Get in touch

Our commitment with data privacy

Last updated: 18th of December, 2023

At Wakoopa we understand the importance of confidentiality when it comes to market research. As an European organization, we are committed to ensuring that the personal data we process is handled in a way that is compliant with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Privacy is a fundamental human right. It’s also one of the core values of our industry. That’s the kind of market research we believe in.

With Wakoopa, you'll always be in control

At Wakoopa we are a data processor, meaning that we only process personal data on behalf of our clients. As a customer of Wakoopa and licensee of our technology, you operate as the controller when using our technology. You have the responsibility for ensuring that the personal data you are collecting is being processed lawfully and that you are using processors, such as Wakoopa, that provide sufficient guarantees to meet key requirements of the GDPR and other applicable legislation.

We work closely with our clients to ensure that we are meeting their data processing needs and that we are complying with their instructions for handling personal data. We believe that this division of responsibility is essential for maintaining transparency and accountability in the data processing chain. Our focus is on providing secure and reliable data processing services to our clients, while allowing them to maintain control over their data.

App transparency

We understand the importance of transparency and choice when it comes to personal data. In accordance with this, we’ve developed an app that allows your users to make informed choices about their settings and use of Wakoopa. We believe that empowering users with choice and transparency is essential for building trust and promoting responsible data use. Our app is just one example of our commitment to providing secure and privacy-friendly solutions to our clients.

ISO 20252 certified

In addition, we hold an ISO certification for market research, demonstrating our commitment to meeting the highest standards in the industry. These certifications reflect our dedication to protecting personal data and maintaining the trust of our clients. We regularly review and update our privacy and security practices to ensure they remain effective and up-to-date.

Privacy culture

At Wakoopa we understand that protecting personal data requires a team effort. We are committed to maintaining a strong culture of data privacy and security across our organization. Our team undergoes regular training to ensure they are up-to-date on the latest data protection best practices. We also have robust internal policies and procedures in place to ensure that everyone in our organization is aware of their role in protecting personal data. We believe that our team's commitment, training, and awareness are critical components of our success in protecting personal data and maintaining the trust of our clients. All Wakoopa professionals involved in the processing of personal data are subject to confidentiality obligations.

Wakoopa's business model

Our business model is to license our software to clients for the purpose of behavioral tracking. We do not engage in any form of data selling or advertising. Our focus is solely on providing our clients with a secure and reliable software solution that helps them make advanced analytics based on behavioral data.

Privacy is a fundamental right

We provide our clients with the tools they need to fulfill their obligations under data protection laws, including the GDPR. This includes the ability to respond to data subjects' requests to access, rectify, erase, or restrict the processing of their personal data. We work closely with our clients to ensure that they understand their obligations and to provide them with guidance on how to handle data subjects' rights requests. In the event that we receive a data subject's rights request directly, we will promptly forward it to the appropriate client for them to handle. We believe that protecting data subjects' rights is an essential component of our commitment to data privacy and security.

Given you are a data controller, the GDPR requires that you enter into an agreement with your data processors. This agreement is referred to as “Data Processing Agreement" (DPA) and sets out how a controller and a processor meet the requirements of the GDPR.

The documentation we enter into as part of our onboarding process includes a DPA designed to address the requirements of Article 28 of the GDPR.

Security by design

We have implemented a number of technical and organizational measures to protect the confidentiality, integrity, and availability of the personal data that we process. These measures include:

  • Data encryption: We use industry-standard encryption protocols to protect the data that we process.
  • Access controls: We restrict access to personal data to only those employees who need it to perform their job functions.
  • Regular security assessments: We conduct regular security assessments to identify and address any vulnerabilities in our systems.
  • Sub-processor oversight: We ensure that any third-party vendors that have access to personal data are subject to contractual obligations that are similar to our own.

It is worth mentioning that these measures and the features/precautions described in this section apply to all our customers/users, regardless of whether they are directly impacted by GDPR or a less restrictive legislation.

This guide should not be considered legal advice. Please consult a legal professional for details.