Privacy Policy – System

Privacy Policy – System
WALKME SYSTEM™

Effective Date: May 15, 2018

This Section specifies the privacy and data retention practices related to use of the WalkMe System™ (which may be referred to in this Section as the “Service”). For information regarding WalkMe Mobile™, or the WalkMe Site please see the relevant Section(s). For a complete view of privacy practices relevant to you, please also read the General Section.

 

A.    WHAT INFORMATION MAY WE COLLECT ON USERS OF THE WALKME SYSTEM™? 

  1. Categories of information and data we may collect from our Users.
    • Passive Collection. Passively Collected Information means any information which is available to WalkMe while Users are using the Service. Passively Collected Information consists of technical information and behavioral information (i.e. the interaction of the User with the Service), including, but not limited to, the User’s operating system, type of browser, screen resolution, font type, time zone, Flash version, the User’s ‘click-stream’ on the Service, the period of time the User utilized the Services, etc.
    • Personal Information. Personal Information has the meaning stated in the General Section of this Privacy Policy. By default, the WalkMe System™ does not collect any Personal Information, other than IP addresses in logs for security purposes End Users’ geolocation (country and city in which you are located)  and masked IP addresses for the ongoing operation of the WalkMe System,  any of which may be considered as Personal Information in some jurisdictions. For more information, please see below.
  2. The WalkMe System™ utilizes certain identifiers retained in a cookie file as detailed below. Such identifiers are not linked to any Personal Information about a User and may also be stored (without any link to Personal Information) on WalkMe’s servers.
  3. WalkMe may also collect the email addresses of people who communicate with WalkMe via email or create accounts and login credentials.
  4. Special Features. Customer may use certain features which may cause the system to collect and store additional Personal Information (“Special Features”). These Special Features may include:
    • User Behavior Tracking: a feature which allows Customers to track End User’s interaction with HTML elements on an application or webpage for which the End User clicked on, including the following information: (i) End User IP address; (ii) URL; (ii) page title; (iii) text, value and description of each element the End User clicked on (excluding any inputted information that is in a credit card number format); and (iv) snapshot of Canvas elements (drawable regions defined in HTML code) which may be available on an application or webpage.
    • Screenshot Settings: a feature which allows Customers to capture screenshots of the application or webpage including the WalkMe content. For instance, a Customer may capture a WalkThru™ as it appears on the user interface of the Customer’s application.
    • Custom Variables: a feature which allows Customers to track End Users by an available HTML element, variable or cookie and which may be used to distinguish between segments of End Users. For instance, a Customer may use a custom variable to provide certain WalkMe content to only a particular set of End Users.
    • Custom User Identifier: a feature which allows Customers to track End User Identifier by an available HTML element, variable or cookie.
    • Visions: A feature which allows Customers to record users’ actions on an application or website that it owns, controls, licenses or uses. Whenever a visitor visits Customer’s website or application, Customer may collect via Visionsinformation from such visitor regarding his or her use of that website or application, such as pages visited, links clicked, non-sensitive text entered (if Customer chooses to collect it), and mouse movements, as well as information more commonly collected such as masked IP address, referring URL, browser, operating system, cookie information, CSS animations and dynamic content (“Visitors’ Information“). Visitors’ Information, in the aggregate, may be considered as Personal Information as it may be linked to a user identifier or may include Personal Information. Visitors’ Information may include: User unique ID (stored in a cookie for tracking and may be stored on our servers), Visitors’ clicks/touches on elements, changes to input field (like text fields, CSS selector or timestamp), elements and session meta-data, input on fields (depending on Customers settings), system errors, window size and changes to size, User agent (browser, device), mouse position, page snapshot, whether a user clicked on a play or pause button of a video, and other events (scrolling, focusing, hiding pages etc.). Such information may identify the visitor. Visions uses masked IP addresses to determine End Users’ geolocation (country and city in which you are located) to allow Customers to block recordings for certain End Users. By default, Visions does not record any keystrokes. This is the recommended setting, but can be changed via the settings page. Visions never records password inputs and provides the ability to specify that other elements of your website or application will not be tracked.

