Last updated: December 09, 2022

WALNUT PRIVACY POLICY

This privacy policy (“Privacy Policy” or “Policy”) describes how Walnut Ltd. Walnut Tech Inc., and its affiliated companies (collectively shall be referred to as “Walnut”, “we”, “us”, or “our”) collect, use and disclose certain information, including your personal information and the choices you can make about that information.

Walnut is the developer and owner of a cloud-based SaaS platform (“Platform”) from which you can create and manage interactive and sales demos (collectively with the “Platform” shall be defined herein as the “Service(s)”).

This Privacy Policy which is incorporated by reference into our Terms of Service (“Terms”), governs the processing and transfer of data collected directly or indirectly when you use the Walnut Service, the Platform (“Customer”) or merely visit our website, available at: www.walnut.io ("website") (“Visitor”) (“Visitors”, and “Customers” shall be referred to collectively as “you”). 

This Policy explains which data we collect, how such data is used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) subject to applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

California and Colorado residents please review our CCPA Privacy Notice

POLICY AMENDMENTS:

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.

CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

Walnut Ltd is the controller entity, incorporated under the laws of Israel, its address: Dubnov 10 St. Tel Aviv, Israel.

You may contact us and our privacy team as follows: 

DPO Contact Information: privacy@walnut.io

Representative for data subjects in the EU and UK: 

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/15054779509 

DATA SETS WE COLLECT AND FOR WHAT PURPOSE:  

We may collect two types of information from you, depending on your interaction with us. 

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration). 

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”). 

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations: 

Visitors
Data Set
Purpose and Operation
Lawful Basis
Contact Information:
If you voluntarily contact us through any form available on the website or by email, you may be required to provide us with certain information such as your full name, email address, and any additional information you decide to share with us (“Contact Information”).
We will process the Contact Information to provide you with a respond to your inquiry.

We may also process the contents of our correspondence with you in order to improve our customer service.
We process such Contact Information subject to our legitimate interest.

We may keep such correspondence if we are legally required to.
Website Interaction and Marketing: 
When you interact with our website, we may collect your online identifiers, such as Internet Protocol (IP) address and Cookie ID, unique identifiers (“Online Identifiers”).

Further, we will collect your behavior information, which is collected indirectly by our external marketing tools, or analytic tools. This information includes the referring URL (that is, the webpage directing you to our website, and other websites you visited in the session), your interests in our competitors, the web page you visited when you tapped/clicked on our ad, how you interact with our webpage, time, duration of use, pages you have viewed on our website (“Behavior Data”).
First, Online Identifiers and cookies are used, in particular to operate the website and enable its proper functionality, for example to automatically recognize you by the next time you enter the website or to confirm you are a real person. 

Second, the Online Identifiers and the Behavior Data are indirectly processed by marketing and analytic tools, for analytic and remarketing purposes. We process this data to understand how visitors use our website and to measure effectiveness of some ads we use in order to track conversions, build targeted audience, and remarket our Services to people who have taken some action on the website.
Strictly necessary cookies which are required for the proper and basic operation of the website will be processed in our legitimate interest. 

Other cookies, including any targeting and marketing cookies, will be processed based on your consent which we will obtain through our cookie notice and consent management. 

You may withdraw consent at any time by using the cookie preference settings, or by managing opt-out through your browser or device.
Career: 
When you apply for a position, we will process your CVs as uploaded by you, your name, email address, phone number, your education and skills, employment history, and your photo (to the extent provided by you). Further, if we are required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability. In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data (“Recruitment Information”).  In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data.
We will collect Recruitment Information in order to process your application, for recruitment management purposes, for further recruitment steps (e.g., interview), and to enable us to comply with corporate governance and legal and regulatory requirements.

If you are hired, your Recruitment Information may be stored with HR as part of your employee file, and subject to our corporate management.

We use third party service provider for the purpose of managing job applications, currently we are using Greenhouse. Such vendors are contractually obligated to keep your information confidential and secure and they will not use the Recruitment Information for any other purpose other than detailed herein. 
We process Recruitment Information subject to our legitimate interest.

In some cases, for example, where we will ask you to provide health related data or diversity and inclusion data, we will process your data based upon your consent. You may always withdraw consent at any time by contacting us.

We will retain your data for records keeping and future defense from legal claims under our legitimate interest, or if you have provided consent to contact you in the future. 

Following the completion of the recruitment process, we may further retain and store the Recruitment Information as part of our internal record keeping, including for legal defense from any future claim, as well as, where we find applicable and subject to applicable law requirements, to contact you in the future for other job positions we believe will suit your qualifications.
Newsletter Registration:
In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your contact details, such as your email address.
We will use your email in order to send you our newsletter and other marketing materials.
We process such contact information subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly.
Customers
Data Set
Purpose and Operation
Lawful Basis
Registration Information:
In order for you to access our Services and Platform, you will need to register and create an account or we will designate you with an account based on the information you provide us (“Account”). 

