Declaration on JCA

Last update: September 13, 2023
Choose your language to read relevant policies:

WhiteBox concludes Joint Controller Data Protection Agreements with the organizations that utilize WhiteBox (“clients”).

This overview is designed to clarify the essentials of this agreement for data subjects:

Should there be an issue where your data is not managed according to standards, both WhiteBox and the collaborating organization share responsibility and liability. However, this joint responsibility applies specifically to data processing activities undertaken collaboratively, which means data both parties can access directly within the WhiteBox platform and its integrated IT systems.

If the data is moved off the platform, or if an organization doesn’t have access to certain data within the platform, the responsibility and liability becomes individual. In such cases, each entity acts as a separate data controller, responsible and liable for their own actions and decisions regarding your data.

Purpose and Parties:
This agreement lays out the obligations of WhiteBox and its clients when handling your personal data on the WhiteBox platform. Both parties have their own reasons for using your data, but sometimes they might process data together.

Standards and Compliance:
Any client using WhiteBox must uphold privacy standards at minimum to those of WhiteBox’s own (as described in the Privacy Policy). Both parties are committed to following GDPR and other data protection laws, ensuring that your rights as a data subject are always protected.

Handling and Storage of Data:
If your data is taken off the platform, it will be anonymized as much as possible. It will be stored in a structured and machine readable format, and access is limited to those who strictly need it. Data collection is minimal and is only done when necessary.

Transparency & Your Rights:
Both parties are dedicated to keeping you informed. If you ever want to know about your data being used on WhiteBox, the responsible party will provide you with clear, straightforward information at no cost. Requests can be made to WhiteBox. If you want to access, correct, or delete your data on WhiteBox, your request will be promptly addressed. If there are any issues or breaches concerning your data, you, along with the relevant authorities, will be notified.

Confidentiality and Security:
All employees handling your data must keep it confidential. Even after they leave their job, this confidentiality persists. Measures are in place to ensure that your data remains secure, please read our Privacy Policy for more information. For more information on confidentiality obligations of staff handling reports see the Grievance Mechanism Procedure Policy.

Third-Party Involvement:
When external services or processors are brought into the fold, they must adhere to the same rigorous data protection standards. If there’s any change in these external parties, both main parties will be informed.