Whoscall Privacy Policy

Effective Date: June 26, 2025

Table of Contents

1. PERSONAL DATA COLLECTION 2. PERSONAL DATA USE, LEGAL BASES 3. RETENTION OF YOUR PERSONAL DATA 4. SHARING OF YOUR PERSONAL DATA 5. INTERNATIONAL TRANSFERS 6. YOUR DATA PROTECTION RIGHTS AND OPTIONS 7. CHILDREN'S PRIVACY 8. INFORMATION SECURITY 9. COOKIES POLICY 10. LINKS TO OTHER SITES 11. CHANGES TO THIS PRIVACY POLICY 12. CHIEF PRIVACY OFFICER AND CONTACT INFORMATION 13. COUNTRY-SPECIFIC ADDITIONAL DISCLOSURES

This Privacy Policy sets out the privacy practices and policies for Gogolook Co., Ltd. (“we”, “us” or “Gogolook”) regarding the collection, processing, use, protection and sharing (collectively, “processing”) of personal data in association with all of our services, software or products (collectively, “Services”) provided under the brand name “Whoscall”, which include but are not limited to: the Whoscall Application and all related features and services (the “Software”), the Whoscall membership and subscription scheme, and the website at <https://whoscall.com/> and all associated sub-domains (the “Website”), and Whoscall social media presence such as on Instagram, Threads, etc.

Personal data (also known as “data” or “personal information” under applicable law), means any information that directly or indirectly identifies, relates to, describes or is reasonably capable of being associated with a natural person, whether a Whoscall user or non-user.

The rights and choices you have about your personal data are also described in this Privacy Policy. You may elect whether to provide us with your personal data. However, if you elect not to provide the required information for member registration or use of the Services, or if you provide uncomplete or incorrect information, you may not be able to use all or any portion of the Services.

This Privacy Policy constitutes a part of our Terms of Service. We suggest you read this Privacy Policy carefully. When you use our Services, our collection, processing, use, protection and disclosure of your personal data are bound by this Privacy Policy. Your privacy rights may vary based on your individual circumstances and the laws applicable to you. This Privacy Policy is not intended to conflict with any applicable local privacy laws. In the event of conflict, the applicable local privacy laws may prevail.

Upon your use of the Services, you will be deemed to have acknowledged that you have read and understood and agree our collection, processing, usage and storage of your personal data in accordance with the Privacy Policy. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES OR PROVIDE YOUR PERSONAL DATA TO US.

1. PERSONAL DATA COLLECTION

We may collect your data through your computer, mobile phone or any other devices used by you to access the Website, the Software and/or the Services. The categories of personal data we collect depend on the Services you use, and the requirements of applicable law.

1.1 Personal Data that You Provide

The personal data we will ask you to provide with information fields marked with an asterisk (*) or otherwise indicated as mandatory, are required in order to create your account, process your subscription, enable the Services, or comply with the law. You may also have the option to provide us with additional personal data to help improve our scam detection systems or to personalize your experience.

For your membership registration and/or your use of the Website, the Software and/or the Services and/or your participation in the activities held by Whoscall, we may collect the following data from you or, subject to your consent, from third-party service providers (e.g. Google, Facebook, Apple or e-payment service providers). Please note that the third-party tool, platform or other service you use may operate under their own terms of service and privacy policies, which may be different from those of our Services (see Section 10 “Links to Other Sites”) below:

Personal identity data: such as, name, phone number, email address, address and internet platform account;
Identity data in government data: such as ID number, company registration number, tax identification number;
Details of other family members: such as children, dependents, other family members or relatives, parents;
Other social relationships: such as friends, colleagues, and other non-family relationships;
Security details: such as passwords, security codes, and authorization levels;
Unclassified data: SMS content, tags or annotations you provide for your own or related phone numbers, screenshots, pictures, details of (suspected) scams you encounter, and any other letters, files, reports, or emails that cannot be categorized; and
Any other information you choose to give us: such as when you fill in a form via the Services, submit your inquiry, comment or request, or otherwise communicate with us.

