Visions™ Last Revised: September 18, 2017 Please note that this is not the most recent version of the Privacy Policy. The most recent version privacy policy is available at: https://www.walkme.com/privacy-policy/ This Section specifies the privacy and data retention practices in connection with Visions™ (which may be referred to in this Section as the “Service”). For information regarding WalkMe Mobile™, the WalkMe System™ or the WalkMe Site please see the relevant Section(s). For a complete view of privacy practices relevant to you, please also read the General Section. a. What Information May We Collect on Users of the Vision™ Service? Information Collected from Customers. If you are a Customer who wants to utilize Visions™ on an application or website that you own, control, license or use, we may ask you for your name (first and last), company name, phone number, email address, and payment information (such as credit card). We will also collect information about your usage of the Service, which can be used to identify the Customer, and all email correspondence between you and WalkMe. WalkMe also utilizes Visions™ for tracking the use of Customers on the Service (please see more information in the Section about information collected form End Users below). Information Collected from End Users of websites or applications using Visions™. Whenever a visitor visits Customer’s website or application, Customer via Visions™ may collect information from such visitor regarding his or her use of that website or application, such as pages visited, links clicked, non-sensitive text entered (if Customer chooses to collect it), and mouse movements, as well as information more commonly collected such as his/her IP address, referring URL, browser, operating system, cookie information, CSS animations and dynamic content (“Visitors’ Information“). Visitors’ Information, in the aggregate, may be considered as Personal Information as it may be linked to a user identifier or may include Personal Information. Visitors’ Information may include: User unique ID (stored in a cookie for tracking and may be stored on our servers), Visitors’ clicks/touches on elements, changes to input field (like text fields, CSS selector or timestamp), elements and session meta-data, input on fields (depending on Customers settings), system errors, window size and changes to size, User agent (browser, device), mouse position, page snapshot, whether a user clicked on a play or pause button of a video, and other events (scrolling, focusing, hiding pages etc.). Such information may identify the visitor.Visions™ uses IP addresses to determine End Users’ geolocation (country and city in which you are located) to allow Customers to block recordings for certain End Users.By default, Visions™ does not record any keystrokes. This is the recommended setting, but can be changed via the settings page.Visions™ never records password inputs and provides the ability to specify that other elements of your website or application will not be tracked. b. How Do We Collect Information on Users of the Visions™ Service? Automatic Collections of Information. When You use the Service we gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. Information You Provide to Us. You provide us information, including Personal Information or Personal Data, when you communicate with us, including for instance providing your email when you contact support. Collection to Local Storage. We also collect Information through cookies and other technologies as detailed below. c. What are the Purposes of the Collection of Information in the Visions™ Service? Non-Personal Information is collected in order to: Provide Customers and Users with the Service For customization and improvement of the Service. Personal Information and Personal Data is collected in order to: Operate the Service which includes: Contacting Users for the purpose of providing them with technical assistance and other related information about the Service. Replying to User’s queries. Troubleshooting problems, detecting and protecting against error, fraud or other criminal activity. For risk control, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements. To enforce agreements executed with WalkMe and to enforce this Privacy Policy. d. Sharing Information gathered through Visions™ with Third-Parties WalkMe may disclose Personal Information collected through Visions™ only in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to provide Customers with information gathered through the Service by WalkMe on Customer’s behalf; (c) to detect, prevent, or otherwise address fraud, breach of this policy, security or technical issues; (d) to respond to User’s support requests; (e) to respond to claims that any content available through the Service violates the rights of third parties; (f) to respond to claims that Personal Information (e.g. name, e-mail address, etc.) of a third party has been posted or transmitted without consent or as a form of harassment; (g) to protect the rights, property, or personal safety of WalkMe, its Users, or the general public; (h) when WalkMe is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; (i) to collect, hold and/or manage your Personal Information through WalkMe’s authorized affiliates and third-party service providers (for example, Amazon Web Services in the United States), solely in connection with the Service and subject to confidentiality agreement not less stringent than WalkMe’s obligations under this Privacy Policy. Such service provider may be located in a country that does not have the same data protection laws as your jurisdiction. When WalkMe transfers data to a service provider, we seek when practical to transfer data only upon executing an appropriate agreement and/or after the certification of the service provider under the E.U.