On May 25th, 2018, the General Data Protection Regulation (GDPR) will become enforceable and apply to organisations located within the EU and outside if they offer goods or services to, or monitor the behavior of, EU data subjects. The GDPR provides rules for the protection of individuals in Europe on how their data may be collected, moved, stored, and processed. We have prepared this FAQ to answer some of the most common questions regarding GDPR and WinnerPicker.

Is WinnerPicker a Data Controller or Data Processor?

When customers create campaigns on WinnerPicker, the customer is the data controller (or if an agency, processor for the data controller). WinnerPicker can also be a data controller, for example when you create a WinnerPicker customer account or enable WinnerPicker controlled social app login integration in your campaigns.

Does WinnerPicker offer a Data Processing Addendum (DPA)?

Yes, WinnerPicker offers a DPA to our customers whose processing falls under GDPR. To request a DPA for your organization please contact our customer support team at support@winnerpicker.com.

What security measures does WinnerPicker have in place to protect data?

Protecting our customer’s data is one of our top priorities at WinnerPicker. We have implemented a number of security measures to protect data and ensure compliance with GDPR. Our security documentation is available for inspection to customers who have an executed DPA with us.

How does WinnerPicker handle delete instructions from customers?

WinnerPicker’s dashboard provides customers with the ability to delete most data. For any data not available for deletion through the dashboard, WinnerPicker will fulfill delete instructions from customers communicated via customer support.

Who should I contact if I have questions?

For questions about GDPR related to your WinnerPicker account please email our customer support team at support@winnerpicker.com.