Effective Date: September 15, 2020
This Section specifies the privacy and data retention practices related to use of the WalkMe System™ (which may be referred to in this Section as the “Service”). For information regarding WalkMe Mobile™, or the WalkMe Site please see the relevant Section(s). For a complete view of privacy practices relevant to you, please also read the General Section.
A. WHAT INFORMATION MAY WE COLLECT ON USERS OF THE WALKME SYSTEM™?
- Categories of information and data we may collect from our Users.
- Passive Collection. Passively Collected Information means any information which is available to WalkMe while Users are using the Service. Passively Collected Information consists of technical information and behavioral information (i.e. the interaction of the User with the Service), including, but not limited to, the User’s operating system, type of browser, screen resolution, font type, time zone, Flash version, the User’s ‘click-stream’ on the Service, the period of time the User utilized the Services, etc.
- The WalkMe System™ utilizes certain identifiers retained in a cookie file as detailed below. Such identifiers are not linked to any Personal Information about a User and may also be stored (without any link to Personal Information) on WalkMe’s servers.
- WalkMe may also collect the email addresses of people who communicate with WalkMe via email or create accounts and login credentials.
- Special Features. Customer may use certain features which may cause the system to collect and store additional Personal Information (“Special Features”). These Special Features may include:
- Digital Analytics Experience: a feature which allows Customers to track End User’s interaction with HTML elements on an application or webpage for which the End User clicked on, for the purpose of understanding the End User’s engagement with a webpage or application, including the following information: (i) End User IP address; (ii) URL; (ii) page title or application title; (iii) text, value and description of each element the End User clicked on (excluding any inputted information that is in a credit card number format); and (iv) snapshot of Canvas elements (drawable regions defined in HTML code) which may be available on an application or webpage.
- Screenshot Settings: a feature which allows Customers to capture screenshots of the application or webpage including the WalkMe content. For instance, a Customer may capture a WalkThru™ as it appears on the user interface of the Customer’s application.
- Custom Variables: a feature which allows Customers to track End Users by an available HTML element, variable or cookie and which may be used to distinguish between segments of End Users. For instance, a Customer may use a custom variable to provide certain WalkMe content to only a particular set of End Users.
- Custom User Identifier: a feature which allows Customers to track End User Identifier by an available HTML element, variable or cookie.
- Adaptive Element Recognition: a feature that improves element recognition accuracy over time, which when using capture in the editor component of the service and in rare occasions may capture a page snapshot and/or a screenshot in order to correct the element recognition.
- Session Recordings (Visions): A feature which allows Customers to record users’ actions on an application or website that it owns, controls, licenses or uses. Whenever a visitor visits Customer’s website or application, Customer may collect via Visions™ information from such visitor regarding his or her use of that website or application, such as pages visited, links clicked, non-sensitive text entered (if Customer chooses to collect it), and mouse movements, as well as information more commonly collected such as masked IP address, referring URL, browser, operating system, cookie information, CSS animations and dynamic content (“Visitors’ Information“). Visitors’ Information, in the aggregate, may be considered as Personal Information as it may be linked to a user identifier or may include Personal Information. Visitors’ Information may include: User unique ID (stored in a cookie for tracking and may be stored on our servers), Visitors’ clicks/touches on elements, changes to input field (like text fields, CSS selector or timestamp), elements and session meta-data, input on fields (depending on Customers settings), system errors, window size and changes to size, User agent (browser, device), mouse position, page snapshot, whether a user clicked on a play or pause button of a video, and other events (scrolling, focusing, hiding pages etc.). Such information may identify the visitor. Visions™ uses masked IP addresses to determine End Users’ geolocation (country and city in which you are located) to allow Customers to block recordings for certain End Users. By default, Visions™ does not record any keystrokes. This is the recommended setting, but can be changed via the settings page. Visions™ never records password inputs and provides the ability to specify that other elements of your website or application will not be tracked.
To use the Special Features, Customers need to actively turn on or provide their consent to use the applicable Special Feature, each of which is turned off by default. Notwithstanding the aforementioned, Digital Analytics Experience and Adaptive Element Recognition features (each a Special Feature) are automatically turned on for WalkMe Growth Edition (“GE”) Customers. For customers who enabled the Special Features “Digital Analytics Experience” and/or “Session Recordings (Visions)”, the Adaptive Element Recognition feature is automatically enabled to increase the functionality of WalkMe’s services. Customers may opt-out of the enablement of the Digital Analytics Experience and Adaptive Element Recognition feature by contacting WalkMe at email@example.com and such Special Features will thereafter be disabled. When a Customer turns on one of the Special Features, the Customer agrees to the collection of Personal Information. Certain other features (like surveys and free text fields) may collect Personal Information only if an End User voluntarily provides it. Customers are responsible for the lawful and fair collection of Personal Information through the WalkMe System™ and to hold any consent, permit or license required by applicable law to facilitate such collection, retention, use, processing and storage of any data.