-U.S. Privacy Shield and/or with service providers that are located in a country recognized by the E.U. Council as providing adequate protection; or (j) pursuant to your explicit approval prior to the disclosure. For avoidance of doubt, WalkMe may transfer Personal Information to its affiliates which shall be obligated with the same restrictions as agreed with the Customer and as specified in this Privacy Policy. e. Modification or Deletion of Personal Information Gathered Through Visions™ Users may have a legal right under certain applicable laws (for instance if the User is an E.U. citizen) or under Controller’s (as defined in the General Section) privacy policy to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes. If, for any reason, a User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined in the General Section) (e.g. the provider of the platform on which the Visions™ is operating). The Controller shall perform the necessary process to identify the User as a User who has a the right to retrieve the specific information and then furnish to WalkMe the data required to be amended, deleted or retrieved together with a specific identification of the User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to WalkMe’s servers (IP address is not enough for an identification of User or data)). WalkMe cannot retrieve data without a specific identification of User and data. WalkMe may not be able to delete, amend or retrieve User’s information without the Controller’s instructions and authorization. Please note that Personal Information may be either deleted or retained in an anonymized manner (i.e. without being linked to any identifiers or Personal Information or Personal Data) depending on technical commercial capability. Such anonymized information may continue to be used by WalkMe for the purpose of operating the Service. For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed in the General Section and we shall make efforts to respond and support your request. f. Data Retention – Visions™ Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. WalkMe shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of WalkMe’s trade secrets. Visions™ sessions are stored for a short period of time on our database, after which they are moved to a secure S3 storage on amazon AWS. WalkMe will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. Unless otherwise agreed in writing with the Customer, after a request from the Customer to delete any data an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once initiated, this process cannot be reversed and data will be permanently deleted. Type Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration Backups 30 days Logs 365 days Data in Analytics Platform 90 days However, some data will not be deleted and shall be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by WalkMe. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy. g. Cookies & Passive Collection and Opt Out – Visions™ Cookies are small data files placed on your computer by the Service and the emails you read and can be used to help recognize you when you return to a website, or when you visit other sites. We, or third-party service providers, may use cookies to measure activity, personalize your experience, remember your viewing preferences, or track your status or progress when accessing the Service. Visions™ cookies retain randomly generated identifiers and End User’s referring URL. In particular, cookies are used to maintain a coherent scope for an End User’s session across multiple pages on a single website. These cookies do not track the same user across unrelated domains. Visions™’ cookies are deleted automatically within one year. Local Storage is a standard facility provided by HTML5 compliant browsers used to retain data on your computer across visits to the same website. We use local storage as a temporary holding area for user events that were observed locally but, due to the timing of a page unload, were unable to be transmitted as part of the user session. Return visits to the same website read and transmit events previously stored in local storage to complete previously recorded sessions. If an End User wishes to prevent all websites using Visions™ from recording his/her activity, s/he can opt out. Opting out will create a cookie that tells Visions™ to turn off recording. The presence of this cookie is required to continue opting out, so if a User clears its browser cookies, s/he will have to opt out again. If you so choose, you can set your browser to reject cookies or you can manually delete them individually or delete all of the cookies on your computer by following your browser’s help file directions. Note that turning off cookies may also disable functions of many sites you visit. If your browser is set to reject cookies or you manually delete cookies, Visions™ will not be able to combine your anonymous user identity automatically into sessions across pages on the same website. Visions™ could in principle combine your user identity across pages