GDPR Compliance
Effective Date: August 13, 2018
What is GDPR?
Does my organization need to worry about GDPR?
Key GDPR Terms
WildApricot’s role as a Data Controller and Processor
How WildApricot Addresses Data Subjects Rights?
Use of 3rd party processors
Where can I find what data you collect and for what purpose?
Data Processing Addendum
Contact Information
What is GDPR?
General Data Protection Regulation (GDPR) “regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU”.
See GDPR home page
Does my organization need to worry about GDPR?
- If you collect, store or process personal data of EU residents then GDPR applies to you, irrespective of where you yourself might be located.
- It is your duty to familiarize yourself with GDPR and make sure your WildApricot site is GDPR compliant
- We recommend consulting a lawyer/GDPR expert to properly ascertain if GDPR is applicable to you, and if so verify if you are compliant.
Key GDPR Terms
- Controller
- Entity that determines the purposes, conditions and means of collecting Personal Data
- Processor
- Entity that processes Personal Data on behalf of a Controller
- 3rd party processor
- A sub-processor retained by the Processor to assist with Processing activities
- Personal Data
- Any information that relates to an identified or identifiable living person e.g. name, home address, email address, IP address, Identification card
- Data subject
- An identifiable person whose personal data is being processed
- Processing
- Any operation performed on Personal Data, such as collection, recording, organizing, storage, adaptation, retrieval, restriction or destruction
WildApricot’s role as a Data Controller and Processor
- Data Controller
- When people register and create a WildApricot account we collect, store and process their personal data in order to allow them to securely access, operate and pay for their accounts
- Data Processor
- WildApricot is used to help simplify and automate membership tasks for organizations and their members.
- Through our contract with the organizations (our clients) we act as a data processor. We collect, store, and process data on their behalf and at their request.
How WildApricot Addresses Data Subjects Rights?
- Consent collection
- In our role as a Data Controller everyone has to agree to our terms of use in order to use our service. They can opt-out or delete their accounts at anytime.
- In our role as a Data Processor it is the obligation of the data controller (WildApricot site owners) to ensure that they have collected consent and made clear that personal data is being collected for the purposes served by the WildApricot platform. See adding consent fields
- Right to access / Right to portability
- Our clients can access their personal data at anytime, and we can export it them upon request
- WildApricot site owners (administrators) can access, edit and export their own and member data at anytime. Their members can also access and edit their profiles
- Right to Erasure / Opt-out
- Notification in the event of a Data Breach
- We will notify account owners within 72hrs in the case of a data breach
Use of 3rd party processors
- We make use of third party services in the infrastructure, reporting, analytics, billing and customer service. It is our obligation to ensure that the processing of data on our behalf is also GDPR compliant.
Where can I find what data you collect and for what purpose?
Data Processing Addendum
Contact Information
- For questions and concerns regarding GDPR compliance please use our Contact Us Page
You can find out more about WildApricot's security procedures by clicking here to visit our page on Keeping Your WildApricot Account Secure.