WholeLot and GDPR

At WholeLot, our goal is to help our partners meet both the letter and the spirit of GDPR in a simple and straightforward way. We believe GDPR is not just a regulation; respecting the privacy rights of all partners and their users (regardless of origin) is the right thing to do.

WholeLot has updated its platform to meet GDPR standards worldwide, and we will continue to invest in industry-leading data privacy initiatives.

How to make a request to WholeLot under GDPR

If you are a European data subject and wish to exercise your GDPR rights, the process to follow depends on the nature of your relationship with WholeLot.

I have a direct relationship with WholeLot

If you have a direct relationship with WholeLot, you will be able to submit requests using our self-service portal beginning on May 25, 2018. Examples of direct relationships include:

  • You have visited the WholeLot website.
  • You have a WholeLot account.
  • You attended a WholeLot event.
  • You are on the WholeLot mailing list.

I am an end user of an app or website

If your relationship with WholeLot is via companies that use our services, your request must be submitted directly to them. This is because WholeLot acts as a service provider on behalf of those companies, and they are responsible for authenticating your request and ensuring it is communicated to all service providers.

WholeLot is committed to working with our partners to honor data subject requests to the full extent required by GDPR.

How WholeLot supports GDPR compliance for our partners

SDK privacy controls

Under GDPR, your users have the right to object to data processing. WholeLot makes it simple for you to stop tracking users after they object, though it is important for these users to understand that they may experience degraded functionality. We recommend working with your legal team to keep users informed as you implement the processes required by GDPR.

If you have determined that a user does not want to be tracked by third-party data processors, and that this preference extends disabling elements of your core functionality, the WholeLot SDKs allow you to honor this right. You can flag in the WholeLot SDK that a particular user has requested that his or her data not be processed by WholeLot, in which case WholeLot will no longer process engagement data on your behalf for that user.

After you use the SDK to inform us that a user has requested not to be tracked by WholeLot, it will still be possible for that user to generate and share WholeLot links. Basic deep linking will also continue to work. However, since all further activities must occur without passing any identifiable user information on to WholeLot, these users will no longer benefit from the seamless customer journeys WholeLot helps you build with cross-platform data.

Handling GDPR requests from end users

When your end-users exercise their rights under GDPR, WholeLot is committed to working with you to fulfill these requests, provided the request comes directly from you.

To submit a GDPR end-user request to our team after May 25, 2018, reach out to us through our GDPR portal and we will work with you to fulfill your end-user’s request. Please include in that request the end-user’s advertising identifier (e.g., IDFA/GAID), and the date you received the end-user’s request.

Other Resources

Data collected by WholeLot

Read our Privacy Policy for full details on the types of data WholeLot collects, and how we use each one to provide our services.

Privacy Policy

List of third-party vendors

We maintain a list of vendors that process personal data on WholeLot's behalf, and the purpose for which we share data with each of these vendors.

Third Party Vendors

Data Processing Addendum

WholeLot provides a Data Processing Addendum (DPA). If applicable to your GDPR compliance process, please return a countersigned copy to privacy@wholelot.co.uk.

WholeLot DPA