Magdala Center (“Magdala”), registered under Magdala Tourist Center Ltd. and operating the Magdala Archaeological Park, Magdala Guesthouse, and related initiatives, is strongly committed to protecting the privacy of its guests, donors, visitors, and online community members.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data across all of Magdala’s activities, including our websites, Wi-Fi systems, events, communications, and fundraising platforms.

By using Magdala’s services or communicating with us, you agree to the practices described in this policy.

We collect personal data when you voluntarily provide it, such as when you make a reservation, donation, register for an event, or subscribe to our communications. This may include:

• Full name, organization, nationality, tax ID number
• Billing and shipping addresses
• Email address and telephone number
• Payment details (processed securely via certified third-party providers)
• Religious affiliation (only if you voluntarily disclose it for pastoral or community purposes)
• Information relating to reservations, donations, or participation in Magdala activities

We may also collect limited technical data (IP address, browser type, device identifiers, and cookies) for security, analytics, and service improvement.

We process personal data under the following lawful bases:

• Consent: e.g., for newsletters or sharing sensitive information (religious affiliation).
• Contract: to process hotel bookings, event registrations, or donation agreements.
• Legitimate Interests: improving our services, maintaining donor relations, and ensuring network security.
• Legal Obligations: compliance with tax, accounting, and reporting requirements.

Personal data is used for:

• Fulfilling reservations, event registrations, and donation processing
• Responding to inquiries and providing guest or donor services
• Administering donor recognition programs such as the Magdala Mosaic
• Sending tailored communications, newsletters, and marketing (with opt-out options)
• Ensuring the security and integrity of our websites and Wi-Fi networks
• Complying with applicable laws and regulations

We do not sell or rent your personal data.

We may share data with trusted third parties, only as necessary:

• Payment processors: Stripe, PayPal, Fundraise Up
• Donor and data management platforms: DonorPerfect
• Email and communications: Campaign Monitor
• Hotel booking and hospitality systems
• Legal and regulatory authorities where required

All such partners are contractually required to protect your data and comply with international standards (e.g., PCI DSS Level 1, SOC 2 Type II, ISO 27001).

Your data may be transferred and processed in Israel, the European Union, the United States, Mexico, or other jurisdictions.

Where such transfers occur, we apply appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent legal protections.

We retain personal data only as long as necessary for the purposes described:

• Reservation and donation records: as required by law (typically 7–10 years)
• Marketing and communications: until you unsubscribe or withdraw consent
• Sensitive data (religious affiliation): only for the purpose for which it was provided and for the minimum period necessary

Magdala implements administrative, technical, and physical safeguards to protect your data, including:

• TLS/SSL encryption in transit
• Encrypted storage of payment data by certified providers
• Firewalls, access controls, and monitoring systems
• Staff training in data protection practices

However, no system is 100% secure. In the event of a data breach, we will notify affected individuals and regulators as required by law.

Depending on your location, you may have the following rights:

• Access your personal data
• Rectify inaccuracies
• Request deletion (“right to be forgotten”)
• Restrict or object to processing
• Data portability (where applicable)
• Withdraw consent at any time
• File a complaint with a supervisory authority

To exercise these rights, please contact us at ddelgado@magdala.org.

Our websites use cookies and similar technologies to:

• Enable core functionality (session management, security)
• Analyze site traffic and usage patterns
• Support marketing campaigns (with your consent in applicable jurisdictions)

You can manage cookie preferences via your browser or site settings.

Magdala does not knowingly collect data from children under the age of 16 (or 13 where permitted by law) without parental consent.

For privacy-related questions or requests, contact:

Data Protection Contact
David Delgado – Deputy Development Officer
📧 Email: ddelgado@magdala.org
📞 Tel/Fax: +972 50 944 4035
🏨 Magdala Hotel, Migdal Junction, 14950000, Israel

Magdala may update this Privacy Policy from time to time. Updates will be posted on our website with a revised effective date. Continued use of our services after such changes constitutes acceptance.