1.2 Automatically Collected Personal Data.

We may collect your data automatically in the course of your use of the Website, the Software or the Services. Such data includes, but is not limited to, the following categories:

Services usage information: Information associated with your use of the Website, the Software and the Services, such as registration records, login timestamps, landing page visits, call or SMS filtering actions, number lookups or block records, OCR recognition results from user-provided content, and general browsing behaviors, such as visits, searches, clicks on the Website or the Software.
Account information: Information associated with your Whoscall account, including your subscription status, and your account settings.
Network connection information: Information associated with your internet or mobile network connection, such as your IP address, mobile carrier, internet service provider, and the quality of your communication service.
Device information: Technical data about your device, including but not limited to device name and operating system, browser type and language, mobile device identifiers (e.g. advertising IDs), and license-related information (e.g. unique device identifiers).
Log data: Logs and technical records generated by your use of the Website, the Software and the Services, including but not limited to application usage records, log files, access timestamps, diagnostic or crash reports, system performance logs, error messages or reports, and aggregated usage history.
Demographic and location data: Location data derived from your IP address, used solely to determine your approximated country or region.
Cookies and similar technologies: Information collected using cookies or other tracking technologies. For further details, please refer to Section 9 Cookies Policy.

1.3 Additional Personal Data Collected from Third Parties or Publicly Available Sources.

In the course of providing the Services, we may collect additional personal data about you through cooperation with third parties or from publicly available sources. These third parties may include, but are not limited to, local subsidiaries, local distributors, industry associations, social networking sites, data analytics providers and advertising networks, which may involve collecting supplementary information about you, such as:

Information provided by Whoscall users: If you are a non-user of the Services, your contact information (e.g., phone number, Caller ID) or correspondence with a Whoscall user (e.g. SMS) may be provided to us by Whoscall users. For example, your phone number may appear in their contact list or be used for call filtering or scam reporting purposes. For information on how to make a complaint about the filtering result, see our Terms of Service.
Scam and fraud information: Information related to scam and fraud detection and prevention may be obtained from government authorities or business partners, or other publicly accessible databases, etc.

2. PERSONAL DATA USE, LEGAL BASES

We are processing your personal data for a variety of business purposes associated with the operation and management of our Services, or the compliance with the law, as further detailed below. The personal data will be used in Taiwan and any and all territories where the Services are provided, including any and all territories where we, in our reasonable commercial judgement, deems necessary to use such personal data.

2.1 To Enable the Services

In order to enable the Services, we collect and process personal data for:

Account creation and management: To create and manage your account, including verifying your login credentials, confirming your acceptance of our Terms of Service, and saving your account settings.
Subscription and payment processing: To process your subscription, trial application, or refund request, including but not limited to, by confirming your order, verifying your payment or any discount applicable, issuing invoice, and processing refund upon your request.
Service provision and access: To provide access to the Services, enable features under your subscription, and perform any specific service you request.
Campaign and event participation: To manage your participation in online/off-line events, including but not limited to, by confirming your eligibility to participate, sending you winner notifications, and delivering prizes.
Service-related communication: and Customer support: To send you Service-related notifications, such as subscription confirmations, invoices, updates to our warranty policies, and account security alerts, and to respond to your inquiries and provide customer support, including but not limited to, by forwarding your request to our relevant teams, contacting you for further details, arranging you replacements, and maintaining internal records of the request handling process.
Platform security and policy enforcement: To ensure the safety, security, and integrity of our Services, including but not limited to, by forming ongoing account verification and investigating and addressing violations of our Terms of Service.
System management and statistical analysis: To manage and maintain the Services, and other systems, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.

