WhatsWhat
Home Investors Hub Magazine Events Members Blog Discounts & Offers Members Spotlight Interviews Podcast
Language
Register
WhatsWhat
Sign in Register
Compliance GDPR & Data Protection Statement | WhatsWhat Prime

WHATSWHAT PRIME

GDPR & Data Protection Statement

Last Updated: 2026-03-08

1. Our Commitment to Data Protection

WhatsWhat Prime operates as a structured visibility authority ecosystem. We recognise that trust in our governance structure requires strong data protection standards.

WhatsWhat Global Ltd is committed to full compliance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Irish Data Protection Acts
  • ePrivacy Regulations
  • Applicable EU digital services and AI transparency standards

Data protection is embedded into the architecture of the Prime platform.

2. Data Controller Information

WhatsWhat Global Ltd
[Registered Address]
Ireland
Email: [Insert Contact Email]

We act as Data Controller for personal data collected through our Platform unless otherwise specified.

3. Privacy by Design & Governance Architecture

The Prime ecosystem is structured in two layers:

  • Prime Authority (Editorial & Evaluation)
  • Prime Market Network (Commercial Layer)

Data used for:

  • Visibility Assessment™
  • Visibility Ladder™
  • Visibility Index™

Is processed independently from:

  • Marketplace
  • Sponsored Visibility
  • Commercial newsletters

Commercial participation does not influence evaluation processing.

This structural separation protects both governance integrity and data integrity.

4. Lawful Basis for Processing

We process personal data under GDPR Article 6 on the following lawful bases:

  • Contractual necessity (to deliver platform services)
  • Legitimate interests (platform security, improvement, governance integrity)
  • Consent (for marketing communications)
  • Legal obligation (tax, accounting, regulatory compliance)

We do not process personal data without a lawful basis.

5. Data Minimisation & Purpose Limitation

We collect only data that is:

  • Necessary for providing visibility infrastructure
  • Necessary for operating the platform
  • Required for legal compliance

We do not collect excessive or unrelated personal data. Data is not repurposed beyond the scope originally communicated.

6. Automated Processing & AI Transparency

The Prime platform may use structured algorithms and AI-assisted systems for:

  • Visibility scoring
  • Data structuring
  • Signal analysis

These systems support evaluation but do not produce legally binding decisions without human oversight.

Users may request clarification regarding automated outcomes.

We do not engage in profiling that produces legal or similarly significant effects without appropriate safeguards.

7. Data Subject Rights

Under GDPR, individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request erasure ("Right to be Forgotten")
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Data Protection Commission

Requests may be submitted to: [Insert Email]

Identity verification may be required before processing requests.

8. Data Retention & Storage

Personal data is retained only for as long as necessary:

  • To fulfil contractual obligations
  • To comply with Irish legal requirements
  • To defend potential legal claims

Inactive data may be anonymised or securely deleted after appropriate retention periods.

9. Data Security Measures

We implement appropriate technical and organisational safeguards, including:

  • Encrypted transmission
  • Secure hosting environments
  • Role-based access controls
  • Access logging
  • Governance-based data access separation
  • Internal compliance procedures

While no system is completely immune to risk, we continuously review and improve security controls.

10. Third-Party Processors

We may engage third-party service providers for:

  • Payment processing
  • Hosting
  • Technical infrastructure
  • Communication services

All processors are subject to contractual data protection obligations. We do not sell personal data.

11. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Equivalent safeguards

Data protection standards remain consistent.

12. Data Protection Governance

Data protection is integrated into:

  • Governance Oversight Framework
  • Licensing Compliance Agreements
  • Platform architecture
  • Audit logging systems

Data governance supports Prime's institutional integrity.

13. Data Breach Protocol

In the event of a personal data breach:

  • We assess risk immediately
  • Notify the Data Protection Commission where required
  • Inform affected individuals where legally required
  • Document and remediate the incident

We maintain internal incident response procedures.

14. Complaints & Supervisory Authority

If you believe your rights under GDPR have been infringed, you may lodge a complaint with:

Data Protection Commission (Ireland)
www.dataprotection.ie

We encourage direct contact first so we may resolve concerns promptly.

15. Continuous Review

We review this Statement periodically to reflect:

  • Regulatory updates
  • Platform evolution
  • Governance improvements
  • Technological changes

Your experience on this site will be improved by allowing cookies. Terms & Privacy.