To use the Special Features, Customers need to actively turn on or provide their consent to use the applicable Special Feature, each of which is turned off by default. User Behavior Tracking (Special Feature) is automatically turned on for WalkMe Growth Edition (“GE”) Customers. WalkMe GE Customers may opt-out of the enablement of the User Behavior Tracking feature by contacting WalkMe at support@walkme.com and the feature will thereafter be disabled. When a Customer turns on one of the Special Features, the Customer agrees to the collection of Personal Information. Certain other features (like surveys and free text fields) may collect Personal Information only if an End User voluntarily provides it. Customers are responsible for the lawful and fair collection of Personal Information through the WalkMe System™ and to hold any consent, permit or license required by applicable law to facilitate such collection, retention, use, processing and storage of any data.

WalkMe is not aware of the nature of the information collected through the Special Features. Such information may include Personal Information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Information“)

 

B.    HOW DO WE COLLECT INFORMATION ON USERS OF THE WALKME SYSTEM™? 

  1. Automatic Collection of Information. When You use the Service we gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
  2. Information You Provide to Us. You provide us information, including Personal Information, when you communicate with us, including for instance providing Your email when you contact support.

Feature-Specific Information. For more information see the Section about Special Features above.

 

C.    WHAT ARE THE PURPOSES OF THE COLLECTION OF INFORMATION IN THE WALKME SYSTEM™?

  1. Passively Collected Information is collected in order to:
    • Provide Customers with the Service;
    • For customization and improvement of the Service.
  2. Personal Information is collected in order to:
    • Provide Customers with the Service;
    • Contacting Users and/or customers for the purpose of providing them with technical assistance and other related information about the Service;
    • Replying to User’s queries;
    • Troubleshooting problems, detecting and protecting against error, fraud or other criminal activity.
    • For risk control, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements.
    • To enforce agreements executed with WalkMe and to enforce this Privacy Policy.

D.    SHARING INFORMATION GATHERED THROUGH THE WALKME SYSTEM™ WITH THIRD PARTIES 

WalkMe may disclose Personal Information collected through the WalkMe System™ only in the following cases: (a) to satisfy any applicable law, regulation, order, legal process, subpoena or governmental request; (b) to provide Customer with information gathered through the Service by WalkMe on Customer’s behalf; (c) to detect, prevent, or otherwise address fraud, breach of this policy, security or technical issues; (d) to respond to User’s support requests; (e) to respond to claims that any content available through the Service violates the rights of third-parties; (f) to respond to claims that Personal Information (e.g. name, e-mail address, etc.) of a third party has been posted or transmitted without consent or as a form of harassment; (g) to protect the rights, property, or personal safety of WalkMe, its Users, or the general public; (h) when WalkMe is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; (i) to collect, hold and/or manage your Personal Information through WalkMe’s authorized affiliates and third party service providers (for example, Amazon Web Services in the United States),  solely in connection with the Service and subject to confidentiality agreements not less stringent than WalkMe’s obligations under this Privacy Policy. Service providers are authorized to use your Personal Information only as necessary to provide these services to us. Such service provider may be located in a country that does not have the same data protection laws as your jurisdiction. When WalkMe transfers data to a service provider, we seek when practical to transfer data only upon executing an appropriate agreement and/or after the certification of the service provider under the E.U.-U.S. Privacy Shield and/or with service providers that are located in a country recognized by the E.U. Council as providing adequate protection; or (j) pursuant to your explicit approval prior to the disclosure.

For avoidance of doubt, WalkMe may transfer Personal Information to its affiliates which shall be obligated with the same restrictions as agreed with the Customer and as specified in this Privacy Policy.

