PRIVACY POLICY esh Bank Israel Ltd
1. General
1.1. We, esh Bank Israel Ltd., company number 515666675 (“the Bank” or “we”) thank you (“you” or “user”) for choosing to use our website https://www.esh.com (“Our Website”) and our application (“Our Application”), which are operated by the Bank or by any party on its behalf for the Bank, our customer service center and our services (jointly: “Our Services”).
1.2. This privacy policy (“This Privacy Policy”) describes, inter alia, how we collect personal information, including highly sensitive information, the type of personal information being collected, how personal information is used, the third parties with whom we share personal information and your rights as the data subject. Please note: different rules may apply to specific services and/or applications that might publish their own privacy policies regarding use of personal information to be collected by that application.
1.3. In this Privacy Policy, “data processing or use” means any action being performed in relation to personal information, including receipt, collection, storage, copying, perusal, disclosure, exposure, enabling access, transfer, delivery (“processing”).
1.4. We ask that you read This Privacy Policy carefully before you use Our Services. This Privacy Policy constitutes an integral part of Our Terms of Use, which may be perused in Our Application (“Our Terms of Use”).
1.5. The fact that you download, register for, log into, access, enter or use Our Services constitutes your consent to the conditions specified in This Privacy Policy. If you do not agree to the terms of Our Privacy Policy, you are not authorized to access or use Our Services.
1.6. The division of This Privacy Policy into clauses and clause headings is solely for the sake of convenience and they may not be used for interpretation purposes. This Privacy Policy uses the masculine gender but is intended for all genders.
1.7. Terms not defined in This Privacy Policy shall have the definitions ascribed to them in our Terms of Use or in the Israeli Privacy Protection Law of 1981 (“the Privacy Protection Law”) and its regulations.
2. What type of information might we collect about you?
2.1. Use of Our Services includes the collection of information that identifies you or that could identify you personally, whether directly or indirectly, through reasonable means, including information that is “personal information” or “highly sensitive information,” as these terms are defined in the Privacy Protection Law (“personal information”).
Some personal information that you will provide is required by law in order for us to provide Our Services, such as: full name, ID number, address, cell phone number, email address, tax residency. You are under no statutory obligation to provide information to us beyond this type of information. Therefore, if you provide additional information to us beyond the aforesaid, we clarify that you do so out of your own free will and consent. Please note: refusal to provide personal information that is essential in order to provide Our Services will result in our being unable to provide services to you, whether fully or partially. When you opt to provide personal information to us about you, you must furnish truthful, reliable and accurate information. If you also provide personal information about third parties to us, you declare that you obtained their consent to share this personal information with us for the purposes specified in This Privacy Policy, and that you informed those third parties about the provisions of This Privacy Policy.
When you use Our Services, we may collect, generate and process one or more of the types of personal information about you that are specified hereunder.
2.2. Personal information that we collect directly from you
2.2.1. Registration and opening of an account: personal information will be collected from the details that you provide when you open an account through Our Application, which includes, inter alia, full name, date of birth, telephone number, ID no., address, email address, place of residence, marital status, documents that you scan and upload to Our Application, such as ID card, etc.
2.2.2. “Know Your Customer” procedure: under particular circumstances and according to the applicable statutory requirements, you will be required to complete a “Know Your Customer” (KYC) procedure, which will require you to provide additional information, including, inter alia, information and disclosures about the purpose for opening the account, background about you, your expected volume of activities in the account, a photocopy of your ID or passport, sources of income, and more. This procedure may entail authenticating your identity using your device’s video camera, subject to your issuing camera and microphone access authorizations to us (see clause 5 hereunder). Please note: we will be unable to complete this KYC procedure if you do not issue these access authorizations to us.
