Privacy Statement

Last Updated 25 October 2018


Service Descriptionm User Types and Definitions
Ownership of Data Harvested
Server Locations
Personal Data Harvested
Retention, Changing and Deleting Personal Data
Vote Secrecy
Cookies and Tracking Technologies
Client Testimonials
Log Files
Notification of Changes
Contact Information

Service Description, User Types and Definitions

In this document the term Personal Data means "any information or opinion in any recorded format about an individual whose identity is apparent or is reasonably ascertainable from the information or opinion and who is alive or has not been dead for more than 30 years". This privacy statement describes how RiskWhip Pty Ltd ACN 623 131 706 and RiskWhip Services Pty Ltd ACN 623 131 706, collectively known as "RiskWhip", collects and uses Personal Data you provide on our RiskWhip platform: ("Website") and through any of the services which are part of the RiskWhip platform. It also describes the choices available to you regarding our use of your Personal Data and how you can access and update this information.

In this document the RiskWhip service is called the “Service”.

The term WhipCrowd means a group that exists within the RiskWhip Platform for the purpose of allowing its members to define particular personal rare event risk exposures and to facilitate a process of members assisting financially any member who makes a WhipCall. The term “End User” means a member of a WhipCrowd. The term "WhipCall" means an End User's call for payment from the other End Users in the WhipCrowd in response to an risk event defined in the End User's RiskWhipper. The term "RiskWhipper" means a defined financial risk exposure . The term "WhipCallAnt" means the End User who is making a WhipCall.

The term Operator Team means the people responsible for using the RiskWhip Platform to define, create and manage WhipCrowds and can include authorized RiskWhip people.

The term Operator means the person or organization responsible for appointing Operator Teams.

Sometimes RiskWhip is also the WhipCrowd Operator.

Operators, through their Operator Teams, use the RiskWhip WhipCrowd administration tools to create and manage their WhipCrowds ("Self-Managed Service") or they can invite RiskWhip to use the WhipCrowd administration tools to manage their WhipCrowds ("Managed Service"). Each Operator appoints a WhipCrowd level support team which includes a WhipMaster who has access to the WhipCrowd’s configuration tools.

The End Users of each WhipCrowd appoint Assessors through a nomination and voting process. Assessors are responsible for the process of each WhipCall Assessment. The term "Assessment" is defined as the process of validating the creditibility of a WhipCall, typically involving a voting process involving assigned Assessors and a known pass score.

The term "Visitor" means anyone who accesses or visits the Website or Platform. The term “Site Member” means a Visitor who has signed up and provided Personal Data in the process but has not become an End User. The term “Site User” includes all of End User, Operator and anyone in the Operator support team, anyone in the WhipCrowd’s support team, Assessor, Visitor, Site Member.

The term “WhipCrowd Stakeholders” means the WhipCrowd Operators and End Users.

The term WhipFee means the fee amount called to satisfy obligations defined by a RiskWhipper generally in response to WhipCalls made by End Users.

The quality of your WhipFee payment record is defined as your “WhipFee Payment Trust Score”. Any failure to pay WhipFees before the due date can impact your WhipFee Payment Trust Score.

The term “Editable Personal Data” is defined as your Contact Details (which may include physical and email address(es), phone numbers etc), Username and Password, Security Questions and Answers, Bank Account Details, Risk Filter Settings, Assessor Status and Bio which may include one or more image files.

Ownership of Data Harvested

The data harvested from End Users is owned by RiskWhip. The Operator and Operator Team have access to this harvested data for purpose of assisting with its administration.

RiskWhip will not sell, share, or rent Personal Data to others in ways different from what is disclosed in this privacy statement. WhipCrowds are required under their Agreement with RiskWhip to not sell, share, or rent Personal Data to others in ways different from what is disclosed in this privacy statement.

Server Location

The RiskWhip servers are located in Canada and the UK.

