Last updated: April 28, 2026

1. General

1.1. Hadar Hasharon Marketing & Distribution Ltd., Company No. 513633362 (the "Company"), is a corporate entity operating in the importation, marketing, and wholesale distribution of consumer goods.

1.2. Within the framework of its business activities, the Company processes personal data concerning various categories of data subjects. The scope and categories of processed data vary by group, depending on the nature of the relationship and professional interest between the data subject and the Company.

1.3. The purpose of this privacy policy (the "Privacy Policy") is to outline the processing of personal data conducted by the Company regarding external entities*, including visitors to the Company's physical facilities, users of the Company's corporate website at hadar-hasharon.com (the "Website"), active and prospective clients, suppliers, contractors, and consultants, as well as the rights of data subjects concerning the personal data processed by the Company.

"Personal Data" refers to any information relating to an identified or identifiable natural person; "Processing" refers to any operation or set of operations performed on personal data, including the collection, recording, storage, replication, retrieval, disclosure, dissemination, transmission, or provision of access thereto.

1.4. Please review this Privacy Policy carefully prior to providing any personal data to the Company. Periodic reviews are recommended as this Privacy Policy may be updated from time to time (the effective date of the latest update is indicated in the header). If you do not agree to this Privacy Policy, please refrain from using the Website, contacting the Company, or engaging in business relations with it (including purchasing, leasing, visiting physical facilities, or providing commercial services to the Company). Providing personal data to the Company or engaging in any of the aforementioned activities signifies acceptance of this Privacy Policy.

1.5. In the event that the Company processes personal data in addition to the disclosures detailed herein, this Privacy Policy will be updated accordingly, or the Company will issue a specific privacy policy whose provisions, unless otherwise stated, shall supplement and be integrated into this document.

1.6. Clarification: (1) There is no statutory obligation to provide personal data to the Company, and any submission of personal data is entirely voluntary and subject to your consent. However, failure to provide requested information may restrict the Company's ability to supply commercial services, enter into agreements, or address your inquiries. (2) Do not provide personal information concerning other individuals without their explicit consent, both for the submission of the data and for the terms of this Privacy Policy. By submitting such information, you represent and warrant that you have obtained all necessary consents for the disclosure and processing of the data as detailed in this Privacy Policy, or that you are otherwise legally authorized to do so.

1.7. This Privacy Policy is drafted in the masculine singular for convenience only and is addressed equally to all genders.

2. Collection and Submission of Personal Data

2.1. The Company collects personal data concerning various categories of data subjects with whom it maintains business relations, including visitors to the Company's physical and digital assets, clients, prospective clients, contractors, suppliers, consultants, and inquiring parties.

2.2. The Company collects personal data from a variety of sources, including: public registers, authorized third parties (such as residential management companies or credit reporting agencies), the Website and other corporate digital assets, registration forms, commercial contracts, telephonic communication, formal correspondence (email, fax, postal mail), corporate meetings, and security surveillance systems.

2.3. Visitors to the Website and Other Digital Assets of the Company

2.3.1. Standard browsing of the Website does not require the submission of personal data.

2.3.2. During browsing sessions, certain technical automated data may be recorded by the web servers, such as the Internet Protocol (IP) address from which access is initiated.

2.3.3. Personal data may also be collected via cookies, as detailed in the appendix to this Privacy Policy.

2.4. Visitors to the Physical Facilities of the Company

2.4.1. Closed-circuit television (CCTV) security cameras are operated at the Company's offices and facilities for corporate security, asset protection, and safety purposes. Access to footage is strictly restricted to authorized personnel. Surveillance recordings are retained for a limited duration and managed in compliance with applicable law.

2.5. Clients and Prospective Clients

2.5.1. A prospective client is defined as any entity communicating with the Company or seeking to receive goods or services.

2.5.2. Where the client or prospective client is a corporate entity, the Company collects personal data regarding the client's corporate representative, which typically includes first and last name, professional title, business address, and contact details (telephone number and email address).

2.5.3. Personal data collected concerning individual clients and prospective clients (non-corporate) typically includes identity verification details (first and last name, national identification number), physical address, contact details (telephone number and email address), and, where applicable, financial solvency information subject to the client's consent (income details, outstanding loans, credit reports, etc.), as well as bank routing and account details for billing and payment processing.

2.6. Suppliers, Contractors, and Consultants

2.6.1. The personal data collected by the Company regarding corporate suppliers, contractors, and consultants consists of representative information, typically including first and last name, professional title, business address, and contact details (telephone number and email address). On occasion, professional credentials of personnel designated to perform services on behalf of the Company are also collected.

2.6.2. Where the supplier, contractor, or consultant operates as an individual (non-corporate), the Company also collects professional credentials (including relevant certifications and qualifications) and information required for payment processing and financial transactions (such as bank account details).