2.2.3. Information about use of Our Services: we will collect personal information about you that you provide to us during your use of Our Services and/or during the engagement between us (operations that you perform, instructions and notifications that you issue, including requests for technical assistance, the provision of feedback and responses to surveys, etc.) and, inter alia, information that you might provide during your correspondence with us through Our Application, via email, by telephone or through any other means of communication. Personal information about you, such as name and telephone number, may be locally stored in the device you use to use Our Application, in a secure and encrypted manner.
2.3. Personal Information that we might generate about you
When you use Our Services, the personal information that we collect about you (such as transactions that you executed or instructions that you issued) is processed, both manually and using computerized and automated tools, so that we can develop new products and glean insights that will enable us to provide professional and personalized advice to you, to improve your user experience and to offer new products to you (subject to any law).
2.4. Personal information that third parties provide to us
We will also collect personal information about you from other sources, which include government bodies (such as the Population and Immigration Authority), a credit database and other external databases, which may, inter alia, help us to authenticate your identity for the purpose of complying with the regulations applying to us. We might also receive personal information from third parties about your assets in the Bank, such as attachment orders, orders from competent authorities, the Bank of Israel, etc.
2.5. Information collected using technology
2.5.1. GPS data: when you use Our Application, we collect and process data about your geographic location, including by analyzing IP addresses and other similar information, in order to ascertain your location, for security purposes and analytical use of information.
2.5.2. Recordings of conversations: we retain recordings of telephone conversations and video conference calls with our customer service center for the purposes of documentation and improving our service.
2.5.3. Identification and authentication: we use facial recognition technologies (using a third-party supplier’s tool) in order to compare the photographs that you upload to Our Application against other documents (such as an ID) for the purpose of visual identification and authentication. We retain some photographs in the Bank’s systems.
2.5.4. Technical and behavioral information: when you access or use Our Services, we collect information automatically and passively from your device, including: (a) technical information, such as the type and version of your device and its operating system, device model, version of Our Application, type of browser, screen resolution, keyboard language, Wi-Fi connections, etc.; and (b) technical information and information that we collect about your behavior, which might include, inter alia, documentation of your activities in Our Application, such as how much time you spend on particular pages, and additional information of a similar nature (jointly: “technical information”).
2.5.5. Identifiers: when you use Our Services, you automatically provide your IP address to us and, in particular instances, also your unique device identifier number, as the case may be, or other identifiers depending upon the network or device that you are using, including the version of Our Application. We collect this information in order to improve your user experience and for security purposes.
2.5.6. Statistics and measurements: we, either by ourselves or through external service-providers, such as Google Analytics, may perform detailed measurements and statistical analyses of your use of Our Website and Our Application, and generally, of landing pages and Our Services.
We might generate cumulative or anonymous or statistical data from personal information that you provided or that we generated during your use of Our Services. We use such information to identify trends and analyze data in order to improve the content and services that we offer and third-party products and services that we use, to improve the service experience and for other statistical purposes.
3. How do we use information about you?
We use the information that we collect about you and the information that you provide to us in order to enable us to provide Our Services to you and to operate Our Website and Our Application. We will use information about you for the purposes for which we collected the information and as specified in This Privacy Policy.
3.1. Technical information
We use technical information::
3.1.1. in order to understand how users use Our Products and Services and in order to adapt, develop and improve Our Products and Services, as well as those of third parties that we use;
3.1.2. in order to manage and operate Our Website and Our Application, including for the purposes of resolving malfunctions, for security, fraud-prevention, data analysis, testing, research and statistical purposes, and in order to improve the user experience.