WalkMe is not aware of the nature of the information collected through the Special Features. Such information may include Personal Information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Information“)
B. HOW DO WE COLLECT INFORMATION ON USERS OF THE WALKME SYSTEM™?
- Automatic Collection of Information. When You use the Service we gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
- Information You Provide to Us. You provide us information, including Personal Information, when you communicate with us, including for instance providing Your email when you contact support.
Feature-Specific Information. For more information see the Section about Special Features above.
C. WHAT ARE THE PURPOSES OF THE COLLECTION OF INFORMATION IN THE WALKME SYSTEM™?
- Passively Collected Information is collected in order to:
- Provide Customers with the Service;
- For customization and improvement of the Service.
- Personal Information is collected in order to:
- Provide Customers with the Service;
- Contacting Users and/or customers for the purpose of providing them with technical assistance and other related information about the Service;
- Replying to User’s queries;
- Troubleshooting problems, detecting and protecting against error, fraud or other criminal activity.
- For risk control, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements.
D. SHARING INFORMATION GATHERED THROUGH THE WALKME SYSTEM™ WITH THIRD PARTIES
E. MODIFICATION OR DELETION OF PERSONAL INFORMATION GATHERED THROUGH THE WALKME SYSTEM™
If, for any reason, a User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined in the General Section or provided herein) (e.g. the provider of the platform on which the WalkMe System™ is operating). The Controller shall perform the necessary process to identify the User as a User who has a the right to retrieve the specific information and then furnish to WalkMe the data required to be amended, deleted or retrieved together with a specific identification of the User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to WalkMe’s servers (IP address is not enough for an identification of User or data)). WalkMe cannot retrieve data without a specific identification of User and data. WalkMe may not be able to delete, amend or retrieve User’s information without the Controller’s instructions and authorization.
Please note that Personal Information may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Information, depending on technical commercial capability, including without limitation by setting the last octet of IPv4 user IP addresses such that it cannot be linked to any identifiers of the User. Such information may continue to be used by WalkMe for the purpose of operating the Service or for its legitimate interest without derogating from users’ rights.
For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed in the General Section and we shall make efforts to respond and support your request.
F. DATA RETENTION – THE WALKME SYSTEM™
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. WalkMe shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of WalkMe’s trade secrets.
WalkMe will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements.
Unless otherwise agreed in writing with the Customer, after a request from the Customer to delete any data or termination or expiration of the agreement with the Customer, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once initiated, this process cannot be reversed and data will be permanently deleted.
|Type||Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration|
|Access Logs||2 years|
|Data in Analytics Platform||90 days|
|Communications regarding requests for data deletion and exercise of individual rights||At least 24 months|
G. COOKIES & PASSIVE COLLECTION WITH THE WALKME SYSTEM™
When you access or use the Service, WalkMe may use industry-wide technologies such as cookies or similar technologies, which store certain information on your computer (“Local Storage“) and which will allow the system to enable automatic return to a stage or page you visited and make your Service experience much more convenient and personalized. The cookies used by the Service do not include any Personal Information about you, other than a random persistent identifier, unless configured otherwise by the Customer.
The cookies are retained only for the time period required by the Service (according to Customer’s requirements and settings) but in any event not more than 2 years from cessation of use of the Service by the Customer (older versions of the system may include cookies stored for a longer period of time).
If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Please note that deleting our cookies or disabling future cookies may prevent you from accessing certain areas or features of our Services or may otherwise adversely affect your user experience.
“Do Not Track” Signals: Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.
H. THIRD-PARTY SOFTWARE/SERVICE
We may use third-party software and/or services in order to collect and/or process the information detailed herein. Such software includes without limitation:
|Amazon Web Services Inc.||Seattle, Washington, United States||Hosting infrastructure services||https://aws.amazon.com/privacy|
|Google LLC (Google Cloud Platform)||California, United States||Hosting Infrastructure services||https://policies.google.com/privacy|
|IBM Ireland||Ireland||Hosting infrastructure services||https://www.ibm.com/uk-en/privacy|
|Microsoft Azure||Seattle, United States||Hosting infrastructure services||https://privacy.microsoft.com/en-us/PrivacyStatement|
|Akamai Technologies Inc.||Cambridge, Massachusetts, United States||CDN, WAF services||https://www.akamai.com/us/en/privacy-policies/|
|Logz.io, Inc.||Boston, US||Logging services||https://logz.io/about-us/privacy-policy/|
WalkMe also utilizes WalkMe Visions™ and other services for tracking the use of Customers (including its personnel) on the editor component of the Service by recording their screen and operation through the service (WalkMe shall be considered as a Controller of such data).
I. QUESTIONS, CONTACT INFORMATION AND COMPLAINTS
Please do not hesitate to contact us:
firstname.lastname@example.org or 1-855-4WALKME (925563 – Toll Free Number).
71 Stevenson Street, Floor 20
San Francisco, California, 94105
Or contact WalkMe’s Data Protection Officer at:
71 Stevenson Street, Floor 20
San Francisco, California, 94105