Last updated: December 09, 2022

WALNUT PRIVACY POLICY

This privacy policy (“Privacy Policy” or “Policy”) describes how Walnut Ltd. Walnut Tech Inc., and its affiliated companies (collectively shall be referred to as “Walnut”, “we”, “us”, or “our”) collect, use and disclose certain information, including your personal information and the choices you can make about that information.

Walnut is the developer and owner of a cloud-based SaaS platform (“Platform”) from which you can create and manage interactive and sales demos (collectively with the “Platform” shall be defined herein as the “Service(s)”).

This Privacy Policy which is incorporated by reference into our Terms of Service (“Terms”), governs the processing and transfer of data collected directly or indirectly when you use the Walnut Service, the Platform (“Customer”) or merely visit our website, available at: www.walnut.io ("website") (“Visitor”) (“Visitors”, and “Customers” shall be referred to collectively as “you”). 

This Policy explains which data we collect, how such data is used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) subject to applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

California and Colorado residents please review our CCPA Privacy Notice

POLICY AMENDMENTS:

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.

CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

Walnut Ltd is the controller entity, incorporated under the laws of Israel, its address: Dubnov 10 St. Tel Aviv, Israel.

You may contact us and our privacy team as follows: 

DPO Contact Information: privacy@walnut.io

Representative for data subjects in the EU and UK: 

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/15054779509 

DATA SETS WE COLLECT AND FOR WHAT PURPOSE:  

We may collect two types of information from you, depending on your interaction with us. 

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration). 

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”). 

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations: 

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined. 

HOW WE COLLECT YOUR INFORMATION:

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: 

  •       • Automatically, when you visit our website or interact with our Platform, including through the use of Cookies (as detailed below) and similar tracking technologies. 
  •        When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy. 
  •       • Provided by third parties.

COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. 

Cookies may be used for different purposes such as: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our Services quicker and easier. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find more information about our use of cookies in our cookie policy.

You can find more information about cookies at http://www.allaboutcookies.org/.

DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including our service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.

USER RIGHTS:

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. 

CCPA (as further detailed in the CCPA Notice).

  •       • You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here, and send it to: privacy@walnut.io  

DATA RETENTION: 

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out (where applicable), or terminate your use of the Services, or you request to delete your Personal Data. 

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

SECURITY MEASURES: 

We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Walnut employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: privacy@walnut.io   if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data. 

INTERNATIONAL DATA TRANSFER: 

Our data servers in which we host and store the information are located in the US. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.

ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at privacy@walnut.io  if you have reason to believe that a child has shared any information with us.