WaaPY – WhatsApp Boardcast, Automation, Notification & Customer Service Software
Privacy Policy
Introduction
Waapy (“Waapy”, ”we”, ”us”, ”our”) is committed to protecting and respecting your privacy. We are committed to the protection of the personal data we process in line with the data protection principles set out in the Singapore Personal Data Protection (“PDPA”); Malaysia Personal Data Protection Act (“PDPA”); UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (EU Regulation 2016/679) (“EU GDPR”) (together referred to herein as the “GDPR”); the Hong Kong Personal Data (Privacy) Ordinance (Cap.486) as amended in 2012 (“PDPO”); the Personal Information Protection Law of the People’s Republic of China (“PIPL”); the Data Security Law of the People’s Republic of China (“DSL”); Lei Geral de Proteção de Dados Pessoais of Brazil (“LGPD”); the Data Protection Act 2018 (“DPA 2018”); and the Privacy and Electronic Communications Regulations 2003 (“PECR”), as amended. We have aligned our data protection compliance programme to the core requirements of the GDPR, as this is considered as the global “gold standard” of data protection regulation. This privacy notice (“Notice”) explains how we treat personal information processed on our bespoke platform, Waapy, what we collect when you visit our website, contact us by email, phone or through one of our social channels, or through other communications. It also explains what information we collect automatically when you visit our website and the information we collect when you use our services. Please be aware that we have separate privacy notices for employees and job applicants. Please also be aware that our clients may have their own privacy notices on their respective websites. As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing personal data. We are committed to protecting the security of your personal data. We use a variety of technical and organizational measures to help protect your personal data from unauthorized access, use or disclosure. We update this Notice from time to time in response to changes in applicable laws and regulations, to our processing practices, and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this Notice periodically to check for updates.
What information do we process?
Information provided by our clients
The categories of personal data processed by us varies between clients, but may include:
- Name
- Job Title
- Business address
- Business email address
- Business telephone number(s)
- Business financial information
- Business type
- Business size
- Location data
Information provided to us via our website
We process all information you provide to us via our website (“our site”), by telephone, email or otherwise. This includes information you provide when you register for our services as a client, enquire about a product or service, use one of the social media functions linked to our website, or when you report a problem with our website.
The categories of personal data processed by us varies between clients, but may include:
If you integrate third-party e-commerce system(s), such as Woocommerce store(s) into Waapy, the additional categories of data Waapy collects and/or processes may include:
If you submit a “Book a Demo” form on our website, we may collect additional information from you such as:
- Name
- Job Title
- Email address
- Telephone number
- Device and browser information
- Location data
- Details about how you browse our websites and platform
If you integrate third-party e-commerce system(s), such as Woocommerce store(s) into Waapy, the additional categories of data Waapy collects and/or processes may include:
- Inventory information
- Order information
- Customer information
If you submit a “Book a Demo” form on our website, we may collect additional information from you such as:
- Company name
- Mobile/phone number & email
Cookies and Web Beacons
Waapy uses cookies on our website and web beacons in some emails. Cookies are small text files and web beacons are small graphic images. They are downloaded to your device when you visit a website or receive certain emails, unless you have set your browser to reject them.
We use cookies to remember your preferences and improve your overall experience of our site. We use web beacons to track the actions of individuals (such as email recipients) and measure the success and response rates of our marketing campaigns.
Below is a list of the cookies we use and the purpose of use:
To learn more about cookies, web beacons and what you can do to opt out of receiving them, please visit https://www.allaboutcookies.org/
We use cookies to remember your preferences and improve your overall experience of our site. We use web beacons to track the actions of individuals (such as email recipients) and measure the success and response rates of our marketing campaigns.
