GDPR Compliance


What is GDPR?

Does my organization need to worry about GDPR?

Key GDPR Terms

Wild Apricot’s role as a Data Controller and Processor

How Wild Apricot Addresses Data Subjects Rights?

Use of 3rd party processors

Where can I find what data you collect and for what purpose?

Data Processing Addendum

Contact Information


What is GDPR?

General Data Protection Regulation (GDPR) “regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU”.

See GDPR home page


Does my organization need to worry about GDPR?

  • If you collect, store or process personal data of EU residents then GDPR applies to you, irrespective of where you yourself might be located.
  • It is your duty to familiarize yourself with GDPR and make sure your Wild Apricot site is GDPR compliant
  • We recommend consulting a lawyer/GDPR expert to properly ascertain if GDPR is applicable to you, and if so verify if you are compliant.

Key GDPR Terms

  • Controller
    • Entity that determines the purposes, conditions and means of collecting Personal Data
  • Processor
    • Entity that processes Personal Data on behalf of a Controller
  • 3rd party processor
    • A sub-processor retained by the Processor to assist with Processing activities
  • Personal Data
    • Any information that relates to an identified or identifiable living person e.g. name, home address, email address, IP address, Identification card
  • Data subject
    • An identifiable person whose personal data is being processed
  • Processing
    • Any operation performed on Personal Data, such as collection, recording, organizing, storage, adaptation, retrieval, restriction or destruction

Wild Apricot’s role as a Data Controller and Processor

  • Data Controller
    • When people register and create a Wild Apricot account we collect, store and process their personal data in order to allow them to securely access, operate and pay for their accounts
  • Data Processor
    • Wild Apricot is used to help simplify and automate membership tasks for organizations and their members.
    • Through our contract with the organizations (our clients) we act as a data processor. We collect, store, and process data on their behalf and at their request.

How Wild Apricot Addresses Data Subjects Rights?

  • Consent collection
    • In our role as a Data Controller everyone has to agree to our terms of use in order to use our service. They can opt-out or delete their accounts at anytime.
    • In our role as a Data Processor it is the obligation of the data controller (Wild Apricot site owners) to ensure that they have collected consent and made clear that personal data is being collected for the purposes served by the Wild Apricot platform. See adding consent fields
  • Right to access / Right to portability
    • Our clients can access their personal data at anytime, and we can export it them upon request
    • Wild Apricot site owners (administrators) can access, edit and export their own and member data at anytime. Their members can also access and edit their profiles
  • Right to Erasure / Opt-out
  • Notification in the event of a Data Breach
    • We will notify account owners within 72hrs in the case of a data breach

Use of 3rd party processors

  • We make use of third party services in the infrastructure, reporting, analytics, billing and customer service. It is our obligation to ensure that the processing of data on our behalf is also GDPR compliant.

Where can I find what data you collect and for what purpose?


Data Processing Addendum


Contact Information

  • For questions and concerns regarding GDPR compliance please use our Contact Us Page

 

You can find out more about Wild Apricot's security procedures by clicking here to visit our page on Keeping Your Wild Apricot Account Secure.

Search: WildApricot.com 

About results ( seconds) Sort by: 
Sorry, an error occured when performing search.