing

We use automated processing for:

Course Recommendations:

• Algorithm: Machine learning models analyze learning patterns
• Purpose: Suggest relevant courses and learning paths
• Human Oversight: Regular review and adjustment of recommendations
• Opt-Out: Users can disable personalized recommendations

Fraud Detection:

• Risk Assessment: Automated analysis of transaction patterns
• Purpose: Prevent fraudulent activities and protect users
• Human Review: All high-risk transactions reviewed manually
• Appeal Process: Users can contest fraud determinations

Content Personalization:

• User Profiling: Analysis of preferences and behavior
• Purpose: Customize learning experience and content delivery
• Transparency: Users can view and modify profile information
• Control: Granular privacy settings for personalization features

15.2 Right to Human Review

You have the right to:

• Human Intervention: Request human review of automated decisions
• Explanation: Receive information about decision-making logic
• Contest: Challenge automated decisions affecting you
• Opt-Out: Refuse automated decision-making where legally permitted

16. Compliance and Governance

16.1 Privacy Governance Framework

Data Protection Impact Assessments (DPIA):

• High-Risk Processing: Mandatory assessments for high-risk data processing
• Regular Reviews: Annual DPIA updates and reassessments
• Stakeholder Consultation: Input from users and supervisory authorities where required

Privacy by Design:

• Default Settings: Privacy-protective defaults for all new features
• Minimization: Collecting only necessary data for specified purposes
• Transparency: Clear and accessible privacy information
• User Control: Meaningful choices about data processing

16.2 Regulatory Compliance

Multi-Jurisdictional Compliance:

• Regular Updates: Monitoring changes in privacy laws globally
• Legal Reviews: Annual legal compliance assessments
• Training Programs: Regular staff training on privacy requirements
• Vendor Management: Ensuring processor compliance with applicable laws

Supervisory Authority Cooperation:

• Responsive Communication: Timely responses to regulatory inquiries
• Proactive Reporting: Voluntary reporting of significant privacy issues
• Compliance Documentation: Maintaining comprehensive compliance records

16.3 Privacy Audits and Assessments

Internal Audits:

• Quarterly Reviews: Regular assessment of privacy practices
• Risk Assessments: Ongoing evaluation of privacy risks
• Compliance Monitoring: Continuous monitoring of regulatory compliance

External Audits:

• Annual Assessments: Independent privacy compliance audits
• Certification Programs: ISO 27001, SOC 2, and other relevant certifications
• Penetration Testing: Regular security and privacy vulnerability testing

17. Updates to This Privacy Policy

17.1 Policy Changes

We may update this Privacy Policy to reflect:

• Legal Changes: New or modified privacy laws and regulations
• Service Updates: Changes to our services or data processing practices
• Security Enhancements: Improvements to our security and privacy measures
• User Feedback: Responses to user concerns and requests for clarification

17.2 Notification of Changes

Material Changes:

• Email Notification: Direct notification to registered users
• Website Banner: Prominent notice on our website
• Account Dashboard: Notification in user account interface
• Consent Re-collection: New consent for material changes where required

Non-Material Changes:

• Website Posting: Updated policy posted with new effective date
• Version Control: Clear indication of changes made
• Archive Access: Previous versions available for reference

17.3 Continued Use

Continued use of our services after policy updates constitutes acceptance of the changes, unless additional consent is required by applicable law.

18. Contact Information and Data Protection Officers

18.1 Primary Contact

18.3 Supervisory Authority Contacts

Israel Privacy Protection Authority:
Website: www.gov.il/en/departments/about/about_ppa
Email: support@Insights-Daily.com

EU Supervisory Authorities: Contact information available at edpb.europa.eu

US State Attorneys General: Contact information varies by state – see respective state websites

19. Definitions and Legal Framework

19.1 Key Definitions

• Personal Data/Personal Information: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
• Data Controller: The entity that determines the purposes and means of processing personal data.
• Data Processor: An entity that processes personal data on behalf of a controller.
• Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing.
• Sensitive Personal Information: Data revealing racial/ethnic origin, political opinions, religious beliefs, health information, biometric data, or similar categories requiring enhanced protection.

19.2 Applicable Legal Frameworks

This Privacy Policy complies with:

International Laws:

• EU General Data Protection Regulation (GDPR)
• UK Data Protection Act 2018 and UK GDPR
• Israeli Privacy Protection Law (including Amendment 13)

US Federal Laws:

• Children's Online Privacy Protection Act (COPPA)
• Family Educational Rights and Privacy Act (FERPA)
• California Online Privacy Protection Act (CalOPPA)

US State Laws:

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• Texas Data Privacy and Security Act (TDPSA)
• [Additional state laws as applicable]

Other Jurisdictions:

• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
• Brazilian Lei Geral de Proteção de Dados (LGPD)
• Australian Privacy Act 1988
• [Other applicable laws based on user locations]

---

Last Updated: January 20, 2025
Version: 1.0
Document ID: PP-2025-001

For questions about this Privacy Policy, please contact us at support@Insights-Daily.com.