3.2. Personal information
We use personal information about you:
3.2.1. in order to provide and customize products and services for you, including for the purposes of decision-making in relation to credit and updating the Bank’s internal models;
3.2.2. in order to verify your particulars and authenticate your identity and for the purpose of completing KYC procedures;
3.2.3. in order to detect, prevent or otherwise handle scams, fraud, abuse or other illegal actions; or in order to comply with the statutory requirements and regulatory obligations pertaining to consumer security, data security and technical problems, including in relation to legal proceedings, orders from authorities, etc.;
3.2.4. in order to manage and monitor your account;
3.2.5. in order to send service messages or operational messages to you about your account (such as via email or push notifications);
3.2.6. in order to conduct online surveys so that we can better understand your needs and how we can innovate and improve Our Products and Services;
3.2.7. in order to contact you, inter alia, for the purposes of providing technical support in relation to Our Products, Services, Application and Website;
3.2.8. in order to send you advertisements, newsletters and updates, new offers, news about Our Website, Application, Products and Services, etc., which are customized according to your preferences, including via email, SMS, social media and push notifications in conformity with any law;
3.2.9. in order to manage and operate Our Website and Our Application, including for the purposes of resolving problems and malfunctions and for security, data analysis, testing, research and statistical purposes;
3.2.10. in order to receive information about the general geographic location of the computer or device you use to connect to the internet when using Our Services, so that we can ascertain your general location, inter alia, for data security purposes;
3.2.11. in order to improve Our Application and Our Website and to improve the user experience, inter alia, based on cumulative and anonymized information that we generate;
3.2.12. in order to protect your rights, to clarify and resolve complaints and claims and in order to fulfill all statutory obligations applying to us.
4. Information-sharing with third parties
4.1. In order to provide Our Services to you and to operate Our Website and Our Application, to protect our legitimate interests and in order to fulfill the obligations imposed on us by law, we may, under particular instances, share personal information about you with third parties, as specified hereunder:
4.1.1. External service-providers: to collect, hold and manage your personal information through third-party providers of particular products or services (including, as the case may be, through their partners), solely for the purposes of providing services for us or of operating Our Website and Our Application (such as: cloud hosting and storage services, IT systems, acquiring, data analysis services, external customer service centers, advisors, including legal advisors and accountants, and additional outsourced services). Within this framework, the Bank can be expected to be required to also forward information to external databases through which examinations against lists are performed in order to prevent money laundering and the financing of terrorism, to any other party engaging in the provision of payment services, including other banks, credit card companies or issuers of other means of payment, acquirers, consortia and providers of payment services, or payment beneficiaries.
4.1.2. Compliance with statutory provisions and requirements of competent authorities: to comply with all statutory requirements, for the purposes of legal proceedings, orders, including disclosure orders or requests from government or regulatory authorities to which we are subject, and to manage claims, demands or complaints pertaining to the use of personal information or other claims, if any.
4.1.3. Enforcement of rights, and legal proceedings: to enforce This Privacy Policy or Our Terms of Use, including within the framework of an investigation of possible violations of This Privacy Policy or Our Terms of Use; for the purposes of disputes or legal proceedings that might be conducted between you or any party on your behalf and the Bank or any party on its behalf, or of legal proceedings between you and a third-party during which we are required to provide information; in order to comply with all statutory requirements and obligations; in response to a request from a regulatory or other authority or to a judicial order; or in any instance whereby the Bank shall believe that provision of the information is necessary in order to prevent serious damage to the Bank or to third parties, and to enable us to exercise rights to receive remedies or to mitigate our damages.
4.1.4. Fraud and consumer security: to detect, prevent or otherwise handle scams, fraud or data security and consumer security issues, and technical problems.
4.1.5. Protection of rights: to protect the rights, property or personal security of the Bank and its employees, of its customers or of the general public.
4.1.6. Related companies: for the purposes of risk management in the Bank Group, of executing the agreements between the related companies and of receiving services from companies related to the Bank.
4.1.7. Restructuring: within the framework of organizational or operational restructuring of the Bank (including in a situation whereby the Bank might reorganize its operations within the framework of another entity) or in any instance of an acquisition or merger transaction or of negotiations towards a transaction, we shall be entitled to forward your personal information or any other information accumulated about you to the other entity, provided that the other entity assumes the provisions of This Privacy Policy in relation to you or covenants to comply with suitable confidentiality and information protection provisions.
