The website deadsea.com (“the Site”, “we”, “us”, “our”) is operated by SEACRET Spa Ltd., an Israeli company. SEACRET Spa Ltd. is the data controller responsible for personal data processed through the Site. Our registered address is in Israel. You can contact us at any time at [email protected].
When you contact us, subscribe to our newsletter, or otherwise interact with the Site, we collect only what is necessary for that interaction:
When you visit the Site, our servers and analytics tools automatically collect:
We do not collect precise GPS-level location. We do not collect special-category data (health, religion, ethnicity, sexual orientation, political opinion, biometric, genetic) through the Site.
DeadSea.com is an editorial publication. We do not sell products from the Site. We do not collect, store, or process payment information (card numbers, bank details, billing addresses) at any point. Where you choose to make a purchase from a hotel partner, tour operator, or product retailer linked from our site, that transaction is conducted entirely on the third party’s platform under their own terms and privacy policy. We receive only an anonymised referral attribution from the affiliate network that allows the partner to credit us with the click. See Sections 4.3 and 5 for details on affiliate networks.
We use the categories of data above only for the purposes listed below. For visitors in the EU/EEA, UK, or other GDPR-equivalent jurisdictions, our legal basis under Article 6(1) GDPR is shown in brackets.
What we do not do: We do not sell, rent, or trade your personal information. We do not use your data for automated decision-making that produces legal or similarly significant effects. We do not profile you for advertising on third-party platforms.
The Site uses cookies and similar technologies. You can accept, reject, or adjust cookie categories through our cookie banner at any time. Essential cookies are required for the Site to function and cannot be disabled.
Required for basic Site function (session, security, cookie-consent state). These cookies are set without consent because the Site cannot function without them. Retention: typically until the end of your browser session, or up to 12 months.
We use Google Analytics 4 to understand how visitors use the Site. Data is collected in aggregated form and is configured to truncate IP addresses where the provider supports it. Analytics cookies are set only after you grant consent through the cookie banner. You can withdraw consent at any time. Retention of analytics data is 14 months.
Some pages on the Site contain affiliate links (for example, hotel booking partners and tour operators). When you click an affiliate link, the partner may place cookies on your device to attribute the referral. Those cookies are governed by the partner’s own privacy policy. Where we have an affiliate relationship that monetizes a page, we disclose this in plain language on that page.
We do not run third-party advertising on the Site and we do not set retargeting cookies. If this changes in future, this policy will be updated with at least 30 days’ notice.
The following categories of third-party services may receive limited categories of your personal data in order to perform a specific function for us. Each service is bound by its own privacy policy and, where applicable, by a Data Processing Agreement with SEACRET Spa Ltd.
| Category | Provider (verify) | What they receive |
|---|---|---|
| Site analytics | [Google Analytics 4] | Pseudonymised usage data, truncated IP, device and browser metadata. Configured with IP anonymization. |
| Hosting and CDN | [WP Engine, Cloudflare] | Server log data (IP, request metadata) for the duration required to serve pages and prevent abuse. |
| Affiliate networks | [Booking.com Affiliate Partnership; CJ Affiliate.] | Referral data attached to the click only after you click an affiliate link (anonymised attribution ID, optionally truncated IP and browser metadata). Governed by each partner’s own privacy policy. No payment information is shared with us at any stage of the purchase. |
A current and complete list of sub-processors is available on request from [email protected].
Personal data collected through the Site may be transferred to, stored, or processed in countries other than your country of residence, including Israel (wher we are established), the United States (where some of our service providers operate), and the European Union.
For transfers from the EEA, UK, or Switzerland to a country that is not subject to an adequacy decision (under Article 45 GDPR), we rely on the European Commission’s Standard Contractual Clauses (SCCs) or equivalent safeguards. Israel currently holds an EU adequacy decision (2011), which is in force at the time this policy was last updated. We do not rely on “continued use of the Site” as a transfer mechanism. that is not a valid basis under GDPR.
You can request a copy of the safeguards we apply for international transfers by emailing [email protected].
| Data category | Retention period |
|---|---|
| Contact form submissions | 12 months from the date of submission, unless an active conversation or legal obligation requires a longer period. You may request earlier deletion at any time. |
| Newsletter subscriber data | Until you unsubscribe or for 24 months after your last engagement, whichever comes first. Unsubscribe is available in every email and at [email protected]. |
| Analytics data (raw) | 14 months by default. After this period, only aggregated and anonymised data is retained. |
| Aggregated and anonymised analytics | Retained indefinitely. Not linked to any individual. |
| Server log data | Up to 90 days for security and abuse prevention, unless an incident extends the retention. |
| Cookie consent record | 12 months from the date you set or updated your preference. |
Depending on where you live, you may have the following rights regarding the personal data we hold about you:
To exercise any of these rights, email [email protected]. We will respond within one month, as required by GDPR Article 12(3). We may need to verify your identity before disclosing or deleting data, to protect you from impersonation requests.
If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with a data protection authority. You can complain to the supervisory authority in your country of residence, your place of work, or the place where the alleged breach occurred. For Israeli residents, the competent authority is the Privacy Protection Authority within the Israeli Ministry of Justice. For EEA residents, you can find your national supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en . We would, however, appreciate the opportunity to address your concern before you contact a regulator, so please consider emailing [email protected] first.
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
To exercise any of these rights, email [email protected] and write “California request” in the subject line.
Personal data collected through the Site is processed in accordance with the Israeli Privacy Protection Law, 5741-1981, and applicable regulations. You have the right to inspect data we hold about you, request correction of inaccurate data, and demand that we delete data that is no longer needed for the purposes for which it was collected. Contact [email protected] to exercise these rights.
DeadSea.com is not directed at children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS) for all Site traffic, access controls on internal systems, and regular review of vendor security. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours, and notify affected individuals where the law requires.
We may update this Privacy Policy from time to time. Material changes will be highlighted at the top of this page and, where the change affects the lawful basis for processing or introduces new categories of data or new third parties, we will notify newsletter subscribers by email and post a banner on the Site for at least 30 days. The date at the top of this page indicates when the policy was last updated.
Continued use of the Site after non-material changes constitutes notice. It does not constitute consent to processing where the law requires affirmative consent.
| Controller | SEACRET Spa Ltd. (Israeli company) |
| Privacy contact email | [email protected] |
| Contact form | https://deadsea.com/contact-us/ |
New guides, mineral research, and seasonal updates for readers who want to understand the Dead Sea, not just visit it. Published when new long-form content is ready. Never more than twice monthly.