2.2 To Improve and/or Develop the Services

In order to improve and/or develop the Services the we may provide, we collect and process your personal data for:

Personalized service experience: To customize your experience with the Services by enabling specific features or device-level settings, such as accepting analytical cookies.
Service efficiency and module integration: To aggregate user information across different modules within the Services in order to enhance operational efficiency and centralized management.
Product development: To improve, optimize, enhance the Services, evaluate new features and functionalities, and develop new product/service components.
Performance monitoring and metrics: To collect and aggregate metrics (such as website traffic, load speed) for the purpose of monitoring service performance, ensuring reliability, and improving service quality.
User engagement and feedback: To manage our relationship with you and gather your feedback regarding your experience with the Services.

2.3 To Comply with Applicable Law, to Protect Us or A Third Party

On the basis of our legal obligation under the applicable laws, our legitimate interest in protecting our operations, and/or the necessity to safeguard the vital interests of you or of another natural person, we collect and process necessary personal data for:

Compliance with legal obligations: To comply with legal obligations to which we are subject, such as sharing your information in accordance with a request by a competent court or other law enforcement authority, or collect personal data from government entities, courts, or law enforcement agencies in detecting and handling scam and fraud.
Contract enforcement: To enforce our Terms of Service or other contracts with you.
Accounting and financial administration: To perform internal accounting and financial activities such as auditing and tax withholding.
Security and risk mitigation: To maintain security and integrity of the Services and network infrastructure, investigate suspect misconduct, prevent, or act in reprisal in the event of suspected illegality or fraud, and to protect the safety, rights, or property of us, our users, or the other person.
Group-wide risk management: To share any relevant information within our affiliates and group entities for the purpose of detecting, preventing, or mitigating fraud and abuse involving our IT systems.
Legal proceedings and right defense: To establish, exercise, or defend a legal claim, including by obtaining legal counsel or initiating or participating in legal proceedings where necessary.
Cooperation with authorities or partners: To share relevant information with competent government authorities or other third parties for purposes of scam detection and prevention.

2.4 To Market the Services and Other Products/Services

On the basis of your consent and/or our legitimate interest in promoting the Services and other related offerings, we may collect and process personal data for: Promotional offers and targeted advertising: To provide personalized promotional offers through the Services as well as via other websites and services
Marketing communications: To deliver marketing communications through available channels, including by email or via social media messages.
User behavior analysis: To track content you access in connection with the Services and your online behavior.
Advertising optimization: To deliver, manage, and improve our advertising strategies and practices across applicable media.

We may use remarketing/retargeting services provided by Google, Facebook, etc., to advertise the Services on third party platforms based on data collected during your previous interaction with the Services. We, and our authorized third-party vendors may deploy cookies and/or advertising identifiers to inform, optimize and serve ads based on your access and usage history of the Services. Depending on the privacy settings on your device, the information collection may be initiated immediately when you launch our Services.

Our use of remarking or retargeting services will remain fully subject to the privacy settings on your device, and will comply with applicable platform policies. For information on how to manage or opt-out from personalized advertisements, see Section 6 “Your Data Protection Rights and Options” below.

With your consent, we may collect and process your personal data for additional purposes, such as conducting research, or other promotional activities or events sponsored or managed by us or our business partners. When we do so, we will always seek your prior consent.

3. RETENTION OF YOUR PERSONAL DATA

We retains your personal data only for as long as necessary to fulfill all of the purposes for which your personal data was collected. We will not retain your personal data for longer than is necessary for our business purposes or for legal requirements. The retention periods of your personal data are determined on a case-by-case basis that depends on the following factors:

Nature and purpose of data processing: If you are a Whoscall user, the length of time we will retain your personal data will generally be determined by how long we need that information to provide you with the Services, including any optional features you use and to provide customer support. For example, we generally keep your account information for the lifetime of your account, however, if you uninstall or do not use the Whoscall Application for more than 12 consecutive months, it will be deemed that you have stopped using the Services, and we will delete your personal data. If you are a non-user of the Services, we will not retain your personal data after completion of the analysis of your communication with a Whoscall user. Notwithstanding the foregoing, personal data may be retained if it is associated with scam or fraud.
Operational needs: Under certain circumstances, we need to store personal data for operational needs. For example, when you opt out of receiving promotional communications, we will keep your contact details (such as phone number and email address) in our opt-out recipient list.
Legal reasons. In certain cases, we keep your personal data to meet legal requirements, including when you request deletion of such information. For example, there may be instances where we are legally required to retain your personal data for a certain period of time. Order histories and email correspondences with us may also be retained for several years after you have ceased using the Services, if this is necessary for us to fulfill a legal obligation or to establish, exercise or defend a legal claim.

