Last Modified: May 15, 2018
Definitions. For the purposes of these Data Processing Terms, the following terms have the meanings set out below:
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679). “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”, and “Processing” have the same meanings as in the GDPR, and “Processed” and “Process” shall be construed in accordance with the definition of “Processing”.
Other capitalized terms used but not defined herein have the meanings set forth in the WhatsApp Business Terms of Service (“Business Terms”) or are otherwise defined contextually within these Data Processing Terms.
Applicability. Where your Processing of Personal Data is subject to the GDPR, you acknowledge that your use of our Business Services may involve sending Personal Data to WhatsApp. To the extent that we process such data as your Processor, these Data Processing Terms apply and are incorporated by reference into the Business Terms, and will govern to the extent of any conflict with the Business Terms.
Our Obligations as Processor. To the extent that WhatsApp processes such Personal Data as your Processor, WhatsApp will:
a. implement appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing or accidental loss, alteration, disclosure, destruction, or damage, including contractually binding employees, agents, and contractors to appropriate confidentiality requirements;
b. notify you without undue delay of the discovery by WhatsApp of any Personal Data Breach;
c. assist you by appropriate and possible technical and organizational measures, taking into account the nature of the processing and the information available to WhatsApp, to enable you to fulfill any obligations to respond to requests for the exercise of Data Subject rights under GDPR;
d. assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to WhatsApp;
e. upon your request, make available to you all information that is reasonably necessary to demonstrate WhatsApp’s compliance with its legal obligations as a data Processor under Article 28 of the GDPR;
f. subcontract its data processing obligations under these Data Processing Terms to a sub-processor only by way of a written agreement with the sub-processors, which subjects those sub-processors to the equivalent obligations imposed upon WhatsApp by these Data Processing Terms; where the sub-processor fails to fulfill such obligations, WhatsApp will remain fully liable to you for the performance of that sub-processor’s obligations. WhatsApp will notify you in advance of any changes related to its sub-processor(s). If you reasonably object to such changes, you may inform WhatsApp in writing and stop using our Business Services; and
g. upon termination of the Business Terms, cease processing and delete the Personal Data as soon as reasonably practicable; provided that WhatsApp may keep the Personal Data if WhatsApp is required to do so by applicable law, or to the extent that WhatsApp has a contractual right or obligation to use the Personal Data independent of the Business Terms.
Transfer of Personal Data. WhatsApp Inc. has made commitments under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield that may apply to Personal Data transferred by you or WhatsApp Ireland Limited to WhatsApp Inc. under the Business Terms. Where your customers are in the European Union or Switzerland, and when applicable as the means to transfer Personal Data of such customers to WhatsApp Inc., you acknowledge that the WhatsApp Privacy Shield Addendum, European Commission’s adequacy decisions about certain countries, or European Commission approved standard contract clauses apply to such Personal Data in addition to the Business Terms. References within our Privacy Shield Addendum and our Privacy Shield Notice to “Business Products” mean Business Services, when applied to these Data Processing Terms.