WHIRL Privacy Policy


This Privacy Policy explains how WHIRL (“WHIRL” or “we”) uses personal and other types of information we collect from you when you use or visit us at WHIRL.com (the “Site”). This policy does not apply to the practices of companies not owned or controlled by WHIRL or to people whom WHIRL does not employ or manage. If you do not agree with our practices, please do not use our Site and the Services. Your access to and use of the Site and Services is also subject to the Terms of Use. All terms not defined here are defined in the Terms of Use.

2. The legal basis for the processing


By consenting to this privacy notice you are given us permission to process your personal data specifically for the purpose identified.


If you have entered into agreement with Us or other Users, we have to store and process your personal data for the purposes of performance of such agreements.

Legal compliance

3. When do we collect your personal data?

  1. When you create an account on our Site;
  2. When you become an “Project Creator”;
  3. When you become a “Backer”;
  4. When you subscribe to our news, offers, and promotions by clicking the subscribe link on our promotion Site - http://whirl.com/
  5. When you contact us by any means with queries, complaints etc;
  6. When you enter our Site;

4. Types of Information We Collect?

  1. We may process your identity documents ("ID data"). Verifying account with an ID is currently mandatory to all Users who wants to become a Project Creator. ID may contain your full name, your address, date of birth, age, gender and credit card and bank information (without the CVV code). The purpose for ID data is to protect our Users from fraud and helps us to prevent, detect and investigate fraud, money laundering, criminal activity or other misuse of our Service. Moreover, by requiring all Users to ID verify will help us to provide a more trustworthy, safe and reliable experience for our Users. ID creates a strong assumption about the ownership of the account and thus ensures that we can return access to your account in case your account is hacked. Legal bases for this processing are consent and legitimate interests of ours and/or by third-parties, namely to prevent, detect and investigate fraud, criminal activity or other misuse of the services and to prevent security issues.
  2. We may process data relating to cryptocurrencies transactions in and out of your cryptocurrencies wallet ("cryptocurrencies’ transaction data"). Information stored on received transactions may include timestamp, cryptocurrencies amount, deposit address (unique) and transaction ID and other publicly available data from the cryptocurrencies blockchain. Withdrawal transactions may include data such as timestamp, cryptocurrencies’ amount, sent address, transaction ID, and description. The legal bases for this processing are consent; the performance of a contract between you and other Users, at your request, to enter into such a contract and our legitimate interests, namely the operation of our business model.
  3. We may process information contained in or relating to any communication that you send to us or what you generate through the use of our service ("communication data"). Communication data includes 1) all your messages, requests and other communication with our support team which may happen during the dispute review process or via support tickets, emails, or by means of any other communication tool; and 2) all your communication and file attachments that you generate when conducting Projects or other data that you generated mainly by communicating to other users. Communication data may include, email address, username, IP address, full name, audio and video files and in the case of manual ID verification: photo of the user’s personal ID, photo of the user, and photo of the user’s utility bill or related document. The communication data may be processed for the purposes of communicating with you, record-keeping, in order to review and resolve disputes, serve our customers better and improve our service. The legal basis for this processing is our legitimate interests, namely the proper administration of our Site and business.
  4. We may process any of your personal data when necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or outside the court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  5. In addition to the specific purposes for which we may process your personal data set out in this Section 5, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  6. Aggregate and Anonymous Data: Aggregate and anonymous data is information that does not identify you specifically, including data collected automatically when you enter our Site (“Non-Personal Data”). This may include cookies, pixel tags, web beacons, browser analysis tools and web server logs. This also includes information from the devices you use to access our Site or mobile platform, your operating system type or mobile device model, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone of your device. Our server logs may also record the IP addresses of the devices you use to interact with the Site. We may also collect information about a website you were visiting before you came to our Site and any website you visit after you leave our Site, if this information is supplied to us by your browser. We may also use software tools, such as Javascript, to measure and collect session information, including page response times, download errors, and methods used to browse away from the page. Non-Personal Data also includes some data collected by location services.

5. How We Use Personal Information and Non-Personal Data

We use Personal Information and Non-Personal Data to:

  1. Provide our Services;
  2. Build, operate and improve our Site and the Services;
  3. Perform user analytics;
  4. Provide customer support;
  5. Send you reminders, technical notices, updates, security alerts and support, and administrative messages;
  6. Manage our everyday business needs such as Site administration, analytics, fraud prevention, or to comply with the law.
  7. Provide additional information that may be of interest to you such as, news, offers, promotions, or projects that we believe may be of interest;
  8. If you don’t want to receive any marketing communications from us, you may click the ‘unsubscribe’ link in any email communication that we send you.

6. How we protect your personal data

We employ generally accepted industry standards to protect your personal information and we continuously strive to protect your information and privacy as much as we can. We secure access to all transactional areas of our websites and apps using ‘https’ technology. Also, we hold responsibility for:

  • investigating and responding to complaints regarding data protection including requests to cease processing personal data.
  • drawing up guidance and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of information;
  • the appropriate compliance with subject access rights and ensuring that data is processed in accordance with the EU GDPR;
  • ensuring that any data protection breaches are resolved, catalogued and reported appropriately in a swift manner;

Personal data or information which is voluntarily posted in publicly visible part of our web-site is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. As such, it’s not subject to our privacy policy

7. How long your personal data will be kept?

We process and store your personal data not longer than it is necessary for the purposes of such processing.

