Whispli has the operational, product, and policy frameworks in place to be compliant with the General Data Protection Regulation (GDPR). This article summarizes the initiatives we completed to achieve GDPR compliance.
Policy Updates & Certifications
General Terms of Use
We updated Whispli's Terms of Use on January 21, 2021 which includes our Data Processing Addendum with the Model Clauses required by the GDPR.
Privacy Policy
We updated Whispli's Privacy Policy on January 21, 2021 to share the specific details of personal data we collect and how we use it. This policy is publicly available on our website.
Cookie Policy
In Whispli's Privacy Policy we explain how we use cookies on our website. We display a banner on Whispli webpages asking users to accept the cookies being used.
ISO 27001 compliant
You can download our certificate here.
Product
Data Collection
We only collect website visitor data when a visitor to a Whispli website has given their explicit acceptance in the cookie banner.
Data Retention
Admin Users can set up your Company's Data Retention policies in your Settings. By doing so, they define the period after which a report is kept after being archived. After expiration of that period, the Report will be completely deleted from our databases and from our backups.
As a consequence, data from Informants can be deleted if they ask you. To do so, you simply need to:
- Change the status of this Report to "Closed" or "Completed" (or any of your custom status of type "Complete");
- Archive the Report;
- Apply a relevant Data Retention Policy you created.
As part of the Audit trail, only relevant excerpts are kept to provide context as to why the report was archived and consequentially deleted. No other information is kept.
Notifications
As a Case Manager on Whispli, you can choose what type of notifications you receive by email, in your Notifications preferences.
Operational Updates
Data Classification, Privacy Impact Assessment, & Security Risk Assessment
We’ve completed a comprehensive audit of our data and assets following the ISO-27001 standard. We’ve also completed our annual security risk assessment to identify and mitigate any risks related to data breaches or other vulnerabilities.
Security & Incident Response Training
All Whispli employees attend trainings on our responsibility regarding security, availability, processing integrity, or confidentiality activities. Additionally, the Whispli team is trained on appropriate incident response procedures in the case of a data breach.
If you have any questions, please don't hesitate to contact us.