Waitwhile wholeheartedly support the privacy rights of our customers and our users and have fully implemented the required steps for GDPR compliance. Those include:
Review of the data we collect, as well as the reasons for why we collect it
Updated processes for getting consent from users
Updated processes for deletion and exporting of personal information
Appointing a Data Protection Officer and EU representative.
Minimization of data retention and de-personalization of data where possible and/or required.
Coordination with our vendors to make sure everyone is ready for GDPR.
Waitwhile is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
As a Data Controller, Waitwhile is responsible for safeguarding the data of our customers as they interact directly with our services.
As a Data Processor, Waitwhile is responsible for safeguarding the data of our partners' and customers' users as it flows through our system.
As a Waitwhile customer or partner, you are a Data Controller and Waitwhile is acting as your Data Processor for your users. In this respect, you’ll want to take the following steps to comply with GDPR:
If you have customers in the EU or need to be GDPR compliant, you may additionally request to sign our Data Processor Agreement. This is valid for both customers and partners. See below about our DPA.
Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
Be thinking about how you’ll handle consent. You should not store or work with users' data without proper consent.
If you are a partner or a customer who needs further documentation of compliance with Waitwhile acting as a Processor (for example, as a customer who processes their own user's data through Waitwhile or as a partner who integrates directly with Waitwhile) you can sign our DPA by contacting us at firstname.lastname@example.org.