Below is a list of the cookies we use and the purpose of use:
| Type of Cookie | Purpose |
|---|---|
| Session Cookies | These enable you to carry out some essential functions on our sites, such as maintaining log-in details for the session or a transaction. They also help by minimizing the need to transfer information across the internet. They are not stored on your computer and expire when you terminate your browser session or logout of certain areas. |
| Analytics | We like to keep track of what pages and links are popular and which ones don’t get used so much to help us keep our site relevant and up to date. It’s also very useful to be able to identify trends of how people navigate our site and help us provide a more friendly solution. |
| Third-party cookies | Analytics tracking (and most web tracking software) use cookies in order to provide meaningful reports about site visitors. However, analytics cookies do not collect personal data about website visitors. |
Purposes and bases for processing your personal data
We may use your data for the following purposes and on the following lawful bases:
| Purposes | Lawful Bases for Processing |
|---|---|
| Responding to correspondence from you | It is in our legitimate interest to respond to enquiries made through our website, by telephone, email, through our social channels or any other means |
| Processing data to facilitate client service requirements | We process personal data under written instruction, bound by the contract between us and our client |
| Business management, forecasting and statistical purposes | It is in our legitimate interest to identify areas for managing current business relationships, developing our services and conducting reasonable forecasts for our business |
| Improving our website and the overall website visitor and user experience | It is in our legitimate interest to allow analytics and search engine optimization to help improve and optimize our website We use cookies on our website with your consent |
| Prevention and detection of crime including money laundering, fraud or other crimes | It is in our legitimate interest to identify areas for managing current business relationships, developing our services and conducting reasonable forecasts for our business |
| Responding to suggestions and complaints in order to continually improve the services we provide | It is in our legitimate interest to provide the best service to users of our website and to increase features in order to continually improve and expand the services we provide |
| Analyse and track use of our website for reporting and analytical purposes | It is in our legitimate interest to monitor our website usage in order to continually improve user experience |
Sharing your information
If sharing your personal data becomes necessary for the purposes of providing our services to you, we will only share it where appropriate safeguards are in place to ensure your personal data is protected to the same standard expected under the PDPA and GDPR.
We may, on occasion, engage the services of a third-party sub-processor. Any such third party will act under our written instructions and will adhere to strict data protection obligations, including the implementation of appropriate technical and organizational measures which meet the processing requirements of the PDPA and GDPR.
We also use a third party for hosting infrastructure, website performance and management, error monitoring, support and other functionality. The written contract in place between us and this third party provides for the maintenance of confidentiality, security, and integrity of the information we share with them.
In the event our website includes links to social media platforms (Facebook, Instagram, LinkedIn, Twitter). Once you navigate away from our site via one of the links, the site may collect your IP address and may set a cookie on your device. When you use one of these links, you are sharing information to another website or service and this Notice will no longer apply. Please read the privacy notices provided by the particular service website you are directed to, before posting any personal information using these links.
We may, on occasion, engage the services of a third-party sub-processor. Any such third party will act under our written instructions and will adhere to strict data protection obligations, including the implementation of appropriate technical and organizational measures which meet the processing requirements of the PDPA and GDPR.
We also use a third party for hosting infrastructure, website performance and management, error monitoring, support and other functionality. The written contract in place between us and this third party provides for the maintenance of confidentiality, security, and integrity of the information we share with them.
In the event our website includes links to social media platforms (Facebook, Instagram, LinkedIn, Twitter). Once you navigate away from our site via one of the links, the site may collect your IP address and may set a cookie on your device. When you use one of these links, you are sharing information to another website or service and this Notice will no longer apply. Please read the privacy notices provided by the particular service website you are directed to, before posting any personal information using these links.
Direct marketing communications
To market, promote, and drive engagement of our products and services, we use data about you to send promotional communications that may be of specific interest to you. These communications are to drive your engagement and maximize the value of our services to you. Occasionally, we will use your name and address for marketing and promotional communications via written email, phone calls, faxes, postal mail and text messages through platforms like SMS, WhatsApp, Telegram and more.
In particular, by submitting a “Book a Demo” form on our Website, you consent to receive email messages, text messages, phone calls, faxes and postal mail, including that of a promotional nature, from Waapy. Where local law permits, you consent to receive phone calls from Waapy and its affiliates, even if your phone number is listed on the “Do Not Call” registry. You may not provide consent on behalf of someone else or provide someone else’s contact information.