2.7. Inquiries and Communications

2.7.1. Subject to the nature of the communication channel and the subject-matter of the inquiry, contacting the Company via the Website, customer service desk, or other corporate communication channels (telephone, email, post) requires the provision of personal details.

2.7.2. Telephone communications initiated with the sales offices and the Company's customer support desk are recorded for the purposes specified in this policy.

2.7.3. Certain corporate communications may be conducted via automated chat systems (chatbots). Further details regarding the Company's utilization of artificial intelligence technologies are outlined in Section 3.3 of this Privacy Policy.

3. Purposes of Data Processing

3.1. The Company processes personal data for the following business purposes:

3.1.1. Providing client services and account management.

3.1.2. Addressing corporate inquiries and maintaining communication with external stakeholders (clients, prospective clients, suppliers, contractors, consultants, etc.).

3.1.3. Negotiating, drafting, executing, and enforcing commercial agreements (with clients, suppliers, contractors, consultants, and other business partners).

3.1.4. Business operations management, transaction assessment, corporate risk management, securing bank guarantees and collateral, debt collection, maintenance and monitoring of corporate facilities, quality control, and optimization of services.

3.1.5. Operating and maintaining the corporate Website.

3.1.6. Corporate promotions, advertising, and marketing of campaigns, products, and services offered by the Company, its affiliated corporate entities (including subsidiaries), and/or commercial partners with whom the Company maintains joint ventures, including through direct marketing and automated chatbots. For detail on the utilization of cookies, please refer to the appendix to this Privacy Policy.

3.1.7. Information security and cybersecurity management, including identity verification, threat prevention, and response to security incidents.

3.1.8. Safeguarding the physical safety of individuals and protecting the properties of third parties and the Company.

3.1.9. Compliance with statutory obligations, judicial orders, or administrative requests from competent regulatory and governmental authorities.

3.1.10. Enforcement of internal corporate policies, including this Privacy Policy.

3.1.11. Compilation of aggregated, statistical, or other anonymized data sets for corporate business intelligence.

3.1.12. Deployment of corporate artificial intelligence tools, including for client service optimization and marketing, as outlined in Section 3.3 below.

3.2. Commercial Communications

3.2.1. The Company may periodically dispatch corporate communications categorized as "commercial advertisements" (as defined under Section 30A of the Communications Law (Telecommunications and Broadcasting), 5742-1982), subject to compliance with statutory conditions (including obtaining explicit opt-in consent or utilising the customer exception pathway) and respecting the recipient's absolute right to opt out of such communications at any time.

3.2.2. Where the Company transmits promotional material via email, SMS, fax, or automated calling systems, you may exercise your right to withdraw consent at any time by contacting the Company via the communication channels outlined below or by following the opt-out instructions detailed within the body of any

commercial message. For the avoidance of doubt, such withdrawal does not restrict the Company's authority to transmit transactional, administrative, or account-specific service notifications.

3.3. Employment of Artificial Intelligence Tools

3.3.1. The Company may use AI-driven chatbots to optimize client interaction and extend support hours for active and prospective clients via the WhatsApp platform, as well as for commercial promotions and outbound notifications.

3.3.2. As a standard operating procedure, the deployment of artificial intelligence workflows within the Company is conducted following algorithm training, system performance validation, and the execution of preliminary and ongoing quality controls, ensuring compliance with standards of fairness, operational transparency, efficiency, confidentiality, and information security, aligned with the operational risk profile.

3.3.3. Information security measures include technical, organizational, and administrative controls deployed to prevent unauthorized access, loss, data breaches, or unlawful transmission of personal data, in strict accordance with the principles of purpose limitation and data minimization.

3.3.4. Where applicable law mandates a separate, explicit consent for specific AI-related processing activities, the Company shall ensure full compliance with such statutory requirements.

3.3.5. Where applicable regulations govern the provision of an opt-out mechanism for data subjects regarding the processing of personal data within AI systems, the Company shall honor such provisions and notify data subjects of their rights.

3.3.6. Should the Company seek to process personal data within artificial intelligence systems for purposes beyond those disclosed herein, and where statutory framework requires explicit consent or alternative compliance thresholds, the Company shall act in strict compliance with the law.

4. Data Retention and Professional Security Standards

4.1. The personal data processed by the Company is maintained within secure databases. The Company registers and manages its databases in compliance with statutory requirements.

4.2. The Company implements appropriate technical, physical, and administrative security measures to protect corporate data. However, it is clarified that absolute prevention of security incidents, breach events, or cyberattacks is technically unfeasible. Consequently, the Company's liability is limited to maintaining these industry-standard controls and addressing security incidents in compliance with legal requirements. Provided that reasonable security standards have been deployed, the Company shall not be held liable for any direct or indirect damage arising from a security incident or cyberattack.

