Last updated: April 21, 2022
a business customer, a business partner that has a contractual relationship with us, or a prospective customer that is yet to be engaged in a contract with us (“Customer”); and/or
Customers using our software, application, API and related Services (“User”); and/or
Members of our network that are engaged in a business collaboration with us (“Partners”); and/or
End Users of a Partner who has agreed to use our dedicated SDK for purposes of facilitating Services (“End Devices”).
Is Nimble Controller or Processor?
When providing the Services, Nimble serves as a Data Processor, and the controllers are the Partners on one hand and the Customers on the other.
With respect to the API Application and Website (i.e. with respect to Visitors and Users), Nimble is a Data Controller.
For the purpose of this policy, the “Service(s)” shall include any software licensed by the Company, application, API, SDK, or related services provided through such software, application, API, SDK, including updates, enhancements, new features, support or communication. Specifically, the Services include our API Application made accessible upon approval and screening process to Customers (“API Application”).
Special jurisdictions and data protection regulations
Data Protection Officer and Contact Options
Please include sufficient details about your inquiry or request, in order to allow us to verify your request and address it.
Changes, updates and modifications
Personal Data we Process
1. Type of data. Depending on your interaction with us, meaning, if you are a Visitor who just browsing our Website, or if you are a User who maintains an account in our API Application, a business Partner or Customer, or an End Device installing our software, we may collect one of two types of information about you, your device or your chosen activities with us:
- Non-Personal Information/Data: The first type of information is non-personal and non-identifiable information that cannot personally identify or lead to identifying a natural person. For example, statistics or aggregated information, or any other type of data that can no longer be attributed to you. Non-Personal Information which is processed may include aggregated usage information and technical information transmitted such as (but not limited to): the type of operating systems, type of browsers, language preferences, and approximate geo-location (country level).
- Personal Information/Data: The second type of information is information that identifies you as a natural person, or that may be used, either alone or in combination with other information, to personally identify you as a natural person. Such information may include, for example, a first and last name, an email address, phone number, a home or other physical address, and other contact information. In addition, in some jurisdictions (such as the EU for example), and given the specific use we make with the information, an IP address, device ID and cookies are considered Personal Information as well (“Personal Information”). The table below details the Personal Information processed by us.
You are not obliged by law to provide us with any information. You can always avoid providing us with certain Personal Information; and if you gave your consent to process certain Personal Information, you cannot always ask to withdraw such consent. However, you acknowledge that it may prevent us from providing certain Services.
In the event we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
2. Personal Data of Visitors of the Website
a. Contact details: if you contact us for support, feedback or other inquiries, requests, or questions either through an online form available on the Website, by sending us an email or by other means of communication we make available (such as submitting a bug report or filling in a survey) you will be requested to provide us with your name, your email address, and the subject matter of your inquiry.
If you want to become a business Partner or a Customer through our Website, you will be asked to provide us with your full name, business email address, company, website URL, phone number and country.
We will use this information for our legitimate interest and solely for the purpose of responding to your inquiries and providing you with the support or information you have requested. We retain such information for as long as needed to provide you with the inquiry requested or as required under applicable law.
b. Subscription: If you voluntarily subscribe to our beta program, email communications or newsletter, you will be asked to provide us with your email address. You can unsubscribe at any time using the unsubscribe option within the body of the email sent to you or rather by contacting us directly at: firstname.lastname@example.org.
We will use your email address in order to send you information related to our Services, our beta program or the subject matter regarding which you reached out to us or submitted your email address.
c. Online Identifiers: We process IP addresses, cookies, pixel tags and a user agent (namely, your browser’s type, version, language, and country).
We may either directly or indirectly collect our Visitors’ Online Identifiers. Such processing is subject to your consent which is obtained through the cookie notice displayed on our Website in which you can accept, decline or set your preference. Necessary cookies will be used as part of our legitimate interest and for purposes of the Website’s functionality.
In certain cases, and upon your consent, third-party cookies and tags will be used for advertising, marketing and retargeting purposes of the site or Services.
Device Information: we may collect certain information about the device from which you access the Website or Services, such as type (mobile/desktop).
Based on your consent, and in certain cases, our legitimate interest, we may process device information for compatibility purposes, and to uniquely connect your device with a license key of a software product you purchased.
e. Online activity: We also collect certain technical information which relates to your use of the Website such as your click stream, type of browser, time and date, etc. We use this technical data in order to operate and manage our Website.
f. Job Application: In the event that you are interested in joining our team, and wish to submit your CV, you will be required to provide us with your name, email address, phone number and your CV file. Options to submit links to your website or LinkedIn profile are also available.