of a single site even if you are blocking cookies if (1) you are logged into the website of a Customer and (2) that Customer uses the JavaScript API to identify that you are using an application unique identifier. We may use standard internet technology, such as web beacons and other similar technologies, to track your use of the Customer’s website. We also may include web beacons in email or InApp messages to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer visitors to the Website to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming or other activities. Some web browsers may transmit Do Not Track signals to websites with which the browser communicates, telling the Service not to follow its online movements. Because of differences in how web browsers interpret this feature, it is not always clear whether Users intend for these signals to be transmitted, or whether they are even aware of them. Therefore, WalkMe’s website currently does not respond to such Do Not Track signals. h. Third-Party Software/Service We may use third-party software and/or services, in order to collect and/or process the information detailed herein. Such software includes without limitation Amazon Web Servers in the United States (for data storage), which privacy policy is available at: https://aws.amazon.com/privacy/; Google Analytics (for statistical data gathering) which privacy policy is available at: https://www.google.com/policies/privacy/; Intercom (for communicating with Users) which privacy policy is available at: https://www.intercom.com/privacy; Stripe (for billing processing and management) which privacy policy is available at: https://stripe.com/us/privacy; Heap Analytics (for statistical data gathering) which privacy policy is available at: https://heapanalytics.com/privacy; BugSnag (for system performance monitoring) which privacy policy is available at: https://docs.bugsnag.com/legal/privacy-policy/; MailChimp (for communicating with Users) which privacy policy is available at: https://mailchimp.com/legal/privacy/. i Questions, Contact Information and Complaints If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at the following address and we will make an effort to reply within a reasonable timeframe. Please do not hesitate to contact us: legal@walkme.com or 1-855-4WALKME. WalkMe Inc, 350 mission st., FL. 26, San Francisco, CA 94105, USA Or contact WalkMe’s Data Protection Officer at: David Sussely David.su@walkme.com WalkMe Inc, 350 mission st., FL. 26, San Francisco, CA 94105, USA
Visions™ Last Revised: September 18, 2017 Please note that this is not the most recent version of the Privacy Policy. The most recent version privacy policy is available at: https://www.walkme.com/privacy-policy/ This Section specifies the privacy and data retention practices in connection with Visions™ (which may be referred to in this Section as the “Service”). For information regarding WalkMe Mobile™, the WalkMe System™ or the WalkMe Site please see the relevant Section(s). For a complete view of privacy practices relevant to you, please also read the General Section. a. What Information May We Collect on Users of the Vision™ Service? Information Collected from Customers. If you are a Customer who wants to utilize Visions™ on an application or website that you own, control, license or use, we may ask you for your name (first and last), company name, phone number, email address, and payment information (such as credit card). We will also collect information about your usage of the Service, which can be used to identify the Customer, and all email correspondence between you and WalkMe. WalkMe also utilizes Visions™ for tracking the use of Customers on the Service (please see more information in the Section about information collected form End Users below). Information Collected from End Users of websites or applications using Visions™. Whenever a visitor visits Customer’s website or application, Customer via Visions™ may collect information from such visitor regarding his or her use of that website or application, such as pages visited, links clicked, non-sensitive text entered (if Customer chooses to collect it), and mouse movements, as well as information more commonly collected such as his/her IP address, referring URL, browser, operating system, cookie information, CSS animations and dynamic content (“Visitors’ Information“). Visitors’ Information, in the aggregate, may be considered as Personal Information as it may be linked to a user identifier or may include Personal Information. Visitors’ Information may include: User unique ID (stored in a cookie for tracking and may be stored on our servers), Visitors’ clicks/touches on elements, changes to input field (like text fields, CSS selector or timestamp), elements and session meta-data, input on fields (depending on Customers settings), system errors, window size and changes to size, User agent (browser, device), mouse position, page snapshot, whether a user clicked on a play or pause button of a video, and other events (scrolling, focusing, hiding pages etc.). Such information may identify the visitor.Visions™ uses IP addresses to determine End Users’ geolocation (country and city in which you are located) to allow Customers to block recordings for certain End Users.By default, Visions™ does not record any keystrokes. This is the recommended setting, but can be changed via the settings page.Visions™ never records password inputs