WickedSociety.com’s GDPR Compliance
WickedSociety.com needs to gather and use certain information about individuals, to enhance experience & understand some qualitative & quantitative dimensions regarding the individuals, thus optimizing the whole company as an active feedback loop. These individuals may include customers, affiliates, business contacts, employees and other people the organisation has a relationship with or may need to contact.
At WickedSociety.com we are committed to protecting your data, for which the protocols have been exercised as described in our privacy policy.
GDPR stipulates strict protocols and practices regarding the way individuals data collection and consent is managed. By adhering to these regulations, WickedSociety.com further demonstrates our commitment to protecting our customer’s data security and privacy, empowering our customers with the control of how their consent is collected, recorded and used.
Addressing EU General Data Protection Regulation (GDPR) Principles.
The GDPR protection law describes how organisations — including WickedSociety.com — must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The EU General Data Protection Regulation (GDPR) is underpinned by eight important principles. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
Why this policy exists
This data protection policy ensures WickedSociety.com:
- Complies with data protection law and follow good practice
- Protects the rights of customers, staff, affiliates & partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
Focus on Privacy & Security
Our view at WickedSociety.com is that, the customer data is one of the most valuable assets a company has, and when this data is provided to us, our job is to secure it and use it only for the purpose it was provided to us.
Having been through security and privacy audits, WickedSociety.com will fully be compliant with the General Data Protection Regulation (GDPR) protocols.
Providing Information
WickedSociety.com aims to ensure that individuals are aware that their data is being processed, and that they understand:
- How the data is being used
- How to exercise their rights
To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.
This is available on request. A version of this statement is also available on the company’s website.
Lawful basis for processing
WickedSociety.com obtains consent from users who agree to Terms of Service Agreement, Data Processing Addendum, and Privacy Policy when signing up to our platform. Users can withdraw consent at any time by placing a formal request with us.
Data subject rights
WickedSociety.com has enacted policies to protect users’ rights. We allow WickedSociety.com users to opt-out of our notifications, and will always respond to any data access requests.
Deletion of Data
At the end of your engagement with WickedSociety.com, you can request the deletion of any data sent to us for verification. We always comply with these requests.
Data Processing Activities
In compliance with GDPR, we maintain a record of our processing activities. We provide this information to our customers once a formal request is placed with us.
Data breach notifications
We do our very best to protect your data, though the unexpected could happen. We are committed to always being fully transparent and notifying the supervisory authority and all affected parties according to the GDPR requirements.