All Collections
Security & Privacy
Data protection
How Waitwhile complies with GDPR
How Waitwhile complies with GDPR

A guide to our GDPR compliance.

Krzysztof Menżyk avatar
Written by Krzysztof Menżyk
Updated over a week ago

At Waitwhile, we work hard to comply for EU General Data Protection Regulation (GDPR), to ensure that we fulfill its obligations and maintain transparency about customer flows and how we use data.

Here’s an overview of GDPR, and how we achieve compliance at Waitwhile:

What’s GDPR?

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.

Does it affect me?

Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.

How Waitwhile complies with GDPR

Waitwhile helps you meet your data portability requirements; you can easily export all of your data linked to an individual and permanently delete all data linked to an individual user.

We will automatically expire data on visitors that have not been seen in 9 months, to ensure we comply with GDPR retention requirements.

Our Data Processing Agreements (DPAs)

Strong data protection commitments are a key part of GDPR’s requirements. Our data processing agreement shares our privacy commitments and sets out the terms for Waitwhile and our customers to meet GDPR requirements. This is available for customers to sign upon request.

We are certified for International Data Transfers:

The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.

Our Data Protection Officer

We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch through the messenger or by emailing

Coordination with our Vendors

We have reviewed all our vendors, finding out about their GDPR position and signed Data Processing Agreements with them.

Our security measures

Security is a priority for us. We have regular external audits, pentests and bug bounties. We’ve built a robust security framework, achieving International Compliance standards (SOC2, CSA, HIPAA and Privacy Shield) and reviewed our internal access design to ensure the right people have access to the right level of customer data. More details are available on our Security page.

We continue to help our customers and prospective customers be compliant. Some steps you can take are:

  • Get familiar with the GDPR requirements and how they affect your company.

  • Map out everywhere you process data and carry out a gap analysis.

  • See how you can leverage Waitwhile to help with your GDPR compliance. Our audit reports, pen tests and security docs are available to customers on request.

  • Look at your product roadmap, think about privacy when you’re planning.

  • Chat to your lawyer about what your company needs to do to.

  • Keep an eye on the developing guidelines from the European Data Protection Board.

Did this answer your question?