Your provision of personal information in connection with recruiting is voluntary, and you determine the extent of information you provide us. We do not request or require sensitive personal information concerning religion, health, sexual orientation, or political affiliation in connection with recruiting. We will use the information you have provided solely to communicate with you, manage our recruiting and hiring processes, and comply with corporate governance and legal and regulatory requirements. If you are hired, the information may be used in connection with employment and corporate management.
3. Personal Data of Customers, Users and Partners
In addition to the Visitor information described above, the following may be processed about Users or Customers:
a. Work contact details. If you are a Customer or a prospective one, we may retain your full name, contact details and work information (such as role, title and company) for purposes of communicating with you, and at times, for the preparation of a contract and a Customer account maintenance.
b. Authentication and authorization. If you are an approved Customer you will receive access from us to our API Application. For authentication purposes, you will have to set up your own password. Your work email address is used as your username.
c. Account information. when you open an account with us, to access our API Application, you will be requested to provide us with certain information such as your full name, email address and any other information you choose to make available in your user account.
d. Analytics and Dashboard. the Services include a dashboard via which you can track and manage your activity with us. This information is presented in a statistics manner, based on the activity logs’ aggregation.
e. Usage data. In order to provide the Services, operation, maintenance and improvement of the Services, so as to monitor, screen and protect against abusive use of the Servies, we will process an online activity log, metadata of your activities via the Services (such as timestamps, target and origin IP addresses, (root)domain and geo-information), and metadata that is otherwise required, such as segment, country, length, size of data packets.
How we collect or process Personal Data
Depending on the nature of your interaction with us and the Services, we may collect information as follows:
- Provided by you directly– we will collect information if and when you choose to provide us with the information, such as through a registration process, form submission, authentication, contact us communications, payment process, etc.
Lawful basis for processing
In addition to the lawful basis explained respectively to each data processing activity above, we would like to explain the general lawful bases for processing your personal data (as defined under the General Data Protection Regulations “GDPR”):
- When Visitors access our Website, we collect certain online identifiers for purposes of Website and services functionalities, and at times, for purposes of advertising and marketing our Services; such online identifiers are processed subject to the Visitors’ consent to our Cookie Notice, otherwise, we will not process personal data from such Visitors; We will process necessary cookies regardless of a Visitor active consent, as part of our legitimate interest and Website’s functionality necessities.
- When a Visitor or a User signs up for our Services and opens an account with our API Application, we process personal data associated with such account management and protection. In which case, we will do so based on the User’s or Visitor’s consent, given at the point of account registration. We will also use the email address for purposes of updates, notification and information regarding the Services based on consent, or, our legitimate interest as the case may be.
- Upon consent or legitimate interest, as the case may be, we will use certain contact information for purposes of direct marketing.
- When an End Device installs one of our software products, we may process certain information regarding consent, activity log and online identifiers, based on their consent given to our Partners or directly to us.
- If you are a Customer, we will process your personal data to fulfill our contractual agreement, or, to prepare for such, including, reaching out to you as a potential Customer for purposes of offering our Services and negotiating terms and conditions with you. This would be based on our legitimate business interest, and later, contract-based.
- In certain cases, we may have to process personal data to prepare for a legal claim, or as otherwise be required by applicable laws, including data retention for demonstrating compliance with regulatory requirements.
In any other case, we will also process your personal data where you have provided us with consent to do so, or, where we have a legitimate interest and are not overridden by your data protection interests or fundamental rights and freedoms, such as when we use the data in order to provide the Services, or when used for anti-fraud purposes.
Cookies and web technologies
- A Cookie is a small piece of a file that a website assigns and stores on your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes such as allowing you to navigate between pages efficiently and making the interaction between you and our Services quicker and easier.
Retention of Data
1. Generally followed by retention principles. As a general rule, we strive to follow the following retention principles, wherever possible or allowed:
- Storage Limitation, meaning we retain Personal Data for no longer than necessary to achieve the purpose for which it was originally processed/or collected.
- Local storage accessing vs. server transfers.
- If the retained data pose any long-term risk to individuals’ privacy we may use pseudonymization forms, or designed our retention structure in a decentralized manner.
- We delete Personal Data that is no longer necessary, or that is subject to an executable and verifiable erasure request by the data subject.
- We use secure hosting, processing and securing vendors which specialize in data protection and information security.
3. Users. We retain your Personal Data as long as you maintain the account (and respective engagement) with us. In some cases, and subject to local applicable legislation, we may have to retain some information for a longer period.
