Last updated: March 10, 2020
WHALLER ensures that your personal data is processed in accordance with the following principles:
Specific purpose of processing
Personal data is only collected to ensure and improve the operation and use of the site and to provide you with optimal service.
Further purpose of processing
WHALLER does not sell its member databases and does not in any way market the information relating to site users.
Minimization and Proportionality
WHALLER only collects adequate, relevant and strictly necessary information for the proper functioning of the site (data relating to your profile, contact form, connection and navigation statistics).
WHALLER never collects data without your knowledge that reveal, directly or indirectly, racial or ethnic origins, political, philosophical or religious opinions, trade union membership, individual health or sex life.
WHALLER does not keep information about you beyond the time necessary to achieve the purposes for which it is collected and processed.
Transfer outside the European Union
WHALLER does not transfer personal data outside the EU. WHALLER data is stored at OVHcloud on servers located in Roubaix (France).
WHALLER takes all necessary precautions to preserve the security of data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.
WHALLER never discloses your information outside of third parties authorized by the law. However, WHALLER invites you to consult the privacy policies of the services it uses or the links present on the site.
You also have the possibility to manage your visibility in your account settings.
Note for citizens of the European Union and the United Kingdom
The purpose of this notice is to provide information about how Whaller SAS ("We" or "Our"), collects, uses and distributes the information we obtain from you. No part of this notice shall be construed as a modification that affects the terms and conditions of any form of transaction between you and Whaller, except to the extent that such terms and conditions are inconsistent with the European Union's General Data Protection Regulations and the equivalent of such regulations in the United Kingdom and any other applicable jurisdiction.
Whaller collects certain information about its users. This notice explains what information is collected, how it is used, what third parties have access to it, and how you can ask us not to collect, hold or use this information, and how you can remove this information from our servers.
Please see below:
What personal information we collect
What impersonal information we collect
A list of the third parties that receive the information you provide us with and their contact information.
Instructions to show you how you can exercise your right to ask us to forget your personal information.
What personal information do we collect?
We collect all information that you enter in a text field on the whaller.com domain name (the "website") such as the "Profile" field. This excludes any conversations you may have in spheres and organizations within Whaller.
We retain the information you enter when you create an account, with the exception of your password. This information is collected in order to allow you to log back into our service, provide customer service more easily and respond to our users' requests more quickly. You can change this information at any time from your Whaller profile.
We collect the IP addresses of our users. An IP address is a non-static identifier that allows us to know, approximately, in which geographical area our users are located.
We use this information to obtain information about the number of Whaller users per country. We do not share your IP address with others, however, our web host will also know your IP address to allow you to connect to the website from your IP address and to prevent distributed denial-of-service attacks, which are attacks caused by a very large number of users connecting to the website at the same time.
You can ask us to delete this data, but we may keep some of it, such as the number of users who have decided to close their Whaller account. You may also ask us to delete all data that we have or may have about you.
What impersonal information do we collect?
Impersonal information is information that does not allow us to identify you personally. It helps us to understand potential errors that may have occurred on Whaller.
We collect information such as the number of visitors to our website at any given time, the length of sessions on our website, and actions taken on our public website. This information is collected by the website and provided anonymously to our open-source web analytics solution provider Matomo (https://matomo.org).
We combine the information we have in order to improve the efficiency of our customer service, sales and marketing, as well as our product whaller.com.
Which third parties have access to your data?
Whaller uses customer relationship and support software called Intercom (intercom.com). We use this software in order to respond to your requests and provide you with information about Whaller as quickly as possible.
We also use Pipedrive to facilitate our customer relations and sales efforts.
How do you ask us to delete the data we hold about you?
In accordance with the provisions of the General Data Protection Regulation, the Customer and Users may withdraw their consent, and exercise their right to access, query, modify, oppose, correct, delete, portability of data concerning them or define the fate of their data after their death by sending their request in accordance with the following procedure: (i) written request signed by the User to which a photocopy of an official identity document is attached; (ii) request sent to WHALLER at the following address: 3 rue Salomon de Rothschild, 92150 Suresnes, France. They may also directly contact the Data Protection Officer appointed by WHALLER at the same address or by email at firstname.lastname@example.org.
Security and confidentiality of personal data
WHALLER ensures the security of your information in order to prevent it from being distorted, damaged or accessed by unauthorized third parties.
However, it is your responsibility to protect the security of your account, username and password.
WHALLER advises you to choose a password with a minimum of 9 characters made up of at least 3 different types of characters from among the existing ones (uppercase, lowercase, numbers and special characters).
If you think that someone else knows your password or has changed it, go to the "Account settings" section and reset it so that no one else can access your account. Similarly, if you think that a third party can access the email address associated with your WHALLER account, you should also change the password for this address.
In addition, it is your responsibility to control the visibility of the information concerning you and distributed in your spheres.
GDPR compliance roadmap
Inventory of the impact of the GDPR on our product and processes - DONE
Appointing a Data Protection Officer - DONE
Make the necessary changes or improvements, or check the conformity in our product:
Explicit collection of consent - DONE
Opt-out - DONE
Right to be forgotten - DONE
Data deletion - DONE
Data portability – BENG FINALIZED
Make the necessary changes or improvements in our processes:
Process mapping - DONE
Warranty forms sent to our suppliers (Intercom, Rackspace, Pipedrive, Matomo and New Relic) – IN PROGRESS
Publish GDPR compliance documentation (this article) - DONE