Whichit - Data Protection

We regularly review how we can most securely store your data. We protect it in three key dimensions:
 

data2.1-01.png

What we’re storing:


End-users (website visitors) populate anonymous behavioural data profiles built upon the preference of one choice over another. Information captured as preferences never contains any personally identifiable information (PII) and cannot be connected to an individual.

If the end-user submits a lead generation form to a business user, Whichit behaves as a data processor in distributing personal details to said business (email addresses, phone numbers, names, etc) alongside a strict and transparent consent declaration (should it be required by the user’s local data protection laws).

what we store-01-01.png

How we're storing it:


We encrypt your data both at rest and in transit, and our site and storage processes are architected for security.

who can access-01.png

Who can access it:

We have extensive internal access controls and regulations for the Whichit team, who only have access to data under limited conditions, and have all been security checked.

We follow the principles of the General Data Protection Regulation of May 2018. We have a designated Data Protection Officer, and accountability and privacy are principles that are designed into both our software and policies.


Our core compliance with the act means we:

  • Have full awareness of where any of your data is being held & when outside the EU, ensuring appropriate compliance is in place.

  • Ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.

  • Ensure that consent is given, if required, during lead generation for all that use Whichit’s technologies and allowing them to withdraw this at any time.


You can review the exact standards we hold ourselves to via our Privacy Policy and Terms.

Our Data Protection Officer is on hand should you have any concerns or issues, they can be contacted at dpo@whichit.co

FAQ-01.png

Frequently asked questions
 

Are you compliant with the GDPR?
We are fully compliant with the GDPR.


How can I contact the Data Protection Officer for your organisation?
Email dpo@whichit.co.


Where is your data held?
Within the EU.


Do you have a process in place for reporting personal data breaches to affected customers and the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it?
Yes, we do.

 
GDPR Ready Stamp-01.png
ICO logo White bckground--01.png
 

Last updated: January 2020