4. Customers and Partners. We retain your Personal Data for as long as you didn’t ask us to delete such data, via third-party CRM vendors.
2. As a Data Controller, we use it as a principle, to share Personal Data only as required to operate, maintain, provide and secure the Services. Below you can find the categories of third parties with whom we share Personal Data (whether directly, or using them to process Personal Data as part of a service they render to us). If you are a resident of Canada, California, the UK, the EU or the EEA, you may also reach out with a direct request to learn more about the third parties who process your Personal Data on the virtu of providing us their services.
a. Service providers: we may share your information with third parties that perform services on our behalf, such as storage, host, features providers, payment processors, analytics services, servers, service functionality, customer support, marketing and advertising. These third parties may be located in different jurisdictions; We require each to maintain adequate measures of information and privacy protection as required by applicable law. Examples:
- Cloud hosts
- Analytics tools
- Authentication and authorization vendors
- Consultants and advisors
- Marketing and advertising services
b. Business Partners who combine their technological features with us may have access to certain Personal Information about your usage, as collected from you. In these cases, you will always be able to check their privacy policies before using the combined services.
c. Our affiliated companies. We may disclose Personal Information to any current or future affiliated company, parent companies, or subsidiaries to process for the purposes described in this Policy. Affiliated companies are companies controlling, controlled by, or under common control with us.
d. Legal Disclosure, Policy Enforcement, Third Party Rights: We reserve the right to disclose your personal information if required by law and/or to comply with a court order or similar legal process or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
e. Business Transitions: if we become involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
- We implement organizational and technical measures to protect the Personal Data of Visitors, Users, Customers and Partners, at transport and at rest. We also maintain principles of Data Minimization and Storage Limitation to minimize risks and threats resulting from an external attack.
- We periodically review our information and data collection practices to ensure constant monitoring and safety, we use third-party processing and serving services that implement various information security standards and we monitor and filter access to data when it comes to personnel in our organization.
- Such systems and procedures reduce the risk of security breaches, but they do not provide absolute security, as there is no such thing when it comes to the worldwide network. Therefore, we cannot guarantee that the Website, our servers and our Services are fully immune to unauthorized access to the information stored therein and to other information security risks.
- If you have any questions about the security of the Site or Services, you can contact us at email@example.com, or refer to our:
- Information Security Highlights
- OWASP top 10 risks testing standards
- We may store or process Personal Information in a cloud or on servers based in Ireland and Canada or in other countries. If you visit our Website or use our Services from locations outside of Ireland or Canada, please note that any information you provide to us through your use of our Website or Services may be transferred to and processed in countries other than the country from which you accessed our Website or Services, including Ireland and Canada, where our central database is operated.
- We will take the necessary steps to ensure that international transfers of Personal Information meet all requirements under applicable data protection laws. When Personal Data collected within the European Economic Area (“EEA”) is transferred outside these jurisdictions, we will take the steps necessary to ensure that the transfer of such data provides sufficient safeguards, and you may exercise your rights, where applicable, to receive information on such transfer mechanisms.
- Personal Information transferred outside the EEA is transferred for processing by AWS on its servers in the United States, and among the Company’s affiliates, in both cases pursuant to standard contractual clauses published by the European Union on June 2021, and any standard agreed-upon solution post-Schreme II.
- If you would like to understand more about these arrangements and your rights in connection therewith, please contact our Data Protection Officer at: firstname.lastname@example.org.
Data Subjects Rights
1. If you are a resident of California (or the USA in general), the relevant section in our CCPA Statement applies to you.
2. If you are a resident of the EU, EEA or the UK, the following applies to you: Individuals have the following rights, when we are the Data Controller of their data. Otherwise, for cases we are the Data Processor, please seek to exercise your privacy rights directly with your data controller.
a. Right of access: You may ask us to access any Personal Data held about you.
b.Right to rectification: You have the right to ask us to correct the information we hold about you. This option will be available to Users via their account settings.
c. Right to erasure: You may ask us to delete your information or to stop using it. We can only do this when possible, and as allowed by applicable laws. Sometimes we need your information to complete a transaction based on an action you made, comply with the law (such as taxes laws) or simply provide you with the Services.
d. Right to the restriction of processing: You may ask us to temporarily cease the processing of your Personal Data, or, for a specific purpose or function. Please note that this too might cause us to not be able to provide you with the Products and Services or part thereof.
e.Objection to processing: You may request us to stop processing your Personal Data. Similar exceptions as mentioned above will apply to such a case as well.
f. Right to data portability: You may contact us to request an export of your Personal Data in a reusable format, or to directly transfer such data to another vendor offering related services;
g. Right to withdraw consent: Where you have given us your consent to use your information for a specific purpose, you may, at any time, decide to withdraw your consent and we will then stop using your information for that purpose, under the exceptions listed above.
h. Right to lodge a complaint: If You live in a country where the EU or UK GDPR applies (e.g. the EU, EEA or UK), you may lodge a complaint with the authority responsible for protecting Personal Data in your country of residence, if you believe that your rights have not been respected by us. In such a case, you are welcome to reach out to us first so we will be able to help you with such a matter, at email@example.com.