5. Disclosure and Transfer of Data to Third Parties

The Company may share or transfer personal data to third parties under the following conditions and for the following business purposes:

5.1. Upon obtaining explicit consent from the data subject.

5.2. As required to fulfill contractual obligations.

5.3. For the provision of agreed-upon services.

5.4. To authorized third-party service providers or subcontractors operating on behalf of the Company. Any transfer of data to service providers is executed subject to binding confidentiality and data protection agreements, restricting their use of the data solely to the provision of the designated services, with the exception of using pseudonymized or anonymized information to maintain security, comply with legal duties, or optimize their service performance.

5.5. To corporate affiliates, subsidiaries, and joint venture business partners for the provision of complementary products and services, as further detailed in Section 5.10 below.

5.7. Where the Company reasonably believes that disclosure is necessary to mitigate risks of injury to individuals, loss of life, or property damage concerning the data subject or third parties.

6.1. Pursuant to the Protection of Privacy Law, 5741-1981, any individual is entitled, either directly or via an authorized representative, to inspect personal data concerning them held in the Company's databases. The Company shall honor legitimate inspection requests unless lawful grounds exist for denial.

6.2. Procedures for data inspection shall be established by the Company in compliance with the Protection of Privacy Regulations (Conditions for Inspection of Data and Procedures for Appeal on Refusal of an Inspection Request), 5741-1981.

6.3. Any individual who has inspected their personal data and finds it to be inaccurate, incomplete, ambiguous, or outdated is entitled to submit a formal request for its correction or deletion. The Company shall process requests for correction or deletion unless lawful grounds require retention.

6.4. Formal requests for data inspection, correction, or deletion must be submitted in writing to the contact points designated below. Inquiries will be addressed within a reasonable timeframe, not to exceed thirty (30) business days from receipt.

6.5. A data subject whose request for inspection, correction, or deletion has been denied may lodge an appeal before the competent Magistrate's Court in accordance with the aforementioned regulations.

7. Amendments to the Privacy Policy

The Company reserves the right to amend and update this Privacy Policy periodically. Legally binding modifications shall be published on the Website and shall take effect immediately upon posting (the revision date is indicated in the header).

8. Corporate Contact Information

For inquiries, clarifications, or to exercise statutory rights relating to this Privacy Policy, please contact the Company through the following channels. The Company will make every effort to respond within a reasonable timeframe:

• Telephone: 08-9939368

• Email Contact: info@hadarhasharon.com

• Postal Address: 47 HaMa'ayan, Modi'in

Appendix to the Privacy Policy - Cookies and Automated Tracking Technologies

The Website (along with other corporate digital assets, such as formal social media profiles, corporate landing pages, etc.) utilizes and may continue to utilize cookies, pixels, web beacons, and equivalent technologies for various corporate and analytical purposes as detailed below.

Definition and Purpose of Cookies

Cookies are standardized text files generated on the user's terminal device by instructions from the Website's servers or authorized third-party servers via the web browser. Cookies are deployed to ensure seamless website navigation, administrative security, session verification, user preference retention, content and advertisement optimization, and detailed analysis of website traffic and user engagement.

*Pixels are small graphic elements that function in a manner equivalent to cookies for tracking purposes.

Certain cookies are persistently stored on the visitor's terminal device after the browsing session ends, while others are session-specific and deleted upon closing the browser.

The utilization of cookies may involve the collection of metadata or personal identifiers. For instance, if a visitor accesses the Website wherein tracking pixels of a social media platform are deployed, the platform's servers may recognize that the user has navigated the Company's Website and subsequently serve relevant corporate advertisements and targeted B2B content upon that user's visit to the social media network.

Users may adjust their web browser configurations to manage, block, or receive alerts regarding cookie deployment. Cookies can be managed or deleted using standard browser tools as detailed below. Please note that disabling cookies may restrict access to or impair the performance of certain interactive services on the Website.

Categories and Purposes of Cookies Deployed on the Website

The Website deploys cookies and similar technologies (such as pixels and web beacons) to compile analytical data regarding Website traffic, analyze user workflows, provide tailored advertising material, maintain user preferences, and facilitate administrative security measures (such as maintaining active sessions or temporarily preserving data entered during form completion until the browser is closed).

Certain cookies are controlled by third-party providers, such as analytical and traffic monitoring cookies managed via 'Google Analytics' by Google Inc.

Users can view and manage active cookies using integrated browser inspection tools. Browser settings or operating system utility tools can also be utilized to clear cached cookies. Note that blocking or deleting cookies may prevent the proper delivery of personalized information or restrict the optimal functionality of certain areas of the Website.

Browser-Specific Cookie Management

• Google Chrome Instruction Page >>

1. Additional Tools – Auditing and managing cookies in Google Chrome.

2. In the browser's address bar, a security icon is displayed on the left-hand side.

3. Clicking the icon opens the settings and permissions menu.

4. Deleting Cookies via the Operating System

To locate and purge cookies at the operating system level, locate the local storage directory of your web browser on your storage drive, or search for files containing the keyword 'cookies' within your system's file manager, and execute a deletion command.