Privacy Policy
Last updated: June 12, 2026
How Rebates-On collects, uses, shares and protects personal data - and the privacy rights available to you.
Note: This Privacy Policy is provided for transparency. For personal data we process within the Rebates-On platform on a customer's behalf, see the Data Processing Agreement that forms part of that customer's subscription.
1. Who we are and the scope of this policy
This Privacy Policy explains how Above-IT International Technologies Ltd. ("Rebates-On," "we," "us"), an Israeli company located at 23 Hamelacha St., Rosh HaAyin 4809173, Israel, handles personal data.
It covers personal data we process in two distinct roles:
- As a controller - for visitors to our website (rebates-on.com), prospects, and the authorized users of our customers, where we decide why and how data is processed (for example, marketing, sales, account administration, and website analytics).
- As a processor - for personal data contained in a customer's account that we process on behalf of and under the instructions of that customer (our "Customer Data"). For that data, the customer is the controller; our processing is governed by the Data Processing Agreement (DPA) that forms part of the customer's subscription agreement. If you are an employee or contact of a Rebates-On customer and have questions about that data, please contact that customer (the controller).
2. The personal data we collect
As a controller, we may collect:
- Identity & contact data - name, business email, phone number, company name, job title/role, country.
- Account data - username and credentials, preferences, and role/permissions.
- Communications - messages, demo and contact-form submissions, support requests.
- Marketing data - subscription preferences and engagement with our emails.
- Usage & device data - IP address, browser/device information, pages viewed, and similar data collected automatically via cookies and analytics (see §6).
As a processor (Customer Data), a customer may upload or authorize us to process, as part of the Service, data that can include: the names and business contact details of the customer's employees; certification, specialization and competency records (which may include identifiers such as vendor "learner IDs"); and contacts within the customer's sales pipeline. We process this only to provide the Service per the customer's instructions and the DPA.
We do not intentionally collect special categories of personal data, and the Service is not intended for that purpose.
3. How we collect personal data
- Directly from you - when you fill in a form (e.g., Book a Demo, contact, newsletter), create an account, or contact us.
- Automatically - through cookies and similar technologies when you use the website (see §6).
- From our customers - when a customer provides or uploads data to its account.
- From vendor portals and sources, with authorization - where a customer authorizes us to retrieve their partner-program data (which may include limited personal data such as certified-employee records) to provide the Service.
4. Why we use personal data, and our legal bases (GDPR)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide and administer the website and the Service | Performance of a contract; legitimate interests |
| Respond to inquiries, demo requests and support | Legitimate interests; steps prior to a contract |
| Send marketing communications | Consent and/or legitimate interests (with opt-out) |
| Improve and secure our website and Service; analytics | Legitimate interests; consent for non-essential cookies |
| Comply with legal obligations | Legal obligation |
| Process Customer Data within the Service | On behalf of the customer (controller), per the DPA |
5. AI processing and data isolation
AI Processing and Data Isolation. The Service may use artificial intelligence and machine-assisted tools to analyze documents you upload, extract vendor requirements, highlight relevant information, and generate insights solely for your organization's use. All processing is performed exclusively for your account and for the purpose of providing and improving the Service.
Customer data — including commercial information, confidential documents, rebate records, and any personal data contained therein — is not used to train, fine-tune, or improve any generalized or foundation AI models, whether owned by Rebates-On or by third-party providers. Customer data is not pooled, aggregated, or shared across customers for machine-learning purposes.
Where third-party AI infrastructure is used, Rebates-On ensures that such providers process data only as a service provider under strict contractual controls, without rights to use customer data for model training or product improvement.
6. How we share personal data
We share personal data only as needed and with appropriate safeguards:
- Service providers / sub-processors - e.g., our cloud hosting and infrastructure providers, payment processing (Tranzila), email and CRM providers, and analytics providers. A current list of sub-processors is available on request.
- Professional advisors and authorities - where required by law, legal process, or to protect our rights.
- Business transfers - in connection with a merger, acquisition, or sale of assets, subject to this policy.
We do not sell your personal data, and we do not "share" it for cross-context behavioral advertising as those terms are defined under US state privacy laws.
7. Cookies and similar technologies
We use necessary cookies to operate the website and, with your consent where required, analytics and marketing cookies (including via Google Tag Manager). You can manage preferences through our cookie banner and your browser settings.
8. International data transfers
We are based in Israel, which the European Commission recognizes as providing an adequate level of data protection. Where personal data is transferred to other countries (for example, to a sub-processor), we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
9. Data retention
We retain personal data only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Customer Data is retained and deleted in accordance with the customer's instructions and the DPA.
10. How we protect personal data
We maintain administrative, technical, and organizational safeguards designed to protect personal data, including encryption in transit (HTTPS/TLS), access controls, and role-based permissions.
11. Your privacy rights
If you are in the EEA/UK (GDPR/UK GDPR), you have the right to: access; rectification; erasure; restriction of processing; data portability; objection to processing (including direct marketing); and to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority.
If you are a California resident (CCPA/CPRA), you have the right to: know/access the personal information we collect and how we use and disclose it; delete it; correct it; opt out of "sale"/"sharing" (note: we do not sell or share personal information for cross-context behavioral advertising); limit the use of sensitive personal information; and not receive discriminatory treatment for exercising your rights.
Other jurisdictions, including under Israel's Privacy Protection Law (as amended, effective 2025), may provide similar rights.
For personal data we process as a processor on a customer's behalf, please direct your request to that customer (the controller); we will assist them as required by the DPA.
12. How to exercise your rights
To exercise any right, contact us at [email protected]. We will respond within the timeframe required by applicable law (under GDPR, generally within one month, extendable for complex requests). We may need to verify your identity before fulfilling a request.
13. Children's privacy
The website and Service are intended for business users and are not directed to children under 18. We do not knowingly collect personal data from children.
14. Third-party links
Our website may link to third-party sites and vendor resources that we do not control. This policy does not apply to those sites; please review their privacy policies.
15. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version; we review the policy at least annually. Material changes will be communicated by posting a notice on this page or by email where appropriate.
16. Contact us
Above-IT International Technologies Ltd. · 23 Hamelacha St., Rosh HaAyin 4809173, Israel
Privacy inquiries: [email protected].
This Privacy Policy works alongside our Terms of Use. To learn more about the platform, visit the product overview.
