GDPR compliance when integrating Whatsapp on Web1on1’s Automotive Messaging Platform (AMP)

WhatsApp has ensured that their services align with the GDPR.

It is our duty (GDPR requires us) to make sure WhatsApp (when acting as the data processor) has the appropriate safeguards in place. Web1on1 is committed to those safeguards and meeting those requirements.

WhatsApp data processing terms

WhatApp’s Data Processing Terms align with GDPR requirements governing contracts between data controllers and data processors. The customer details WA receives from AMP are the customer
phone numbers you as a Business Account User (your business) send via the WhatsApp Business API to verify those contacts are existing WhatsApp users that can be messaged by you (also subject to those users first opting in to be contacted on WhatsApp). Once Whatsapp confirms users, they discard the phone numbers and do not store them.

WhatApp does not store messages

You (as as Whatsapp Business Account User) and Web1on1 on behave of you store your own messages with your contacts. WhatsApp does not store these messages.

WhatsApp’s role as data controller/processor

WhatsApp sees itself as both data controller and data processor depending on circumstances.

DATA CONTROLLER:
With respect to consumer end users of WA Messenger, WhatsApp acts as a data controller, as set forth in the privacy policy applicable to WA Messenger consumer end users.

DATA PROCESSOR:
Each WA Business User (you) is a data controller of its customer contacts. When the client provides its customer contacts to WhatsApp via the WhatsApp Business Solution, WhatsApp is a data processor of those customer contacts and processes those customer contacts for the purpose of delivering the client’s WhatsApp messages to those customers.

NOTE: Facebook is a distributor of the WhatsApp Business Solution, and WhatsApp provides certain client information and aggregated usage data to Facebook in order for Facebook to provide billing, invoicing and other related services. WhatsApp works with and shares information with Facebook to receive services like infrastructure, technology and systems that help us provide and improve WhatsApp. When we receive services from Facebook, the information we share with them is used to help WhatsApp in accordance with our instructions.

WhatsApp server infrastructure

WhatsApp stores data in the United States and stores encrypted media worldwide to increase efficiency. This processing is supported by strict legal compliance for safeguarding any transfers of personal data outside of the EU. WhatsApp is certified for cases in which it acts as a data processor under Privacy Shield, as explained further in its Privacy Shield Addendum and certification.

When WhatsApp is the data processor, personal data will be handled as described in Data Practices (section 7 of the WhatsApp Business Terms of Service) and WA’s Data Processing Terms.