In particular, by submitting a “Book a Demo” form on our Website, you consent to receive email messages, text messages, phone calls, faxes and postal mail, including that of a promotional nature, from Waapy. Where local law permits, you consent to receive phone calls from Waapy and its affiliates, even if your phone number is listed on the “Do Not Call” registry. You may not provide consent on behalf of someone else or provide someone else’s contact information.
Your rights
The GDPR provides you with certain rights in relation to the processing of your personal data, including to:
Request access to personal data about you (a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
Request rectification, correction, or updating of any personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request personal data provided by you to be transferred in a structured, commonly used and machine-readable format.
Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g., if you want us to establish its accuracy or the reason for processing it).
Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Waapy.
Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation, laws, and regulations to which we are subject. If at any time you would like to exercise any of your rights as set out above, you can contact us at [email protected]. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In terms of direct marketing communications, your personal data is stored for marketing purposes as long as you have not objected to such marketing communication and/or the subscription to the email newsletter is active, as the case may be. Similarly, You can opt-out of receiving our direct marketing communications at any time through our unsubscribe or opt-out mechanisms provided, or by contacting us at [email protected].
If an opt-out request is received, you may still receive communications from us for up to ten (10) business days as we process the opt-out request. We reserve the right to continue sending out communications regarding service announcements, administrative messages, and accounts administration relating to Waapy that are necessary to our relationship with you. All data will be processed in accordance with this Privacy Policy.
In addition to the above, please note that you have the right to make a complaint at any time to the MALAYSIA DEPARTMENT OF PERSONAL DATA PROTECTION if you are concerned about the way in which we are handling your personal data.
Request access to personal data about you (a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
Request rectification, correction, or updating of any personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request personal data provided by you to be transferred in a structured, commonly used and machine-readable format.
Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g., if you want us to establish its accuracy or the reason for processing it).
Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Waapy.
Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation, laws, and regulations to which we are subject. If at any time you would like to exercise any of your rights as set out above, you can contact us at [email protected]. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In terms of direct marketing communications, your personal data is stored for marketing purposes as long as you have not objected to such marketing communication and/or the subscription to the email newsletter is active, as the case may be. Similarly, You can opt-out of receiving our direct marketing communications at any time through our unsubscribe or opt-out mechanisms provided, or by contacting us at [email protected].
If an opt-out request is received, you may still receive communications from us for up to ten (10) business days as we process the opt-out request. We reserve the right to continue sending out communications regarding service announcements, administrative messages, and accounts administration relating to Waapy that are necessary to our relationship with you. All data will be processed in accordance with this Privacy Policy.
In addition to the above, please note that you have the right to make a complaint at any time to the MALAYSIA DEPARTMENT OF PERSONAL DATA PROTECTION if you are concerned about the way in which we are handling your personal data.
Data retentio
We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted in accordance with our Personal Data Retention Policy.
At the end of the retention period, your personal data will be securely deleted in accordance with our Personal Data Retention Policy.
Your customers’ information
We collect and use personal information about your customers. In general, we only collect and use this personal information as directed by you. We will never use your customers’ information to independently market or advertise to your customers unless they are also using our applications or services directly.
You need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information.
Also, if you are collecting any sensitive personal information from your customers (for example, information about health, race, ethnicity, genetics, biometrics, trade union membership, political opinions, philosophical or religious beliefs, criminal history, or sexual interests), you should get the affirmative, express consent from your customers to use and process this information.
You need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information.
Also, if you are collecting any sensitive personal information from your customers (for example, information about health, race, ethnicity, genetics, biometrics, trade union membership, political opinions, philosophical or religious beliefs, criminal history, or sexual interests), you should get the affirmative, express consent from your customers to use and process this information.
Contact
You can contact us in relation to data protection and this privacy notice by emailing [email protected]