Articles on: Legal
This article is also available in:

Privacy Policy and GDPR Compliance

Last updated: March 10, 2020

WHALLER ensures that your personal data is processed in accordance with the following principles:

Specific purpose of processing
Personal data is only collected to ensure and improve the operation and use of the site and to provide you with optimal service.

Further purpose of processing
WHALLER does not sell its member databases and does not in any way market the information relating to site users.

Minimization and Proportionality
WHALLER only collects adequate, relevant and strictly necessary information for the proper functioning of the site (data relating to your profile, contact form, connection and navigation statistics).

Sensitive data
WHALLER never collects data without your knowledge that reveal, directly or indirectly, racial or ethnic origins, political, philosophical or religious opinions, trade union membership, individual health or sex life.

Retention period
WHALLER does not keep information about you beyond the time necessary to achieve the purposes for which it is collected and processed.

Transfer outside the European Union
WHALLER does not transfer personal data outside the EU. WHALLER data is stored at OVHcloud on servers located in Roubaix (France).

Data security
WHALLER takes all necessary precautions to preserve the security of data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.

Data confidentiality
WHALLER never discloses your information outside of third parties authorized by the law. However, WHALLER invites you to consult the privacy policies of the services it uses or the links present on the site.

You also have the possibility to manage your visibility in your account settings.

Note for citizens of the European Union and the United Kingdom

The purpose of this notice is to provide information about how Whaller SAS ("We" or "Our"), collects, uses and distributes the information we obtain from you. No part of this notice shall be construed as a modification that affects the terms and conditions of any form of transaction between you and Whaller, except to the extent that such terms and conditions are inconsistent with the European Union's General Data Protection Regulations and the equivalent of such regulations in the United Kingdom and any other applicable jurisdiction.

Whaller collects certain information about its users. This notice explains what information is collected, how it is used, what third parties have access to it, and how you can ask us not to collect, hold or use this information, and how you can remove this information from our servers.

Please see below:

What personal information we collect

What impersonal information we collect

A list of the third parties that receive the information you provide us with and their contact information.

Instructions to show you how you can exercise your right to ask us to forget your personal information.

What personal information do we collect?

We collect any information you enter in a text field or via an image or file upload button on the domain name or a white-labeled platform-specific domain name (the "Website") or on the Whaller mobile application or on a white-labeled Whaller mobile application ("Mobile Application") to Whaller such as the "profile" field, a message or an image associated with your account.

We retain the information you enter when you create an account, with the exception of your password. This information is collected in order to allow you to log back into our service, provide customer service more easily and respond to our users' requests more quickly. You can change this information at any time from your Whaller profile.

We collect the IP addresses of our users. An IP address is a non-static identifier that allows us to know, approximately, in which geographical area our users are located.

We use this information to obtain information about the number of Whaller users per country. We do not share your IP address with others, however, our web host will also know your IP address to allow you to connect to the website from your IP address and to prevent distributed denial-of-service attacks, which are attacks caused by a very large number of users connecting to the website at the same time.

We may collect, with the user's consent, the phone's contact list on the Whaller mobile application or on a white-label Whaller mobile application ("the mobile application"). This list is used solely to propose a list of people to invite.

You can ask us to delete this data, but we may keep some of it, such as the number of users who have decided to close their Whaller account. You may also ask us to delete all data that we have or may have about you.

What impersonal information do we collect?

Impersonal information is information that does not allow us to identify you personally. It helps us to understand potential errors that may have occurred on Whaller.

We collect information such as the number of visitors to our website at any given time, the length of sessions on our website, and actions taken on our public website. This information is collected by the website and provided anonymously to our open-source web analytics solution provider Matomo (

We combine the information we have in order to improve the efficiency of our customer service, sales and marketing, as well as our product

Which third parties have access to your data?

Customer relationship:
Whaller uses a customer support software called Crisp ( We use this software to respond as quickly as possible to your requests and to provide you with information about Whaller.

We also use Pipedrive to facilitate our customer relations and sales efforts.

New Relic allows us to analyze the performance of the Whaller platform. In order to do so, New Relic collects information such as your browser version, Javascript errors or page response time. However, New Relic does not receive any personal data from Whaller under any circumstances.


Whaller uses cookies. Cookies are small pieces of information that are communicated to your browser so that our website remembers that you are the same person across different pages. If you do not wish to receive cookies, please contact us at the address below.

How do you ask us to delete the data we hold about you?

In accordance with the provisions of the General Data Protection Regulation, the Customer and Users may withdraw their consent, and exercise their right to access, query, modify, oppose, correct, delete, portability of data concerning them or define the fate of their data after their death by sending their request in accordance with the following procedure: (i) written request signed by the User to which a photocopy of an official  identity document is attached; (ii) request sent to WHALLER at the following address: 3 rue Salomon de Rothschild, 92150 Suresnes, France. They may also directly contact the Data Protection Officer appointed by WHALLER at the same address or by email at

Security and confidentiality of personal data

WHALLER ensures the security of your information in order to prevent it from being distorted, damaged or accessed by unauthorized third parties.

However, it is your responsibility to protect the security of your account, username and password.

WHALLER advises you to choose a password with a minimum of 9 characters made up of at least 3 different types of characters from among the existing ones (uppercase, lowercase, numbers and special characters).

If you think that someone else knows your password or has changed it, go to the "Account settings" section and reset it so that no one else can access your account. Similarly, if you think that a third party can access the email address associated with your WHALLER account, you should also change the password for this address.

In addition, it is your responsibility to control the visibility of the information concerning you and distributed in your spheres.

GDPR compliance roadmap

Inventory of the impact of the GDPR on our product and processes - DONE

Appointing a Data Protection Officer - DONE

Revise our privacy policy - DONE

Make the necessary changes or improvements, or check the conformity in our product: 

Explicit collection of consent - DONE

Opt-out - DONE

Right to be forgotten - DONE

Data deletion - DONE

Data portability – BENG FINALIZED

Make the necessary changes or improvements in our processes:

Process mapping - DONE

Warranty forms sent to our suppliers (Intercom, Rackspace, Pipedrive, Matomo and New Relic) – IN PROGRESS

Publish GDPR compliance documentation (this article) - DONE

Updated on: 27/03/2023

Was this article helpful?

Share your feedback


Thank you!