Walnut is the developer and owner of a cloud-based SaaS platform (“Platform”) from which you can create and manage interactive and sales demos (collectively with the “Platform” shall be defined herein as the “Service(s)”).
This Policy explains which data we collect, how such data is used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) subject to applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
California and Colorado residents please review our CCPA Privacy Notice.
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.
CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:
Walnut Ltd is the controller entity, incorporated under the laws of Israel, its address: Dubnov 10 St. Tel Aviv, Israel.
You may contact us and our privacy team as follows:
DPO Contact Information: firstname.lastname@example.org
Representative for data subjects in the EU and UK:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/15054779509
DATA SETS WE COLLECT AND FOR WHAT PURPOSE:
We may collect two types of information from you, depending on your interaction with us.
The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration).
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”).
For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations:
If you voluntarily contact us through any form available on the website or by email, you may be required to provide us with certain information such as your full name, email address, and any additional information you decide to share with us (“Contact Information”).
We may also process the contents of our correspondence with you in order to improve our customer service.
We may keep such correspondence if we are legally required to.
When you interact with our website, we may collect your online identifiers, such as Internet Protocol (IP) address and Cookie ID, unique identifiers (“Online Identifiers”).
Further, we will collect your behavior information, which is collected indirectly by our external marketing tools, or analytic tools. This information includes the referring URL (that is, the webpage directing you to our website, and other websites you visited in the session), your interests in our competitors, the web page you visited when you tapped/clicked on our ad, how you interact with our webpage, time, duration of use, pages you have viewed on our website (“Behavior Data”).
Second, the Online Identifiers and the Behavior Data are indirectly processed by marketing and analytic tools, for analytic and remarketing purposes. We process this data to understand how visitors use our website and to measure effectiveness of some ads we use in order to track conversions, build targeted audience, and remarket our Services to people who have taken some action on the website.
Other cookies, including any targeting and marketing cookies, will be processed based on your consent which we will obtain through our cookie notice and consent management.
You may withdraw consent at any time by using the cookie preference settings, or by managing opt-out through your browser or device.
When you apply for a position, we will process your CVs as uploaded by you, your name, email address, phone number, your education and skills, employment history, and your photo (to the extent provided by you). Further, if we are required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability. In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data (“Recruitment Information”). In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data.
If you are hired, your Recruitment Information may be stored with HR as part of your employee file, and subject to our corporate management.
We use third party service provider for the purpose of managing job applications, currently we are using Greenhouse. Such vendors are contractually obligated to keep your information confidential and secure and they will not use the Recruitment Information for any other purpose other than detailed herein.
In some cases, for example, where we will ask you to provide health related data or diversity and inclusion data, we will process your data based upon your consent. You may always withdraw consent at any time by contacting us.
We will retain your data for records keeping and future defense from legal claims under our legitimate interest, or if you have provided consent to contact you in the future.
Following the completion of the recruitment process, we may further retain and store the Recruitment Information as part of our internal record keeping, including for legal defense from any future claim, as well as, where we find applicable and subject to applicable law requirements, to contact you in the future for other job positions we believe will suit your qualifications.
In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your contact details, such as your email address.
In order for you to access our Services and Platform, you will need to register and create an account or we will designate you with an account based on the information you provide us (“Account”).
During the registration process you will be requested to provide us with certain information such as your name, company name, email address, and other similar contact information. Following that, and you will be able to create a user name and password.
We use the Registration Information to manage, support and to provide the Services as well as perform/execute the Master Service Agreement and to grant you the license to use the Platform, account and Services.
We will send you invoices, materials and marketing content through the email information you provided during your onboarding.
However, certain content (such as invoices) will still be sent.
For using the Services, you may be requested to provide customary billing information, such as name, and billing address. We will collect the transaction information, however we do not collect any credit card information as we use the following third-party payment processors: Stripe and BlueSnap, any transactions that are processed by these third-party payment processors will be governed by their privacy policies and terms which are linked by name above.
You may upload creative content, images, graphics, videos, text, information, etc. (“Customer Content”) for the purpose of creating demos and presentations (“Demo”) through our Services. Although we recommend not to do so, the Customer Content you upload may include Personal Data.
We will keep the original Customer Content and edited Demo for as long as you are using the Service or unless otherwise instructed by you.
During your use of the Platform, information regarding your use is automatically generated and collected. Such information may include the click stream within the Platform, the use of the Services (i.e., accessed or used by Customer) and the time spent on different pages or features, crash data, analytics, etc.
We record how you interact with our Service. We log crashes, interaction with the Services, how often you use the Service, how long you are on the Service, etc.
As part of the Service, Customer may share the Demo with prospects. In order to do this, the Customer shall upload the prospect Contact Information (name, email and job title) as well as insights on such prospect use and view of the Demo and enriched data provided by Walnut or Walnut’s service providers which includes professional information on such prospect title, or company (“Prospect Information”).
We process such data solely subject to your instructions during the use of the Services.
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.
HOW WE COLLECT YOUR INFORMATION:
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:
- • When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy.
- • Provided by third parties.
COOKIES AND SIMILAR TECHNOLOGIES:
You can find more information about cookies at http://www.allaboutcookies.org/.
DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:
We share your data with third parties, including our service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.
We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
CCPA (as further detailed in the CCPA Notice).
- • You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here, and send it to: email@example.com
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out (where applicable), or terminate your use of the Services, or you request to delete your Personal Data.
Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Walnut employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
INTERNATIONAL DATA TRANSFER:
Our data servers in which we host and store the information are located in the US. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.
ELIGIBILITY AND CHILDREN PRIVACY:
The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at firstname.lastname@example.org if you have reason to believe that a child has shared any information with us.