Personal Data Harvested

The use of Personal Data collected through our Service or Platform shall be limited to the purpose of providing the Website services. We will share your Personal Data with third parties only in the ways that are described in this privacy statement. Before providing Personal Data you should consider whether you are willing to provide the requested information. RiskWhip uses this information to assist in the administration of the Service only.

You are required to create a sign-in name and password to access your RiskWhip account. The protection of your Personal Data will depend on the quality of the password you choose and on how well you protect the secrecy of your password.

When you become a Site Member or End User you are required to enter various items of Personal Data which may include, but not necessarily limited to your: name, email address and demographic such as postal code, address, date of birth and gender.

Some WhipCrowds may request other Personal Data as well. If you make a WhipCall you will be required to provide data explaining the nature of the WhipCall and typically data to help with the authentication of the WhipCall and bank account details for receiving payments.

If you are an Assessor or Assessor nominee you are also required to provide a personal biography and perhaps one or more photographs.

If you vote for a Assessor nominee your votes may be visible to End Users in the same WhipCrowd as evidence that you endorsed the nominee.

Whenever the Operator is not RiskWhip, the Operator is required to enter into an agreement with RiskWhip to use your Personal Data in a manner that is always consistent with this document, unless you have given prior consent.

WhipMasters have access to a tool for sending email invitations to people join their WhipCrowd. RiskWhip uses these emails addresses only for the purpose of sending a one-time link that identifies the recipient as an invited person. RiskWhip does not retain copies of these emails addresses.

Any time you accept a RiskWhip agreement or submit information your IP address and browser signature may be recorded along with a time stamp.

We may also collect credit card information from you when you subscribe to the RiskWhip Service. This information may include your name, email address, home address and payment information (such as credit card number). However RiskWhip does not store any credit card information as all credit card details are immediately passed to the payment gateway processing facility of XXXXXXXXX which shares the card details only with the banks in order to process the card. The XXXXXXXXXXX ecommerce platform processes all transactions via a secure session and has been independently verified as being Level 1 Payment Card Industry Data Security Standard (PCI DSS) secure.

The RiskWhip Service is trust-based. It is therefore an essential condition of use of this Service that you agree that RiskWhip can retain sufficient Personal Data to build a trust history on your performance in using the Service. Your history of RiskWhippers taken and any associated WhipCalls and WhipFee payments and the timeliness of those payments is retained permanently by RiskWhip, subject to your rights defined in this document under section heading “Retention, Changing and Deleting Personal Data” .

You maybe assigned a Personal Risk Weighting which is defined as a measure of the probability that you will make a WhipCall.


RiskWhip may share statistical demographic information with partners and advertisers. Statistical information does not identify Site Users. RiskWhip does not share, rent, or trade Personal Data with third parties for their promotional purposes.

Personal Data is disclosed on a confidential basis to service providers, such as payment processors. These companies are authorized to use your Personal Data only as necessary to provide these services to us. Otherwise, no Personal Data is shared with third parties, unless this is required by law or where we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on RiskWhip.

If RiskWhip is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or use of your Personal Data, as well as any choices you may have regarding your Personal Data.

The WhipFee Payment Trust Score of an End User is important information for WhipCrowd Operators and potentially End Users to have access to before admitting new End Users to their WhipCrowds.
If you are an Assessor or Assessor nominee in any WhipCrowd then your name, biography including any images provided, and perhaps demographics will be visible to the WhipCrowd Stakeholders.

Retention, Viewing, Changing and Deleting Personal Data

RiskWhip acknowledges that you have the right to access your Personal Data. RiskWhip respects the rights of individuals to access data that is held about them, which is protected by law in many countries.

We will retain the right to delete Site User accounts that have been dormant for more than 180 days. We will retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, enforce our agreements and to inhibit repeat failures to pay WhipFees.