and provides the ability to specify that other elements of your website or application will not be tracked. b. How Do We Collect Information on Users of the Visions™ Service? Automatic Collections of Information. When You use the Service we gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. Information You Provide to Us. You provide us information, including Personal Information or Personal Data, when you communicate with us, including for instance providing your email when you contact support. Collection to Local Storage. We also collect Information through cookies and other technologies as detailed below. c. What are the Purposes of the Collection of Information in the Visions™ Service? Non-Personal Information is collected in order to: Provide Customers and Users with the Service For customization and improvement of the Service. Personal Information and Personal Data is collected in order to: Operate the Service which includes: Contacting Users for the purpose of providing them with technical assistance and other related information about the Service. Replying to User’s queries. Troubleshooting problems, detecting and protecting against error, fraud or other criminal activity. For risk control, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements. To enforce agreements executed with WalkMe and to enforce this Privacy Policy. d. Sharing Information gathered through Visions™ with Third-Parties WalkMe may disclose Personal Information collected through Visions™ only in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to provide Customers with information gathered through the Service by WalkMe on Customer’s behalf; (c) to detect, prevent, or otherwise address fraud, breach of this policy, security or technical issues; (d) to respond to User’s support requests; (e) to respond to claims that any content available through the Service violates the rights of third parties; (f) to respond to claims that Personal Information (e.g. name, e-mail address, etc.) of a third party has been posted or transmitted without consent or as a form of harassment; (g) to protect the rights, property, or personal safety of WalkMe, its Users, or the general public; (h) when WalkMe is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; (i) to collect, hold and/or manage your Personal Information through WalkMe’s authorized affiliates and third-party service providers (for example, Amazon Web Services in the United States), solely in connection with the Service and subject to confidentiality agreement not less stringent than WalkMe’s obligations under this Privacy Policy. Such service provider may be located in a country that does not have the same data protection laws as your jurisdiction. When WalkMe transfers data to a service provider, we seek when practical to transfer data only upon executing an appropriate agreement and/or after the certification of the service provider under the E.U.-U.S. Privacy Shield and/or with service providers that are located in a country recognized by the E.U. Council as providing adequate protection; or (j) pursuant to your explicit approval prior to the disclosure. For avoidance of doubt, WalkMe may transfer Personal Information to its affiliates which shall be obligated with the same restrictions as agreed with the Customer and as specified in this Privacy Policy. e. Modification or Deletion of Personal Information Gathered Through Visions™ Users may have a legal right under certain applicable laws (for instance if the User is an E.U. citizen) or under Controller’s (as defined in the General Section) privacy policy to receive, rectify, erase, and restrict Personal Information about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users may also have the right to withdraw consent to processing for statistical and research purposes. If, for any reason, a User wishes to modify, delete or retrieve his/her Personal Information, s/he may do so by contacting the applicable Controller (as defined in the General Section) (e.g. the provider of the platform on which the Visions™ is operating). The Controller shall perform the necessary process to identify the User as a User who has a the right to retrieve the specific information and then furnish to WalkMe the data required to be amended, deleted or retrieved together with a specific identification of the User and data (as shall be applicable for the specific Service provided and the requested data – for instance IP address and time of uploading the information to WalkMe’s servers (IP address is not enough for an identification of User or data)). WalkMe cannot retrieve data without a specific identification of User and data. WalkMe may not be able to delete, amend or retrieve User’s information without the Controller’s instructions and authorization. Please note that Personal Information may be either deleted or retained in an anonymized manner (i.e. without being linked to any identifiers or Personal Information or Personal Data) depending on technical commercial capability. Such anonymized information may continue to be used by WalkMe for the purpose of operating the Service. For any request or question regarding deletion or amendment of User data, you can contact us at the contact details listed in the General Section and we shall make efforts to respond and support your request. f. Data Retention – Visions™ Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. WalkMe shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of WalkMe’s trade secrets. Visions™ sessions are stored for a short period of time on our database, after which they are moved to a secure S3 storage on amazon AWS. WalkMe will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. Unless otherwise agreed in writing with the Customer, after a request from the Customer to delete any data an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once initiated, this process cannot be reversed and data will be permanently deleted. Type Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration Backups 30 days Logs 365 days Data in Analytics Platform 90 days However, some data will not be deleted and shall be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by WalkMe. