Whichit - Data Protection
General Data Protection Regulation (GDPR)
We regularly review how we can most securely store your data. We protect it in three key dimensions:
What we’re storing:
Information collected by Whichit varies by user type.
End-users (website visitors) populate anonymous behavioural data profiles built upon the preference of one choice over another. Information captured as preferences never contains any personal information.
If the end-user submits a lead generation form to a business user, Whichit behaves as a data processor in distributing personal details to said business (email addresses, phone numbers, names, etc) alongside a strict and transparent consent declaration (should it be required by the user’s local data protection laws).
Users of Whichit’s business platforms (e.g. Whichit for Advertisers) submit their personal information while registering to their respective platforms. This information contains email addresses, business names, billing addresses, VAT numbers and payment details. This information is used under the legal base of legitimate interest and is used to communicate with business users and invoice them based on their performance.
Non-business users (Whichit Social App)
Users who register to the Whichit App via iOS, Android or on the web submit their personal details as part of a simple registration process. This information can include full names, email addresses, birthdays and gender. The information captured by the Whichit Apps is used to provide services, communicate with users and monitor system activities under the legal base of legitimate interest.
How we're storing it:
We encrypt your data both at rest and in transit, and our site and storage processes are architected for security.
Who can access it:
We have extensive internal access controls and regulations for the Whichit team, who only have access to data under limited conditions, and have all been security checked.
We follow the principles of the General Data Protection Regulation of May 2018. We have a designated Data Protection Officer, and accountability and privacy are principles that are designed into both our software and policies.
Our core compliance with the act means we:
- Have full awareness of where any of your data is being held & when outside the EU, ensuring appropriate compliance is in place.
- Ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.
- Ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.
- Ensure that consent is given during registration for all that use Whichit and allowing them to withdraw this at any time.
Our Data Protection Officer is on hand should you have any concerns or issues, they can be contacted at firstname.lastname@example.org
Frequently asked questions
Are you compliant with the GDPR?
Based on our self-assessment and that of our Data Protection Officer we are compliant.
Who is the official Data Protection officer for your organisation?
Yarden Jacobson. You can contact him via email@example.com.
How long do you retain our data?
By design, data is stored indefinitely within the Whichit database, though users are given full granular control over what data is held within the system and said users are free to remove or amend their details at any time.
Where is our data held?
Within the EU.
If we were to ask you to remove all personal data we have provided you, would you be able to do that in a timely fashion?
Of course – please email firstname.lastname@example.org.
Do you have a process in place for reporting personal data breaches to affected customers and the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it?
Yes, we do.
Last updated: May 2018