You have the ability to view all your Personal Data held by RiskWhip by logging into the RiskWhip platform using your RiskWhip account and accessing the link labelled “Personal Data” which provides separate links to access your Editable Personal Data, your WhipFee Payment Trust Score and your Assessor or Assessor nominee voting record . You also have access to pages listing the history of your RiskWhippers and any comments submitted by you in the ticket history and any votes submitted for Assessor nominees.

You can amend your Editable Personal Data immediately by using your RiskWhip login credentials. Prior versions of Editable Personal Data may be retained by WhipFees in full or in part in a log file for enhanced security reasons.

The RiskWhip platform includes a “Forget me, de-activate” service. You can use the “Forget me” link in the RiskWhip platform to delete all your Personal Data providing:
* You have no live RiskWhippers.
* You have never made a WhipCall.
* Your WhipFee Payment Trust Score is not impaired.
* You are not a WhipCrowd Operator.
* All WhipFees called are paid.

“Forget me” causes the Editable Personal Data to be erased except that encrypted backup copies are retained a maximum of XX days. When Editable Personal Data is erased any RiskWhippers taken or comments submitted as tickets are retained but de-linked from any Personal Data – except if any comments submitted contain Personal Data within them. Your IP address and browser signature may be retained but de-linked from Personal Data.

If you have made a WhipCall the “Forget me” process retains sufficient Personal Data to allow the identity of the person who made the WhipCall to be determined, as may be required.

If an End User’s WhipFee Payment Trust Score is impaired RiskWhip reserves the right to retain the details of that End User’s WhipFee Payment Trust Score and sufficient Personal Data to allow identification of the same person in the event that a different RiskWhip account is created by the same person. In this case the “Forget me” process retains the required Personal Data but de-activates your RiskWhip account.

If you are a WhipCrowd Operator or Operator Team member then you cannot use the “Forget me” service.

If you are former WhipCrowd Operator or Operator Team member your Personal Data cannot be fully deleted as it may be required for future audits, legal disputes or analysis -- however you can use the “de-activate” service to de-activate your RiskWhip account.

When using the “Forget me, de-activate” service:
* Records of any RiskWhippers you created are not deleted.
* Records of any WhipCalls that you make are not deleted.
* Records of your WhipFee payments, as recorded by RiskWhip, are not deleted.

You can contact RiskWhip or the of any WhipCrowd you have joined by using your RiskWhip account signin details and raising a ticket. We will respond to any of questions related removal or amendment of Personal Data within 30 days.

EU residents have the right to cancel any consent and ask us to delete Personal Data we hold about them subject to the deletion restrictions defined in this section. As permitted by EU law we can continue to hold and process Personal Data as necessary to complete a purpose which was originally consented to.


RiskWhip may send Site Users service-related announcements when it is useful, instructive or necessary to do so. For instance, for security alerts or if the Service is upgraded or temporarily suspended for maintenance, we might send Site Users an email. End Users are likely to be sent various emails relating to the operation of the WhipCrowds they have joined or been invited to join (and not declined the invite). You will be sent emails related to any RiskWhippers you create or WhipCalls you make.

WhipCrowd Operators will typically be sent many notifications and alerts by email.

Selected members of each WhipCrowd support team have access to a WhipCrowd related bulk email service which is used to send bulk emails to End Users. As an End User you cannot opt out of these emails because they are likely to contain information important for the operation of the WhipCrowd.

Vote Secrecy

If you vote for an Assessor or Assessor nominee you should not consider this as a secret vote (unless stated as a secret vote on the voting page) as your voting record may be transparent to WhipCrowd Stakeholders.

If you are an Assessor voting on WhipCalls your Credibility Score Vote voting record may be visible to the WhipCrowd WhipMaster and RiskWhip support staff. However your voting record will not be deliberately disclosed to the WhipCallAnt or End Users unless stated as not secret on the WhipCall voting page. However if the number of Assessors required to vote on a WhipCall is only one or all Assessors select the lowest or highest possible Credibility Score Vote then the nature of your Credibility Score Vote will be transparent to End Users. If anonymity or vote secrecy is a concern you should check the WhipCrowd’s operational rule regarding disclosure of the identity of the Assessors assigned to each WhipCall Assessment.