4.1.8. Data analyses and marketing: we might share information with companies assisting us in our advertising, sales promotion and marketing activities, or with analytics or search engine service-providers in order to help us improve and optimize Our Website and Our Application and process personal information within the context of the provision of such services.
4.1.9. Consent: in additional instances according to explicit authorization from you prior to the disclosure.
4.2. To dispel any doubt, the Bank may collect, disclose and forward technical information to third parties at its sole discretion.
4.3. Third parties that receive information about you might be located in countries where the laws protecting personal information provide different and sometimes inferior protection of personal information than the laws in effect in Israel.
5. Access authorizations
During your use of Our Application, you might be required to enable access authorizations to various applications in the device through which you use Our Application for the purposes of various relevant uses offered in Our Application that require access authorizations to that application, as the case may be, including, inter alia:
5.1. Access to your list of contacts – this authorization is requested so that you will be able to select recipients from the list of contacts in your device in order to execute user-initiated operations, including sharing.
5.2. Authorization to accept Our Application’s push notifications – this authorization is requested so that you can receive push notifications about updates, alerts and notices, and so that we can offer you products, services and benefits that you might be interested in receiving, based on your personal preferences or uses of Our Services or Our Application. We clarify in this regard that the Bank will be able to send such alerts to your device only when the alert service is activated in your device.
5.3. Access to geographic location – of the computer or device you use to connect to the internet when using Our Services, so that we can ascertain your location for data security purposes
5.4. Access to camera and microphone – this authorization is requested for the purposes of identification and authentication procedures, which are necessary in order for us to comply with the statutory obligations imposed on the Bank, or when you opt to share photos or voice files with the Bank through Our Application, insofar as required.
5.5. Access to photo gallery, storage and memory devices in your device – this authorization is requested insofar as you want to save screenshots of transactions or instructions, and so that you can choose photographs and files from your photo gallery and file folders for sending to the Bank through Our Application.
5.6. Access to read SMSs – in order to read the SMS code that we will send automatically to your device, if necessary.
5.7. ccess to an NFC link – for the purpose of executing payments at supporting merchants through your device.
5.8. Access to identification particulars / device identity – for the purpose of creating a unique identifier when registering for various services in Our Application, and for identification, authentication and security check purposes.
Please note: you are not obligated to issue all or a portion of the aforesaid access authorizations, and you may also, at any time, revoke any access authorization that you granted by changing the settings in your device. However, if you revoke or block authorizations, you will not be able to receive all services offered through Our Application.
6. Cookies
6.1. Our Website and Our Application might use various data storage technologies or software, such as pixels, web beacons, cookies, etc. (jointly: “cookies”) for the purposes of: automatic information collection and monitoring of your activities when visiting Our Website or Our Application, which are performed for the purposes of: verifying details; data security; ongoing operation of Our Services; analyzing statistical data about how you use Our Services and the actions you perform on Our Website or in Our Application; data segmentation and measurement; customizing of services, products, advertisements and marketing content according to preferences and your activity data, etc.
6.2. Cookies are text files that your browser creates according to an instruction from the computers of Our Website or Our Application. Some cookies will expire when you close the browser, while others are retained on the disc drive or in the end-device that you are using. Cookies can contain diverse information, such as the pages that you visited, how much time you spent on Our Website or Our Application, how you reached Our Website, information that you ask to see when you enter Our Website or Our Application, etc.
6.3. Google Analytics’ cookies are assimilated in Our Website and in Our Application. We use Google Analytics’ services in order to improve our Website and Our Application and to collect information about the use made of them. Google Analytics might install cookies in your device’s browser and read other cookies installed in it. Google Analytics might also have access to information about you through various applications installed in your device that operate in conjunction with Google. Google’s ability to view and share information that it collects when you browse various websites or use various applications is subject to Google’s privacy policy and terms of use, which you can view at: https://policies.google.com/technologies/partner-sites. In order to restrict data collection by Google Analytics, you may download and install a unique add-on to your browser, which is available to you at: https://tools.google.com/dlpage/gaoptout.