When we no longer need to retain your personal data, we may need a reasonable period of time to remove or anonymize that information from our systems. Unless otherwise provided for under this Privacy Policy or permitted by and applicable law, we will not use any personal data in a way that might identify you after the purpose of collection of that information no longer exists.

We will not rent, loan, lease or sell your personal data to any third party. Your personal data may only be accessed by a third party under specific and limited circumstances as outlined below:

4.1 Our Service Providers

We engages third-party service providers to facilitate, provide and improve the Services. These third-party service providers may process your personal data, only at and according to our instructions, for purposes of Service-related tasks, such as hosting, user support, advertising, analytics and fraud prevention. We also ensure that these service providers are contractually obligated to take appropriate organizational and technical measures to ensure safety. Such third-party service providers include:

Network infrastructure support: We use services of network infrastructure service providers for data processing, data hosting and infrastructure. We may also rely on external services providers for content-generation functionality of the Services.
Payment processing: We work with designated payment service providers that may assist us with the processing of your payment, such as when we send you electronic invoice for your order.
We work with our group entities that may assist us with the operation of the Services.
Analytics services: We use analytics services by Google, Facebook etc., to understand how the Services is used, to optimize user experience, to facilitate the continuous development of our Services, and to help with our marketing.
Internal systems and communication: We use third-party cloud-based software and online services to assist us with internal management of information (such as when we pass your inquiry to the appropriate team), and our communication with you.
Advertising and marketing: We work with Google and other advertising partners to market the Services and our other products/services, including by providing you with interest-based ads.

4.2 Business Partners

We may cooperate with other business partners in detecting and handling data breaches, illegal activities, and fraud, and in managing and improving the Services. For example, when analyzing whether your communication is scam, we may share the communication with our business partner for verification with their records.

4.3 Other Users

Other users may be able to receive your personal information via the Services when you choose to do so. For example, when you leave your comments on our social media.

4.4 Public Authorities, Other Organizations

In accordance with the applicable law and/or per a legally made request, we may provide your personal data to public authorities. We may also disclose your personal data to protect our rights, property or safety of us, our users or others, or on basis of your consent.

4.5 Mergers and Acquisitions

If we are involved in a merger, acquisition or asset sale, your personal data may be transferred as a portion of our assets. Where appropriate, we will notify you in advance if your personal data is transferred and becomes subject to a different privacy policy.

5. INTERNATIONAL TRANSFERS

We are based in Taiwan and operate the Services across the globe. Depending on your region and the portion of the Services you use, your personal data may be stored on servers controlled by us or our hosting service provider located in Taiwan, the USA or Japan. In certain cases, we may need to transfer your personal data to a different jurisdiction (a “third country”), which may be of a different level of privacy protection than that are applicable in yours. Where we do so, we rely separately, alternatively, and independently on the applicable legal basis. We take steps to ensure that adequate safeguards and mechanisms are in place for the protection of your personal data, which, depending on the jurisdiction you are in, may include:

Using standard contract clauses to ensure that the recipient of your personal data in a third country is contractually obligated to provide an adequate level of protection;
Ensuring the third country that your personal data are transferred to is one that is recognized by your jurisdiction as offering an adequate level of protection; or
Relying on other compliance tools or derogations allowed under the applicable law.

If you would like to know more about these safeguards, please let us know via the Contact Us function on the Website, or by contacting us with the details listed in Section 13 below.