The security of your Personal Data is important to RiskWhip. RiskWhip is meticulous about all aspects of security and protection of Personal Data. When Site Users submit sensitive information via the Platform it is protected securely both online and offline.

All Site User Personal Data is stored in high security environments. Only authorized employees who need the information to perform a specific task are granted access to those parts the Platform that may contain Personal Data. All RiskWhip employees are kept up-to-date on our security and privacy practices. Any time new policies are added, our employees are notified and/or reminded about the importance of protection and privacy of Personal Data. The servers used to store Personal Data are kept in highly secure restricted access specialized server facilities.

When you enter sensitive information (such as credit card number or email address) on our registration or order forms, we encrypt that information in the transfer process using reasonable security. We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it.

Cookies and Tracking Technologies

RiskWhip and its partners use cookies or similar technologies to analyze trends, administer the Website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

RiskWhip may use session Cookies, persistent Cookies and advertising Cookies. A session Cookie is deleted automatically after every visit; persistent Cookies shall remain upon repeated use of the Website, and advertising Cookies and third party Cookies may be used by the websites of the partners of RiskWhip which are connected with the RiskWhip Website or Platform. RiskWhip does not control the generation of those Cookies, therefore information on these Cookies can be obtained from third persons.

Normally there will not be any third party advertising on our Platform. However in the event that that third party advertising is permitted in particular on our Platform the third party partner may use Cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here or if located in the European Union click here. Please note you will continue to receive generic ads.

Also every time you visit the Platform RiskWhip may automatically collect any of the following information: Technical information, including the Internet protocol (IP) address used to connect your computer to the internet, domain name and country which requests information, the files requested, browser type and version, browser plug-in types and versions, operating system and platform; and information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

Operator Testimonials

We may post WhipCrowd Stakeholder testimonials on our Website or Platform which may contain a link to the website the person or organization providing the testimonial. We do obtain consent via email prior to posting a testimonials. The only Personal Data included in the testimonials is the name and organization and country or region of the person or organization providing the testimonial. If you wish to update or delete your testimonial, you can contact RiskWhip by signing into the Platform and raising a ticket.

Log Files

RiskWhip may use IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data to analyze trends, administer the Platform and gather broad demographic information, but not to profile individual End Users. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve analytics, or Platform functionality. IP addresses may be used to help with manual processes to track down people violating or suspected of violating, the Terms and Conditions of this Website. We do link this automatically collected data to other information we collect about you.


This Website and Platform may contain links to other websites. Please be aware that RiskWhip is not responsible for the privacy practices of such other sites. We encourage Site Users to be aware when they leave our Website via a link to another website to read the privacy statements of each and every website that collects Personal Data. This RiskWhip privacy statement applies solely to information collected by this Website and Platform.


You will not receive any emails from RiskWhip after completing the “Forget me or de-activate” process unless there is sound legal reason for RiskWhip to contact you.

Notification of Changes

The date that this policy was last updated is set out at the top of the page. We suggest you check this page from time to time and note any changes. If at any time RiskWhip would like to use Personal Data in a manner materially different from that stated at in the Privacy Statement Site Users will be notified by way of email prior to the change becoming effective and asked for consent to the change by way of return email. If consent is not given or the email is ignored the manner in which Site Users details are used will not be changed.

Contact Information

If you need any help you may contact the Privacy Officer. If necessary, the Privacy Officer will contact another employee to assist in completing your requested task.

If you have any questions or complaints, please contact the Privacy Officer. We endeavor to provide a written response to complaints within 45 days, unless we need additional information to respond to the complaint. If you are not satisfied with our response, you have the right to complain to relevant government agencies including the Office of the [Australian Information Commissioner (this needs to work for other countries)].