Log In

Apply

Log In

Apply

Statement on GDPR Compliance of Zefir & WhatsApp Business API

Last Updated :

Dec 6, 2024

Introduction

Zefir Chat and WhatsApp Business API are fully GDPR compliant. Here are the key points that reflect this:


  1. Lawful Processing: The WhatsApp Business API provides mechanisms for obtaining user consent, which is crucial for GDPR compliance. Companies must ensure they have proper systems in place for obtaining and documenting this consent.


  2. Data Minimization and Purpose Limitation: WhatsApp's data practices align with GDPR principles by limiting data collection and processing to specific, legitimate purposes. According to their commerce policy, WhatsApp does not use end-user data for profiling, but only for statistical purposes and product development after anonymization and aggregation.


  3. User Rights: The API allows companies to implement systems that respect user rights, including the right to access, rectify, erase, and port their data.


  4. Data Transfer & Localization: WhatsApp's data transfer practices and list of sub-processors appear to be in line with GDPR requirements for international data transfers. Importantly, WhatsApp provides a full list of subcontractors storing data, and Zefir supports Cloud API local storage, ensuring that data is stored within Europe. At Zefir, we take GDPR compliance seriously. All our servers and databases are located in Stockholm, Sweden, providing an additional layer of data protection for our European clients. Furthermore, we ensure GDPR compliance of the WhatsApp Business API by specifically telling WhatsApp to store all data within Europe. We do this by setting a special option called the "Data Localization region" to Europe when we set up each business phone number. As stated in the WhatsApp documentation. What this means for you is that by choosing Europe as the data storage location, we ensure that all your message content, including text and media, for both incoming and outgoing messages, is stored in WhatsApp's European data centers, not in the US or elsewhere.


  5. Pseudonymization: WhatsApp's data practices include measures to pseudonymize data, which is encouraged by the GDPR.


  6. Transparency: WhatsApp's commerce policy and terms of service, while complex, provide detailed information about data handling practices, which supports GDPR's transparency requirements.


It's important to note that while the WhatsApp Business API provides the tools for GDPR compliance, the responsibility lies with the companies using the API to implement proper data protection measures and respect user rights. This includes:

  • Setting up clear consent mechanisms

  • Providing transparent information about data usage

  • Implementing systems to handle user requests for data access, deletion, or modification

  • Ensuring proper data security measures are in place

  • Carefully reviewing and adhering to WhatsApp's terms of service and commerce policy

Is Zefir GDPR compliant?

Yes, Zefir is GDPR compliant. We take GDPR compliance seriously. All our servers and databases are located in Stockholm, Sweden, providing an additional layer of data protection for our European clients. Furthermore, we ensure GDPR compliance of the WhatsApp Business API by specifically telling WhatsApp to store all data within Europe. We do this by setting a special option called the "Data Localization region" to Europe when we set up each business phone number.

Conclusion

In conclusion, when used responsibly and with appropriate safeguards, the WhatsApp Business API can be a GDPR-compliant tool for business communication. At Zefir Chat, we are committed to maintaining GDPR compliance in our use of the WhatsApp Business API, ensuring that our clients' data and their end-users' data are handled with the utmost care and in accordance with GDPR requirements.

Companies must remain vigilant in their data protection practices and stay updated on any changes to WhatsApp's policies or GDPR requirements. For a more detailed analysis of GDPR compliance in relation to the WhatsApp Business API, please don't hesitate to contact us.

Contact Us

If you have any questions, please contact us at support@zefirchat.com