6.4. Most browsers enable you to opt out of accepting cookies. If you don’t know how to do this, check the help file of the browser that you are using in order to check the possibility of opting out of cookies. We clarify that blocking or restricting cookies might prevent you from accessing or using services or, in some instances, detract from your user experience.
7. Data subjects’ rights
7.1. Pursuant to the Privacy Protection Law, you are entitled to peruse personal information about you that is saved in the Bank’s databases and, in particular instances, you may request to correct or delete information, subject to exceptions. These rights are not absolute and, in particular instances, the Bank may be legally exempted from disclosing, correcting or deleting information.
7.2. Whenever you want to ask to peruse, correct or delete information, we will ask that you contact us through Our Website’s support page, or according to the contact details specified hereunder in clause 12, and provide the following details: name, telephone number, address, email address and the information that you want to peruse or that you want to correct or delete. If you want to enable another person to peruse the information for you, we will ask that you also attach an express power-of-attorney in this regard. We will take action to handle your request as soon as possible and, in any case, within the timeframe prescribed by law.
8. Data security
8.1. For the risks when using online services, for the Bank’s actions to secure your information and for your obligations to the Bank in the event of a data security incident, please see clauses 21-24 of the document “General Terms and Conditions for Account Management.”
9. Direct mail, advertisements and the sending of notifications
9.1. The Bank will make use of your contact details in order to inform you of the Bank’s Services and to send marketing and advertising information (including advertising messages pursuant to the Communications (Telecommunications and Broadcasting) Law of 1982)) (“the Communications Law”) and benefits to you, which will be forwarded to you via email, SMS, social media, push notifications or in any other online manner, in conformity with any law.
9.2. Pursuant to the Communications Law, you may opt out of receiving marketing messages at any time, by following the instructions for removing your name from the mailing list that are provided in notifications being sent to you, or by contacting us according to the details hereunder in clause 12.
10. Duration of information retention
We will save the personal information about you for the timeframe necessary in order to ensure the objectives specified in This Privacy Policy, unless a longer retention period is required or permitted by law.
We will continue to retain personal information in conformity with the law that we require in order to manage our businesses, including documentation of operations that you performed in relation to Our Services or for the purpose of continuing to provide Our Services in the future, and for the purpose of defense against lawsuits. Information contained in backup files might be retained for a longer timeframe in conformity with the Bank’s backup policy.
11. Changes in Our Privacy Policy
The Bank reserves the right to supplement, change, remove and replace all or a portion of the provisions of This Privacy Policy at any time at its discretion, without receiving your consent or notifying you in advance. Updates to This Privacy Policy as stated will be published in this document and will come into effect immediately upon the publication of our updated Privacy Policy on Our Website or in Our Application, as the case may be, apart from material changes, which will come into effect thirty (30) days after the updated Privacy Policy is published on Our Website or in Our Application, unless the change derives from a statutory or regulatory requirement, in which case, the change will come into effect on the date specified in that requirement. The binding version of Our Privacy Policy, which applies to the use of Our Services, is the version displayed from time to time on Our Website and in Our Application, with the date of the last update presented under the heading “Date of the Last Update” at the end of the policy document. Your continued use of Our Website, Our Application and of the Services offered in them after a change has been made as stated will constitute evidence of your acceptance of the changes. We recommend that you peruse the provisions of Our Privacy Policy every time that you revisit Our Website or Our Application.
12. Contacting the Bank
The controller of the database is esh Bank Israel Ltd. of 20 Haharash Street, Tel Aviv – Jaffa. You may contact us to ask to exercise your rights in relation to the personal information about you and to ask to remove your name from our marketing mailing lists through the chat option in our Application and through “contact us” on the Bank’s marketing website. You may also contact the Bank’s data protection officer if you have any questions about use of personal information about you or about This Privacy Protection Policy through “query about privacy” under the “contact us” tab on our marketing website.
Date of the Last Update: 21.8.25