6. YOUR DATA PROTECTION RIGHTS AND OPTIONS

6.1 Your Data Protection Rights

We believe you should always have control over your personal data. The rights available to you depend on our reason for processing your data, and the applicable law, which may include:

The right of access –You may ask us for a copy of your personal data that we process and details on how we process your data (such as purposes of processing, sources of the data, your related rights, etc.).
The right to rectification – You may ask us to correct inaccurate data or to complete any missing data.
The right to erasure – Subject to the Privacy Policy, you may ask us to erase/delete your personal data.
The right to restrict processing – Subject to the Privacy Policy, you may request that we temporarily or permanently restrict the processing of your personal data.
The right to object to processing – Subject to the Privacy Policy, you may object to how we use your personal data.
The right to data portability – Subject to the Privacy Policy, you may ask us to transfer your personal data you have provided us in a structured, commonly used and machine-readable format directly to you, or to another party to the extent technically feasible, under certain conditions.
Right not to be subject to automated decision-making – You have the right not to be subject to a decision based solely on automated decision making (including profiling) with your personal data, where the decision would have a legal effect on you or produce a similarly significant effect.

Where we process your personal data on the basis of your consent, you will always have the right to withdraw your consent at any time. Please note your withdrawal of consent does not impact on the lawfulness of processing prior to such withdrawal, and that we may rely on other legal bases to process that personal data after your withdrawal.

If you wish to exercise any of your data subject rights described above, you can make a request by contacting us at our email: privacy@gogolook.com, or use the [Contact Us] function on the Website or in the Software. We will respond to all requests in accordance with applicable laws and within a reasonable timeframe. To the extent permitted by the applicable law, you may also appeal our decision on your request by contacting us in any of the ways provided above.

To protect your privacy, we may also take additional steps to verify your identity before fulfilling your request. To the extent permitted by the applicable law, you may designate an authorized agent to submit a request on your behalf to exercise your rights. When doing so, you need to provide that authorized agent with written and signed permission to submit such request, in addition to verifying your own identity directly with us.

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may lodge a complaint with the relevant supervisory authority.

6.2 Direct Marketing Communications

With your consent, we may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may object to personal data processing for direct marketing purposes at any time. You may opt out of receiving any, or all, of these communications from us by following the instructions provided in such communications. The updated settings may not be effective immediately, but we follow your instructions as soon as reasonably feasible. Please note that you may still continue to receive non-promotional emails from us, such as order confirmation, delivery notice, account security alerts, important changes regarding the Services, or updates to this Privacy Policy.

6.3 Behavioral Remarketing/Targeted Advertising

You may opt out of targeted ads by disabling advertising and tracking cookies in your browser, or by refusing tracking in your device’s privacy settings. For more information, see Section 9 Cookies Policy.

7. CHILDREN'S PRIVACY

The Services are not intended for anyone younger than 18 years of age, or of any age under the applicable law that is unable to independently give valid consent to data collection (the “Restricted Age”). We encourage parents and guardians to observe, participate in, and/or monitor and guide their children’s online activity.

We do not knowingly collect any personal data from anyone under the Restricted Age. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If we become aware that we have collected personal data from someone under the Restricted Age, we will take steps to remove that personal data from our servers, unless we have a legal obligation to keep it.

8. INFORMATION SECURITY

We value your trust in providing us with your personal data, thus we are striving to use commercially acceptable means of protecting it. Though no method of transmission or storage is 100% secure, we are continuously developing and implementing organizational and technical security measures, including pseudonymization, hashing and/or encryption of your personal data, and access control to our servers, to safeguard the confidentiality, integrity and availability of your personal data, and to protect your personal data from unauthorized access or disclosure, destruction, loss, misuse or alteration.

Despite our endeavor to protect your personal data, there is an inherent risk of encountering an unexpected security breach. We have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. COOKIES POLICY

We use cookies (small, often encrypted, text files that are stored on your computer or mobile device) and similar technologies (“Cookies”) to help operate our Website and other portions of the Services. This section explains how we use Cookies to collect information about the way you use our Services, and how you can control them.

9.1 What Are Cookies?

Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive. A Cookie typically contains the name of the domain (internet location) from which the Cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A Cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using our Services.

