GDPR and Privacy

Of all the things professionals have to stress about, we aim to ensure Whil’s treatment of the data is not one! 

What's changing with Whil's Privacy Policy?

Whil has released an update to our Privacy Policy which comes into effect starting on May 25th, 2018. Our new policy is more user-friendly and addresses new data regulations (including GDPR). The most significant changes in the new policy are explained below:

• More control over your information. We make it easy for you to control the information you provide to us. Our policy explains how you can make choices about your information, and the measures we’ve put in place to keep your information secure.
• Using our solutions at work. Many users have access to our services through their sponsors (e.g., their employers), who control their accounts or use of our services. The updated policy clarifies our relationship to these users and explains the tools available to administrators of these users.
  
  

What is GDPR, and what is Whil doing to comply?

GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU. Our policy is to respect all laws that apply to our business and this includes GDPR.

• Whil has updated our terms and conditions, registration, and contracting processes to give you greater visibility into what data is collected, how it is used, and the ability to modify or erase information to the full extent legally allowed.
• Whil commits to follow appropriate security measures and precautions in accordance with GDPR to keep your data safe.
• In the event of a data breach, Whil notifies regulators of breaches and promptly communicates to customers and users.
• We will ensure that employees authorized to process personal data have committed to confidentiality.
• We will hold any sub-processors that handle personal data, including our data center partners, to the same data management, security, and privacy practices and standards to which we hold ourselves.
• Whil has provided a seamless request portal for individuals to access any data we may currently process or store.
• Whil carries out regular data impact assessments and consults with EU regulators to minimize threats of data breaches. 
• Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.

How does Whil Respond to Data Processing Requests from a customer or user?

Whil has established a portal to facilitate all requests related to data subject's individual rights specified in the EU's General Data Protection Regulation (GDPR). An individual with an established relationship with Whil will have the ability to submit the following requests:

• Data Access Request - access any of your personal data Whil currently processes or stores.
• Data Correction Request - correct any of your personal data that Whil currently processes or stores.
• Data Portability Request - export your personal data from Whil
• Data Processing Restriction Request - withdraw your consent for Whil to continue processing your personal data.
  Data Removal Request - erase or permanently delete any of your personally identifiable data Whil currently processes or stores.

Please select the here to submit a data processing request to Whil.

Do you offer your customers a Data Processing Addendum?

Yes! The Whil Data Processing Addendum is available upon request. To obtain a copy of our DPA please reach out to support@whil.com

How does Whil secure my data?

We have implemented additional organizational and technical safeguards to secure our users' data, in readiness with GDPR requirements. Our users' personal data is pseudonymized when stored, and further encrypted if it is being transferred.

What personally identifiable (PII) data does Whil collect and process? 

If you login directly at a Whil sign in page: 

We process personal data to provide our products and services and for the purposes as outlined in our Privacy Policy.

In short: 

• Whil collects, stores and processes
• Name
• Email

In order to provide access to your account, account related support, password resets, and notifications for major product change and service interruptions

• Whil collects, stores, and processes
• Age
• Gender

In order to provide aggregated anonymized reporting to your employer, and analyze satisfaction and utilization by demographic in aggregate in order to improve our offering.

If you login through single sign-on (SSO) from another site:

• Whil does not collect or store your PII. Your account is managed by another party and Whil stores only a unique identifier code. 

What if I have more questions? 

If you have additional questions, please submit an inquiry by signing into your Whil account and requesting help from the link in your account settings. If you do not have a Whil account, please submit questions below.