GDPR Compliance

1. Introduction

Whatsbot is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all users in the European Union and the European Economic Area.

This page outlines our GDPR compliance practices and your rights under the regulation.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to data processing (e.g., account creation)
• Contract Performance: To fulfill our obligations under the Terms of Service
• Legal Obligation: When required by law
• Legitimate Interest: For security, fraud prevention, and Service improvement
• User Request: When you initiate contact or request a service

3. Your GDPR Rights

Under the GDPR, you have the following rights:

Right to Access (Article 15):

• Request a copy of your personal data held by Whatsbot
• Understand how and why we process your data
• Obtain information about recipients of your data

Right to Rectification (Article 16):

• Correct inaccurate or incomplete personal data
• Update your information at any time
• Request correction of data we hold

Right to Erasure (Article 17):

• Request deletion of your personal data ("right to be forgotten")
• Have your data permanently removed from our systems
• Exceptions apply where data retention is required by law

Right to Restrict Processing (Article 18):

• Request that we limit how we process your data
• Suspend processing while you contest accuracy or legality
• Restrict use to specific purposes

Right to Data Portability (Article 20):

• Receive your data in a structured, commonly-used format
• Transfer data to another service provider
• Obtain a copy suitable for re-use

Right to Object (Article 21):

• Object to processing based on legitimate interest
• Opt-out of direct marketing and analytics
• Request that processing cease

Right to Withdraw Consent:

• Withdraw consent at any time without penalty
• No retroactive effect on prior processing
• Revoke permissions through account settings

4. Data Minimization

We collect only the minimum personal data necessary to:

• Provide and maintain the Service
• Fulfill your requests and transactions
• Comply with legal obligations
• Protect security and prevent fraud

We do not collect data for purposes beyond what is explicitly necessary.

5. Data Retention

We retain personal data only as long as necessary:

• Account Information: Retained while account is active; deleted 30 days after account closure
• Message Data: Retained 30–90 days for operational purposes
• Logs and Metadata: Retained 30 days for security purposes
• Legal Requirements: Retained longer if required by law

6. Data Subject Requests

You can exercise your rights by submitting a formal request:

• Email: privacy@whatsbot.com
• Subject: "GDPR Data Subject Request"
• Include: Your email, request type, and any relevant details
• Timeline: We will respond within 30 days (extendable by 60 days for complex requests)
• Verification: We may request identity verification to prevent unauthorized requests

We will not charge a fee unless your request is manifestly unfounded or excessive.

7. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

• Email: dpo@whatsbot.com
• We will address your inquiry promptly and professionally

8. International Data Transfers

If your data is transferred outside the EU/EEA, we ensure:

• Standard contractual clauses are in place with recipients
• Adequate safeguards protect your rights
• Compliance with GDPR transfer requirements
• You are informed of any international transfers

9. Privacy by Design

We implement privacy by design in all our operations:

• Privacy impact assessments for new features
• Data protection embedded in system architecture
• Encryption and security as default settings
• Regular privacy audits and assessments
• Staff training on privacy and data protection

10. Data Breaches

In the event of a data breach, we will:

• Notify the relevant supervisory authority without undue delay (within 72 hours)
• Inform affected individuals if the breach poses a high risk
• Provide information about the breach, risks, and protective measures
• Conduct a thorough investigation
• Implement remedial measures to prevent recurrence

11. Third-Party Processors

If we use third-party data processors, we ensure:

• Data Processing Agreements are in place
• Processors meet GDPR compliance standards
• Appropriate safeguards protect your data
• You are informed about processor involvement

12. Children's Data

The Service is not intended for children under 13 years of age. We do not knowingly collect data from children. If we become aware that a child has provided personal data, we will delete it immediately and terminate the child's account.

13. Right to Complain

You have the right to lodge a complaint with your local data protection authority:

• Contact your national supervisory authority
• File a complaint if you believe we've violated your rights
• Exercise this right without fear of retaliation

14. Contact Information

For GDPR-related inquiries:

• Privacy Team: privacy@whatsbot.com
• Data Protection Officer: dpo@whatsbot.com
• Address: Jaipur, Rajasthan, India

15. Changes to This Policy

We may update this policy to reflect changes in GDPR requirements or our practices. We will notify you of material changes and post the updated policy on this page.