top of page

DIDLUX – Privacy Policy
(Israeli Amendment 13 & EU GDPR)

Last Updated: 09 September 2025

DIDLUX ("we", "our", "us") respects the right to privacy as enshrined in Israeli Basic Law: Human Dignity and Liberty and the Privacy Protection Law, which prohibits infringing the privacy of others without consent. We also comply with the transparency and accountability principles of the EU/UK GDPR, which require that any processing of personal data be lawful, fair and transparent.

This Policy explains what personal data we collect, why we collect it, how we use and store it, your rights, and how you can contact us regarding your data.

1. Data We Collect

  • Call Detail Records (CDR): caller and recipient phone numbers, call start and end time, call duration, routing or technical logs.

  • Supplier and Partner Data: names, job titles, company names, business email addresses and phone numbers.

  • Financial Account Details: bank account or IBAN numbers as they appear in incoming transfers and occasionally on invoices/receipts, strictly for payment processing and record-keeping.

  • Technical Data: IP addresses and browser/device information collected through cookies or similar technologies when you visit our site.

​

We do not intentionally collect sensitive personal data (such as health or biometric data) and request that you do not provide such data.

​

2. Purpose and Legal Basis
We process data only when there is a lawful basis under Article 6 of the GDPR (legitimate interest, contract performance or legal obligation). Specifically:

  • Service Delivery: We use CDR to route calls, bill for usage, troubleshoot, and maintain service quality.

  • Business Operations: Supplier data is used to manage relationships, fulfil orders and administer contracts.

  • Compliance: We retain CDR to meet statutory obligations (e.g. telecommunications and privacy laws).

  • Security and Fraud Prevention: Data helps us detect fraud, ensure service integrity and protect our systems.

  • Communication: We may contact you regarding updates to services, contract terms or this Policy.

We only process personal data for the purposes listed above and do not use it for automated decision‑making or profiling.

​

3. Transparency and Accessibility
Our privacy notice follows UK government standards for GDPR compliance by being clear, concise and accessible. It contains key sections recommended by official guidelines: the identity of data controllers and processors, categories of data processed, purposes, legal bases, retention periods, sharing with third parties, your rights and contact information. We provide this notice free of charge and in plain language.

​

4. Data Retention

  • CDR: Stored securely for 12 months to handle billing, resolve disputes and comply with legal obligations, then deleted or anonymised unless a longer retention is required by law.

  • Supplier and Partner Data: Retained for the duration of our commercial relationship plus 7 years for record-keeping and compliance purposes.

  • Financial Account Details: Retained as part of invoice and payment records for as long as legally required under tax/accounting law (typically 7 years).

  • Data no longer needed is securely deleted or anonymised.

​

5. Data Sharing
We do not sell personal data. We may share limited information with:

  • Service Providers: Hosting, billing, security and analytics providers who act as processors under contractual duties of confidentiality and data security.

  • Regulators or Authorities: Where required by law (e.g. to comply with lawful requests from the Israeli Privacy Protection Authority or EU supervisory authorities).

  • International Transfers: If data is transferred outside Israel or the European Economic Area, we ensure appropriate safeguards such as Standard Contractual Clauses or other mechanisms recognized by the GDPR.

​

6. Data Security
We adopt appropriate technical and organisational measures (encryption, access controls, secure backups) to protect personal data. Only authorised personnel have access to CDR and supplier information. These measures align with our obligation under both Israeli law and GDPR to protect personal data from unauthorised access or disclosure.

​

7. Your Rights
You have the right to:

  • Access your personal data.

  • Request correction of inaccurate data.

  • Request deletion of your data (“Right to be Forgotten”) under certain conditions.

  • Object to processing or request restriction of processing.

  • Data portability (EU/UK GDPR).

  • File a complaint with the Israeli Privacy Protection Authority or your local EU supervisory authority.

​

8. Contact Us
Data Controller: DIDLUX (registered as a sole proprietor in Israel).
Contact Email: [email protected]
For questions about this policy, to exercise your rights, or to contact our Data Protection Officer (if appointed), please email us at the address above.

​

9. Changes to This Policy
We may update this policy to reflect changes in law (e.g. future guidance on Israel’s Amendment 13 or EU regulations). If we make material changes, we will post the updated policy and change the “Last Updated” date. We encourage you to review this notice periodically.

​
 

bottom of page