3. Exercising your rights. for more information about your rights regarding your privacy, and in order to exercise your choices and controls in connection with our treatment of your Personal Information, please reach out by email for more information or request regarding your Personal Information, at firstname.lastname@example.org.
If we are unable to provide you with the information you asked for, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisor’s authority.
Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
If you are under 16 years of age, you are not permitted to use this Website or our Services. If you are a minor, or a parent of a minor, who has a good reason to believe that we process the Personal Information of a Minor as a Data Controller, or a Data Processor, please reach out to us with the necessary verification information so we will take an action to immediately resolve and remove any such information from our systems.
For questions an inquiries you can reach out ot us by email at: email@example.com, or by post to: Yigal Alon St 114, Tel Aviv-Yafo, 6744320, Israel.
California Consumer Privacy Act (CCPA) Notice
Last Updated: April 22, 2022
We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
This statement refers to the information collected, either automatically or as submitted by you, when you access, use or visit our Website, consume the Services or when you are an end-user of one of our Partners, or otherwise engage with us.
1. Categories of Personal Information collected about you
2. Sharing Information
a. We do not sell your Personal Information or share it for monetary gain. We may disclose your Personal Information to a third party for business purposes. When we do so, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for performing the contract.
b. In the preceding twelve (12) months, we have shared the following categories of personal information for a business purpose:
|Category||Third Party and Business Purpose|
|All categories||Our hosting, processing, infrastructure and security service providers in order to provide, facilitate, process and secure our App and Website, the data and our services|
|Contact Information/ Customer Relation Management Data||CRM and mailing list platforms|
|Internet and network data||Service providers, web platforms, analytics services and online marketing platforms|
|Cookies and certain online identifiers||Analytics, statistics, understanding how Visitor use the Website|
3. Your Rights
The CCPA provides consumers who are California residents with certain rights regarding their Personal Information. Below we describe your CCPA rights and explain how to exercise those rights:
3.1. Access to Certain Information and Data Portability Rights
You have the right to request us to disclose certain information to you about our collection and use of your personal information over the past 12 months. You can make a request to us as described below. Once we receive and confirm your verifiable consumer request, we will disclose the information you have requested, which could be one of the following types:
- The categories of personal information we collected about you;
- Sources for the personal information we collected about you;
- Our business or commercial purpose for collecting that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you (also called a data portability request);
- If we sold or disclosed your personal information for a business purpose.
3.2. Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and about you, and retained, subject to certain exceptions (see below). When applicable, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with a customer/you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (CalOPPA);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation;
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
3.3. Exercising your rights and choices
- To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us by email to: firstname.lastname@example.org or directly via the account you maintain with us, if you are a business customer.
- Please be advised that depending on the type of request you make, certain exceptions may apply according to the applicable legislation, and we reserve the right to exercise those, when applicable.
- Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child;
- You may only make such a request for access or data portability twice within a 12-month period.
The request must:
- Be made by a registered California resident, or someone on their behalf;
Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of yours;
- Describe your request with sufficient details which will allow us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with any personal information if we cannot verify your identity or authority to make the request, and confirm that the personal information relates to you;
- Making a request does not require you to create an account with us if you do not already have one. We will only use personal information provided in a verifiable consumer request to verify the identity or authority to make the request.
3.4. Response Timing and Format
- We strive to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
- If you do not have an account with us, we will deliver our written response to you by email. Any disclosures we provide will only cover the 12-month period preceding your verifiable request. The response we provide will also explain the reasons we cannot comply with a request if that is the case.
- For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
- We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
5. Do not Track Signals
Do Not Track is a privacy preference that can be configured in certain web browsers (the “DNT Feature”); the DNT Feature, when enabled on a web browser, signals the websites you visit that you do not want certain information about your visit collected. We do not currently respond or recognize DNT Feature signals.
6. Changes to this Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you as per the notification mechanism described in our Policy or as otherwise required by applicable laws.
7. Contact Information
If you have any questions or comments about this privacy notice or Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: email@example.com.