During the registration process you will be requested to provide us with certain information such as your name, company name, email address, and other similar contact information. Following that, and you will be able to create a user name and password.
We use this data to create your Account, enable our Services and Platform and verify your identity.

We use the Registration Information to manage, support and to provide the Services as well as perform/execute the Master Service Agreement and to grant you the license to use the Platform, account and Services.
We process such data as part of the performance of our contract with you.
Direct Marketing:
We will send you invoices, materials and marketing content through the email information you provided during your onboarding.
We will use this information to keep you updated with offers and content such as updates, new capabilities and features, and to send you invoices and supporting documentation.
We process such information subject to our legitimate interest. You can opt-out at any time by using the “unsubscribe” option.
However, certain content (such as invoices) will still be sent.
Payment Information:
For using the Services, you may be requested to provide customary billing information, such as name, and billing address. We will collect the transaction information, however we do not collect any credit card information as we use the following third-party payment processors: Stripe and BlueSnap, any transactions that are processed by these third-party payment processors will be governed by their privacy policies and terms which are linked by name above.
We will process this information to be able to provide our Services and process your payment.
In the event that we process such information on our own, your Payment Information will be processed for the purpose of performing our contract with you, which will enable you to use our Services.
Customer Content:
You may upload creative content, images, graphics, videos, text, information, etc. (“Customer Content”) for the purpose of creating demos and presentations (“Demo”) through our Services. Although we recommend not to do so, the Customer Content you upload may include Personal Data. 

We will keep the original Customer Content and edited Demo for as long as you are using the Service or unless otherwise instructed by you. 
We use the Customer Content to enable you to create the Demos and use the Services.
We process such data as part of the performance of our contract with you.
Usage Data: 
During your use of the Platform, information regarding your use is automatically generated and collected. Such information may include the click stream within the Platform, the use of the Services (i.e., accessed or used by Customer) and the time spent on different pages or features, crash data, analytics, etc.

We record how you interact with our Service. We log crashes, interaction with the Services, how often you use the Service, how long you are on the Service, etc.
We use this information to understand how you are using our Services, and how to improve our Services. This helps us to understand better our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use such data for statistical analysis purposes, to test and improve our offers, and decide how to improve the Service based on the results obtained from this processing.  
We process this information subject to our legitimate interest.
Prospects:
As part of the Service, Customer may share the Demo with prospects. In order to do this, the Customer shall upload the prospect Contact Information (name, email and job title) as well as insights on such prospect use and view of the Demo and enriched data provided by Walnut or Walnut’s service providers which includes professional information on such prospect title, or company (“Prospect Information”).
Walnut will process the Prospect Data on behalf of the Customer for the purpose of providing the Services as set forth in the Agreement between you and Walnut. 

We process such data solely subject to your instructions during the use of the Services.
Our Customers are the controller of such data, hence are subject to the Data Processing Agreement.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined. 

HOW WE COLLECT YOUR INFORMATION:

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: 

  •       • Automatically, when you visit our website or interact with our Platform, including through the use of Cookies (as detailed below) and similar tracking technologies. 
  •        When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy. 
  •       • Provided by third parties.

COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. 

Cookies may be used for different purposes such as: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our Services quicker and easier. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find more information about our use of cookies in our cookie policy.

You can find more information about cookies at http://www.allaboutcookies.org/.

DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including our service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

Catergory of Recipient
Data that will be Shared
Purpose of Sharing
Walnut Tech Inc.
Contact Information, Customer Information and any information needed for Customer Success and sales.
We may share certain information with our affiliated company, Walnut Tech Inc, for sales and marketing purposes as well as customer success and support.
Service Providers 
All data
We employ other companies and individuals to perform functions on our behalf, such as sending communications, processing payments, analyzing data, providing marketing and sales assistance (including advertising and event management), identifying errors and crashes, conducting customer relationship management, and providing training. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Any acquirer of our business
All data
We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
Legal and law enforcement
Subject to law enforcement authority request.
We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.

USER RIGHTS:

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. 

CCPA (as further detailed in the CCPA Notice).

  •       • You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here, and send it to: privacy@walnut.io  

DATA RETENTION: 

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out (where applicable), or terminate your use of the Services, or you request to delete your Personal Data. 

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

SECURITY MEASURES: 

We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Walnut employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: privacy@walnut.io   if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data. 

INTERNATIONAL DATA TRANSFER: 

Our data servers in which we host and store the information are located in the US. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.

ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at privacy@walnut.io  if you have reason to believe that a child has shared any information with us.