Data Member Engagement Privacy Policy Security

Wicket and GDPR

Data privacy is an extremely important topic, and lately, we’ve seen more and more media coverage and discussion about it. High-profile data breaches, and misuse and abuse of Facebook user data by third parties have dominated the headlines the past few months. Governments across the world have been working for years on creating laws that adequately protect consumer’s privacy. The European Union is set to release the newest consumer privacy laws this month.

On May 25, 2018, the EU General Data Protection Regulation (GDPR) comes into effect. This new regulation replaces Data Protection Directive 95/46/EC and harmonizes data privacy laws across Europe. The GDPR affects any person, organization, or entity who processes and/or stores data of citizens of the EU. Wicket and some of our clients fall under these new regulations.

Your organization as the Data Controller

Article 4 of the GDPR defines “Data Controller” as:

“(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;”

By collecting the data from your EU members or contacts, you and your organization are acting as the Data Controller. This data includes an EU citizen’s name, email, social media posts, IP addresses, or other metadata. So, how can you comply?

  1. Ensure you have obtained explicit, opt-in, and freely given consent from the user to gather and store their data. This consent can be withdrawn by the user at any time.
  2. When requested by a user, you must permanently delete all personal data you have collected about them
  3. When requested by a user, you must provide them with all personal data you have collected about them
  4. We recommend seeking legal advice to ensure your Privacy Policies cover you under the GDPR as you must be clear in how you are storing and using personal data

Wicket as the Data Processor

Article 4 of the GDPR defines “Data Processor” as:

(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Your user data is processed and stored by Wicket. Wicket can help you obtain explicit consent from users, delete user data, and export collected data. For deletion and export of data please contact Wicket Support.

Wicket’s data is processed and stored on servers located in Canada. Canada is listed as a “Secure third country” by the European Union. The EU has confirmed that commercial organizations within Canada must adhere to privacy laws comparable to those in the EU. This means that data of EU citizens can be transferred to, and processed by, Wicket.

More information about Wicket as the Data Processor can be found in our Privacy Policy


Wicket uses several industry-leading sub-processors for services such as hosting, email processing, credit card processing, and service monitoring. The services are as follows, and all have voluntarily certified to the U.S. Department of Commerce that they comply with the EU-U.S. Privacy Shield Framework

Amazon Web Services

Host for Wicket

Amazon’s official certification

Postmark by Wildbit

System email processing for Wicket

Wildbit’s official certification

Sentry by Functional Software

Error logging and monitoring for Wicket

Functional Software (Sentry)’s official certification

Google Maps

Geocoding of person record addresses for displaying on Google Maps

Google’s official certification


Credit card processing in Wicket

Moneris is a Canadian company and therefore can store, process, and transfer EU data.


Feature usage tracking in Wicket

Mixpanel’s official certification


Support ticket & knowledgebase system

Zendesk’s official certification


If you have any questions about Wicket’s role in helping you adhere to GDPR, please reach out to Wicket Support. For legal questions, we suggest seeking legal counsel.

Dig deeper into the GDPR

Seeing is believing

Get a free demo

This website uses cookies. By continuing to use you will be agreeing to the website Terms and Conditions while using the website and our services. Please also read our Privacy Policy under which, to the extent stated, you consent to the processing of your personal data.