Web beacons (also called pixel tags or clear GIFs) are another type of data collection technology. A web beacon is computer code that enables us to monitor user activity and website audience.

9.2 Why Use Cookies?

Cookies help us improve the Services and your experience thereon by customizing your experience, helping us analyze usage, technical and browsing metrics as well as detecting and preventing fraud. Cookies, by themselves, generally do not tell us information that are directly identifiable to you. However, they may store personal data that you provide us via the web forms. You may voluntarily de-activate and/or eliminate cookies by following your Internet browser’s instructions.

9.3 Types of Cookies We Use

To help you better understand why we use Cookies, the Cookies we use on our Services can be grouped into the following categories:

Necessary or Essential Cookies: These Cookies are essential for the proper functioning of the Services. For example, we may use Cookies to authenticate you. When you log on to our Services, authentication Cookies are set which let us know who you are during a browsing session.
Functionality or Analytical Cookies: Functionality Cookies are used to enable certain additional functionality on our Services, such as storing your preferences (e.g. language selection) and preventing users from participating in the same event multiple times. Analytics Cookies collect information about your use of the Services and allows us to see the overall patterns of usage of the Services to improve the way the Services work.
Targeting Cookies: These Cookies are used to deliver information related to our Services to an identified device (not necessarily a specific individual) which has previously been used to visit our Services. Some of these types of Cookies on our Services are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to our Services.

9.4 How to Manage Cookies

Depending on the type of Cookies and your device settings, you may manage your Cookie preferences in different ways, as detailed below. Please note that:

If you choose to restrict, disable or block any or all Cookies through your web browser or mobile or other device, the Services may not function properly. This may affect your access to or experience with our Services. We shall not be liable for any impossibility to use the Services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.
Even if you opt out of analytics tracking and targeted advertising, you might continue to see non-personalized advertisements from us via our partners. For example, you might visit a website containing video conferencing tool comparisons. Based on your interest, our partners might serve you with the Services advertisements.
You may accept, reject or delete Cookies through your web browser settings or your device’s privacy settings. To do so, please follow the instructions provided on official support information pages (usually located within the “Privacy” settings).

10. LINKS TO OTHER SITES

Our Services may contain links to other websites or services. If you click on a third-party link, please understand that you are leaving the Services and any personal data you provide will not be covered by this Privacy Policy. Please be aware that we cannot control or be held responsible for third parties’ privacy practices and content. We strongly advise that you review their privacy policies.

11. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in the applicable law. We will notify you of any changes by posting the new Privacy Policy on this page, and by other means as appropriate under the circumstances.

We encourage you to read this Privacy Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Policy. If we make any material changes, we will notify you as required under applicable law, including by posting a notice in the Services prior to the change becoming effective. Your continued use of the Website, the Software and/or the Services after the effective date will be subject to the new Privacy Policy.

12. CHIEF PRIVACY OFFICER AND CONTACT INFORMATION

We have designated a Chief Privacy Officer (CPO) as the officer specifically responsible for personal data protection. In certain jurisdictions, we may also appoint a Data Protection Officer (DPO) to assist individuals with privacy-related inquiries and concerns. If you have any questions or suggestions about our Privacy Policy, you can contact us, the CPO, or the designated DPO (where applicable) at:

Chief Privacy Officer	privacy@gogolook.com dpo@gogolook.com	6th Floor, No. 319, Section 2, Dunhua South Road, Da'an District, Taipei City, Taiwan
	Data Protection Officer
Malaysia	privacy@gogolook.com dpo@gogolook.com cary_ching@gogolook.com
Philippines	privacy@gogolook.com dpo@gogolook.com mel.migrino@gogolook.com

13. COUNTRY-SPECIFIC ADDITIONAL DISCLOSURES

Certain jurisdictions impose additional requirements regarding the processing of personal data. This section supplements the other provisions of this Privacy Policy and provides jurisdiction-specific disclosures are required by applicable laws.

Privacy Policy2025/06/26