 

E.    MODIFICATION OR DELETION OF PERSONAL INFORMATION GATHERED THROUGH THE WALKME SYSTEM™ 

Users may have a legal right under certain applicable laws (for instance if the User is an E.U. citizen) or under Controller’s (as defined in the General Section) privacy policy to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes.

If, for any reason, a User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined in the General Section or provided herein) (e.g. the provider of the platform on which the WalkMe System™ is operating). The Controller shall perform the necessary process to identify the User as a User who has a the right to retrieve the specific information and then furnish to WalkMe the data required to be amended, deleted or retrieved together with a specific identification of the User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to WalkMe’s servers (IP address is not enough for an identification of User or data)). WalkMe cannot retrieve data without a specific identification of User and data. WalkMe may not be able to delete, amend or retrieve User’s information without the Controller’s instructions and authorization.

Please note that Personal Information may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Information, depending on technical commercial capability, including without limitation by setting the last octet of IPv4 user IP addresses such that it cannot be linked to any identifiers of the User. Such information may continue to be used by WalkMe for the purpose of operating the Service or for its legitimate interest without derogating from users’ rights.

For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed in the General Section and we shall make efforts to respond and support your request.

 

F.    DATA RETENTION – THE WALKME SYSTEM™

Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. WalkMe shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of WalkMe’s trade secrets.

WalkMe will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements.

Unless otherwise agreed in writing with the Customer, after a request from the Customer to delete any data or termination or expiration of the agreement with the Customer, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once initiated, this process cannot be reversed and data will be permanently deleted.

Type Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration
Backups 30 days
Logs 60 days
Access Logs 2 years
Data in Analytics Platform 90 days

However, some data will not be deleted and shall be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by WalkMe. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy.

 

G.    COOKIES & PASSIVE COLLECTION WITH THE WALKME SYSTEM™

When you access or use the Service, WalkMe may use industry-wide technologies such as cookies or similar technologies, which store certain information on your computer (“Local Storage“) and which will allow the system to enable automatic return to a stage or page you visited and make your Service experience much more convenient and personalized. The cookies used by the Service do not include any Personal Information about you, other than a random persistent identifier, unless configured otherwise by the Customer.

The cookies are retained only for the time period required by the Service (according to Customer’s requirements and settings) but in any event not more than 2 years from cessation of use of the Service by the Customer (older versions of the system may include cookies stored for a longer period of time).

If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Please note that deleting our cookies or disabling future cookies may prevent you from accessing certain areas or features of our Services or may otherwise adversely affect your user experience.

“Do Not Track” Signals: Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.

 

H.    THIRD-PARTY SOFTWARE/SERVICE

We may use third-party software and/or services in order to collect and/or process the information detailed herein. Such software includes without limitation:

 

Vendor Location Purpose of usage Privacy Policy Link
Amazon Web Services Inc. Seattle, Washington, United States Hosting infrastructure services https://aws.amazon.com/privacy
Akamai Technologies Inc. Cambridge, Massachusetts, United States CDN, WAF services https://www.akamai.com/us/en/privacy-policies/
GoodData Inc. San Francisco, U.S. Big data analytics services https://www.gooddata.com/privacy-policy
Logz.io LTD. Tel Aviv, Israel Logging services https://logz.io/about-us/privacy-policy/

 

WalkMe also utilizes WalkMe Visions and other services for tracking the use of Customers (including its personnel) on the editor component of the Service by recording their screen and operation through the service (WalkMe shall be considered as a Controller of such data).

 

I.    QUESTIONS, CONTACT INFORMATION AND COMPLAINTS

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at the following address and we will make an effort to reply within a reasonable timeframe.

Please do not hesitate to contact us:
legal@walkme.com or 1-855-4WALKME.
WalkMe, Inc.
525 Market Street
San Francisco, California, 94105
USA

Or contact WalkMe’s Data Protection Officer at:
Nir Nahum
legal@walkme.com
WalkMe, Inc.
525 Market Street
San Francisco, California, 94105
USA

 

WalkMe previous Privacy Policy – System