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy. g. Cookies & Passive Collection and Opt Out – Visions™ Cookies are small data files placed on your computer by the Service and the emails you read and can be used to help recognize you when you return to a website, or when you visit other sites. We, or third-party service providers, may use cookies to measure activity, personalize your experience, remember your viewing preferences, or track your status or progress when accessing the Service. Visions™ cookies retain randomly generated identifiers and End User’s referring URL. In particular, cookies are used to maintain a coherent scope for an End User’s session across multiple pages on a single website. These cookies do not track the same user across unrelated domains. Visions™’ cookies are deleted automatically within one year. Local Storage is a standard facility provided by HTML5 compliant browsers used to retain data on your computer across visits to the same website. We use local storage as a temporary holding area for user events that were observed locally but, due to the timing of a page unload, were unable to be transmitted as part of the user session. Return visits to the same website read and transmit events previously stored in local storage to complete previously recorded sessions. If an End User wishes to prevent all websites using Visions™ from recording his/her activity, s/he can opt out. Opting out will create a cookie that tells Visions™ to turn off recording. The presence of this cookie is required to continue opting out, so if a User clears its browser cookies, s/he will have to opt out again. If you so choose, you can set your browser to reject cookies or you can manually delete them individually or delete all of the cookies on your computer by following your browser’s help file directions. Note that turning off cookies may also disable functions of many sites you visit. If your browser is set to reject cookies or you manually delete cookies, Visions™ will not be able to combine your anonymous user identity automatically into sessions across pages on the same website. Visions™ could in principle combine your user identity across pages of a single site even if you are blocking cookies if (1) you are logged into the website of a Customer and (2) that Customer uses the JavaScript API to identify that you are using an application unique identifier. We may use standard internet technology, such as web beacons and other similar technologies, to track your use of the Customer’s website. We also may include web beacons in email or InApp messages to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer visitors to the Website to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming or other activities. Some web browsers may transmit Do Not Track signals to websites with which the browser communicates, telling the Service not to follow its online movements. Because of differences in how web browsers interpret this feature, it is not always clear whether Users intend for these signals to be transmitted, or whether they are even aware of them. Therefore, WalkMe’s website currently does not respond to such Do Not Track signals. h. Third-Party Software/Service We may use third-party software and/or services, in order to collect and/or process the information detailed herein. Such software includes without limitation Amazon Web Servers in the United States (for data storage), which privacy policy is available at: https://aws.amazon.com/privacy/; Google Analytics (for statistical data gathering) which privacy policy is available at: https://www.google.com/policies/privacy/; Intercom (for communicating with Users) which privacy policy is available at: https://www.intercom.com/privacy; Stripe (for billing processing and management) which privacy policy is available at: https://stripe.com/us/privacy; Heap Analytics (for statistical data gathering) which privacy policy is available at: https://heapanalytics.com/privacy; BugSnag (for system performance monitoring) which privacy policy is available at: https://docs.bugsnag.com/legal/privacy-policy/; MailChimp (for communicating with Users) which privacy policy is available at: https://mailchimp.com/legal/privacy/. i Questions, Contact Information and Complaints If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at the following address and we will make an effort to reply within a reasonable timeframe. Please do not hesitate to contact us: legal@walkme.com or 1-855-4WALKME. WalkMe Inc, 350 mission st., FL. 26, San Francisco, CA 94105, USA Or contact WalkMe’s Data Protection Officer at: David Sussely David.su@walkme.com WalkMe Inc, 350 mission st., FL. 26, San Francisco, CA 94105, USA