1. Introduction and Scope

This document details the privacy policy of Liat (Sheffer) Ben Yaakov regarding the collection, use, retention, sharing, and protection of personal information within the framework of activities on the website https://mastersofcreations.com and other communication channels. The policy is formulated in accordance with the Privacy Protection Law, 5741-1981, Amendment 13, and the Privacy Protection Regulations (Information Security), 5777-2017, the Communications Law (Telecommunications and Broadcasts), 5742-1982 (Section 30a – “Spam Law”), as well as the GDPR regulations of the European Union, where applicable. The use of the website and services is subject to this policy.

2. Business Details and Data Controller

The data controller is: Liat (Sheffer) Ben Yaakov, owned by Liat Ben Yaakov.
Contact details: Email liat@li-at.com;
Phone +972543035358;
Website: https://mastersofcreations.com.
For any questions or requests regarding this policy or the processing of information, please contact using the details above.

3. Target Audience and Minors

The services are intended for an adult audience. There is no intention to knowingly collect information from minors under the age of 18 without parental/guardian consent as required by law. If information is received about the collection of information from a minor contrary to the above, we will act to immediately delete it and block access to the relevant services.

4. Types of Information Collected

The personal information that may be collected includes: full name, phone number, email address, physical address, payment details for clearing purposes (including credit/debit card number if provided to clearing systems), and IP address and/or location data derived from the use of the services. Technical and usage information necessary for the operation of the website, personal area, courses, and ensuring information security will also be collected.

5. Sources and Means of Collection

Information is collected through WordPress (including the internal course system within WordPress), email inquiries, and WhatsApp communication. In addition, automatic collection of usage and browsing data may occur through cookies and technological tools integrated into the website.

6. Purposes of Processing and Legal Bases

The information is processed for the purposes of: contact and response to inquiries; managing registration, personal area, and access to courses; conducting online purchases and clearing; sending updates and newsletters subject to law; analyzing browsing data and improving user experience; sponsored advertising and measurement; information security, fraud prevention, and compliance with legal requirements.

Legal bases: performance of a contract (including providing course services, personal area, and clearing); legitimate interest (including improving service, security, support, and permitted marketing); consent (including receiving marketing mailings and operating non-essential cookies, as required); legal obligation (including account management, taxes, and regulatory reporting). When the basis is consent – consent can be withdrawn at any time without affecting services already provided, subject to legal limitations.

Consent mechanism: Where required – explicit consent will be requested through a checkbox or approval button, and we will act according to applicable law.

7. Direct Marketing

We may contact you regarding services, updates, content, and benefits via email, SMS, and/or WhatsApp channels, in accordance with the Communications Law (Section 30a) and applicable law. We will send advertisements only based on lawful consent or according to exceptions permitted by law. You can request removal at any time: via an unsubscribe link in emails, or by contacting liat@li-at.com, or by WhatsApp/SMS message to +972543035358. We will maintain “suppression lists” to ensure compliance with removal requests.

8. Cookies and Similar Technologies

The website uses cookies and similar technologies for proper operation, measurement, analysis, and targeted marketing. Cookie types include essential cookies for website operation, analytics cookies for measuring usage and improving user experience, and marketing cookies for sponsored advertising. Preferences can be managed in the browser, and cookies can be deleted. In areas where GDPR or similar laws apply, we will obtain consent for the use of non-essential cookies through an appropriate mechanism.

9. Disclosure of Information to Third Parties

We will share information to the necessary extent with service providers acting on our behalf for operational, storage, mailing, clearing, accounting, communication, website maintenance, and security purposes – and only in accordance with appropriate agreements and confidentiality and security obligations. We will provide information to authorized authorities or according to a judicial order/lawful authority request. When making payments, payment details are handled by the relevant clearing entities and banks, and are not retained by us beyond what is required for communication with the clearing provider and transaction identification.

10. Transfers of Information Outside Israel

Some providers are located outside Israel or store information in multiple jurisdictions. Where applicable law (including GDPR, where applicable) requires, we will ensure adequate transfer safeguards, such as standard contractual clauses (SCCs) of the European Union, equivalent mechanisms in the UK/Switzerland, or reliance on adequacy decisions. Regarding the receipt of information from the European Economic Area to Israel – Israel benefits from an adequacy decision of the European Union; onward transfers to third countries will be subject to appropriate safeguards.

11. Retention and Deletion

We retain personal information only for the period required for the purposes for which it was collected and to comply with legal obligations, including the retention of accounting and tax documents for the periods required by law. For marketing mailings, we will retain contact details until a removal request or according to legitimate business need/legal obligation, and in any case, we will maintain suppression lists to prevent future contacts contrary to the request. Users may request deletion, correction, or review in accordance with the “Data Subject Rights” section below, subject to legal retention obligations.

12. Data Subject Rights

In accordance with applicable privacy protection laws, data subjects have rights including, among others: the right to access information, request correction of inaccurate information, and in certain circumstances, request deletion. Where GDPR applies, additional rights may exist such as restriction of processing, objection to processing based on legitimate interest, data portability, and withdrawal of consent without affecting the lawfulness of processing performed before withdrawal. There is also the right to lodge a complaint with the Privacy Protection Authority in Israel, and for GDPR – with the relevant supervisory authority in the data subject’s jurisdiction. To exercise rights, please contact liat@li-at.com or call +972543035358, and we will respond in accordance with the law.

13. Information Security and Security Incidents

Reasonable and customary administrative, technological, and organizational security measures are taken, including access controls, use of HTTPS, two-factor authentication, and periodic backups. In addition, principles of access reduction and permission management, encryption in transit and at rest where possible, event monitoring, and periodic auditing are implemented. We maintain incident response procedures. Security incidents will be handled in accordance with the law, and in severe cases – notification to data subjects and reporting to the competent authority will be considered, including reporting to a supervisory authority under GDPR within the period specified by law, where applicable.

14. Use of Artificial Intelligence (AI)

To the extent that we use AI tools to support service processes, data analysis, or content creation, we will do so in a measured manner and in compliance with applicable law. No decision-making based solely on automated processing that has a significant impact on you will be performed without an appropriate legal basis and required safeguards. If personal processing is performed using AI, it will be based on legitimate interest, contract performance, or consent, as appropriate, and the necessary transparency will be provided.

15. Controller vs. Processor

Regarding the data of customers, mailing recipients, and website users, we act as the data controller. The service providers listed in the appendix act as processors for us, according to our instructions and in accordance with appropriate data processing agreements. This document does not derogate from specific terms in agreements with customers or suppliers.

16. Policy Updates

We may update this policy from time to time to reflect changes in law, activity, or technology. The update date will appear below, and the updated version will be published on the website. Your continued use of the services after an update constitutes agreement to the updated policy to the extent permitted by law. Last updated: 22.09.2025

17. Appendix – List of Systems and Service Providers

• Google Sheets – Forms and operational data management
• Mailing system – Rav Meser – Email mailing and marketing
• Active Campaign – Marketing automations and mailing
• Cardcom – Online payment clearing
• Invoice4U – Invoice and receipt generation
• American Express – Card payment processing
• Google Cloud – Infrastructure/file storage and hosting
• WhatsApp – Communication and customer service
• SMS – Sending text messages to customers
• WordPress – Website, forms, personal area, and course management
• Zapier – For automation and integration
• AI tools such as GPT/Gemini – For business efficiency