We retain and delete your personal data as follows:

  1. For all Users who have deleted their account:
    • Personally - identifiable analytics data is removed within 30 days after account deletion.
  2. For Users who have conducted or initiated any Projects and whose account deletion request has been approved by us, our data deletion policy is the following:
    • Your personal data, including registration data, account data, ID data, trade data and technical data will be deleted 10 years after you delete your account.

In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue or other issues or for any other auditing or legal reasons.

Notwithstanding the other provisions of this Section 9, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

8. When and Why We Disclose Personal Information and Non-Personal Data

Except as provided herein, we will not display on the Site, or otherwise disclose your Personal Information to any third parties unless it is necessary to provide the Services, when required by law, or if we have good faith belief that such action is reasonably necessary to (a) comply with current judicial proceedings, a court order or legal process served on us, (b) protect and defend our rights, property and interests, including by enforcing our agreements, policies and Terms of Use, (c) respond to claims that any submitted content violates the rights of third parties; (d) respond to your requests for customer service; (e) protect the rights, property or personal safety of WHIRL, its members and the public, (f) in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company, or (g) with your consent to share the information.

If you have created an account at WHIRL, some information about you will be publicly available, such as: (a) your account name, (b) any information you choose to add to your profile (such as a picture, bio, your location), (c) projects you’ve backed, (d) projects you’ve launched, (e) any comments you’ve posted on the Site.

If you are a Backer, we will share your account name and the amount of your donation with the Project Creators and your payment information with our third-party payment processor. If you are a Project Creator, you will be asked to verify your identity before the project beginning. Every Project Creator’s verified name will be publicly displayed on their profile and on any projects, they launch.

We may share Non-Personal Data with analytics companies to learn information about how our users interact with the Site. This enables us to optimize the Service and improve our efforts. See also “Third Party Analytics” below.

We will never sell your Personal Information or Non-Personal Data.

9. Data Storage

We are a Malta-based company using a data center in the EU. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information that you provide to us since you intend to become a Project creator is stored on secure servers provided by our Processor.

10. GDPR compliance statement

WHIRL respects and complies with the EU General Data Protection Regulations (GDPR).

Some of the key ways we comply with these regulations are:


We explain what you’re consenting to clearly and without ‘legalese’ and ask that you explicitly consent to contact from us.

Breach Notification

In the event of a breach we will notify affected users within 72 hours of first having become aware of the breach.

Right of access

you have the right to request a copy of the information that we hold about you.

Right of rectification

you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten

in certain circumstances you can ask for the data we hold about you to be erased from our records.

Right to restriction of processing

where certain conditions apply to have a right to restrict the processing.

Right of portability

you have the right to have the data we hold about you transferred to another organization.

Right to object

you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling –

you also have the right to be subject to the legal effects of automated processing or profiling.

Right to judicial review

in the event that we refuses your request under rights of access, we will provide you with a reason as to why.

Privacy by Design

We implement appropriate technical and organizational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of data subjects'. We hold and process only the data absolutely necessary for the completion of our duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.

Privacy by Default

We implement all necessary privacy options settings to our Site, so you don’t have to worry about privacy tuning – we have made it for you.

11. Your Choices

You can opt-out of receiving our emails by following the unsubscribe instructions included in each such email or by contacting us at [email protected] You can modify or delete the Personal Information you have provided to us by logging in and updating your profile. We will retain your information only for as long as needed to provide you the Services or as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

12. Children

WHIRL is not directed at persons under the age of 18 and does not consciously collect any Personal Information from persons under the age of 18. We request that all WHIRL users be at least 18 years old (or a legal age in your jurisdiction) or have received parental consent and supervision when using the Service.

13. Changes to this Policy

We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We always indicate the date the last changes were published, and we offer access to archived versions for your review. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

14. Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google LLC that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

15. Cookie Policy

What are cookies:

As is common practice with almost all professional websites, this site uses cookies, which are tiny files that are saved to your web browser, to improve your experience and to enable certain features, such as authentication. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored, however this may downgrade or 'break' certain elements of the sites functionality.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

If you create an account on our Site then we will use cookies for the management of the signup process, for general administration and for preventing abuse and misuse of our services.

We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

When you submit data through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence. In order to provide you with a great experience on this site, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.

We run an affiliate program and as a part of it affiliates advertise our site and services. With the affiliate program we use tracking cookies to track users who visit our site through one of our affiliate partner sites in order to credit them appropriately, and where applicable, allow our affiliate partners to provide you any bonus for making a purchase.

Managing cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help or how to do this). Disabling cookies will result in disabling all functionality and features of this site. Therefore it is recommended that you do not disable cookies.

16. Questions about Our Privacy Policy

If you have any questions or concerns regarding this Privacy Policy, you may contact us via e-mail at [email protected]

17. Data processor

For processing your personal data, we use services provided by SUM AND SUBSTANCE LIMITED, a company incorporated and registered in England with company number 09688671, whose registered office is at Suite 1, 5 Percy Street, Fitzrovia, London, England, W1T 1DG.

18. Data Controller

The purposes and means of the processing of personal data are determined by Whirl Limited, located at Orange Point Building, Level 2, Dun Karm Street, Birkirkara By-Pass, Birkirkara, BKR 9037, Malta.