1. Introduction
Whali ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at whali.co.uk (the "Service").
We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
Whali is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: admin@whali.co.uk
3. Information We Collect
3.1 Information You Provide
- Account Information: When you create an account, we collect your name, email address, and password.
- Profile Information: University, target industry preferences, and career interests.
- Application Materials: CVs and cover letters you upload for our interview placement service.
- Payment Information: When you subscribe, payment is processed by Stripe. We do not store your full card details; Stripe handles this securely.
- Communications: Any messages or enquiries you send to us.
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, and interactions with our Service.
- Device Information: Browser type, operating system, and device identifiers.
- Log Data: IP address, access times, and referring URLs.
- Cookies: We use essential cookies to maintain your session and preferences. See Section 8 for more details.
4. How We Use Your Information
We use your personal data for the following purposes:
- Service Delivery: To provide access to internship opportunities, process applications, and deliver our interview placement service.
- Account Management: To create and manage your account, authenticate your identity, and process subscriptions.
- Communication: To send you service-related notifications, weekly opportunity updates, and respond to your enquiries.
- Improvement: To analyse usage patterns and improve our Service.
- Legal Compliance: To comply with legal obligations and protect our rights.
5. Legal Basis for Processing
Under UK GDPR, we process your personal data based on the following legal grounds:
- Contract: Processing necessary to perform our contract with you (e.g., providing the Service you subscribed to).
- Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our Service, fraud prevention).
- Consent: Where you have given explicit consent (e.g., marketing communications).
- Legal Obligation: Processing necessary to comply with legal requirements.
6. Data Sharing and Disclosure
We may share your information with:
- Service Providers: Third parties who assist in operating our Service (e.g., Supabase for database hosting, Stripe for payments, Vercel for hosting).
- Legal Requirements: When required by law, court order, or governmental authority.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
We do not sell your personal data to third parties.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Account data: For the duration of your account plus 2 years after deletion.
- Application materials (CVs): For 12 months after submission or until you request deletion.
- Payment records: For 7 years as required by UK tax law.
- Usage data: For 24 months.
8. Cookies
We use essential cookies to ensure the proper functioning of our Service. These cookies are necessary for:
- Maintaining your login session
- Remembering your preferences
- Security and fraud prevention
You can control cookies through your browser settings, but disabling essential cookies may affect the functionality of our Service.
9. Your Rights
Under UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Request transfer of your data to another service provider.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise these rights, please contact us at admin@whali.co.uk. We will respond within one month.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure authentication mechanisms
- Regular security assessments
- Access controls and employee training
However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
11. International Transfers
Your data may be transferred to and processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).
12. Children's Privacy
Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
14. Complaints
If you have concerns about how we handle your personal data, please contact us first at admin@whali.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
15. Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: admin@whali.co.uk
