Since the implementation of GDPR in 2018, and the subsequent rollout of comprehensive global privacy laws like CCPA, LGPD, and others, Wicked Reports has remained committed to securing customer data. We continue to evolve our data processing practices to address these ongoing regulations.
We have implemented a few minor changes to make this more straight forward for you all, and I wanted to let you know what we’re doing to accommodate these regulations and to help ensure our own compliance as well as make it easier for you to assure your own.
In order to provide our services, we obviously need to use and store some personally identifiable information (PII) about you, our client, and your business. We wouldn’t be able to provide services to you otherwise. But we also know that just because you’ve chosen to do business with us, doesn’t mean you want to get hammered with marketing from us non-stop.
We are still in the process of separating our client promotions and marketing from necessary business communications about things like account alerts, Terms of Service updates, and billing notices and will continue to improve that experience for you over time.
We have also updating our Terms and Conditions to reflect that, as part of doing business with us, you acknowledge the necessity of our communicating with you and will remain diligent about not abusing that relationship.
As far as our role as the Data Processor for your business, we are also implementing a few things there to help you be GDPR compliant with respect to your handling of your customer data and PII.
For our EU-based clients, we have a Wicked Reports EU-GDPR Compliant Data Processor Agreement that we can enter into with you. If this applies to you, please email support@wickedreports.com and we will send you the doc to be e-signed and once complete, we will countersign and you'll have the fully signed doc in your email.
We provide a Wicked Reports Data Processing Agreement (DPA) that covers major global regulations, including GDPR and CCPA. If a DPA is required for your compliance, please submit a request through the Support menu of your account or email support@wickedreports.com.
While we may anonymize your data for benchmarking, analysis, and reporting, we never market to, or share your customers or prospects information, with any 3rd parties.
We have updated Terms and Conditions and Privacy Policies to codify these changes. If you require a data processing agreement with us, please download, sign, and return the agreement to support@wickedreports.com for countersigning.
If you have any other questions or concerns, please email support@wickedreports.com and one of our Customer Success Reps will help you out.
Otherwise, please know that we are doing everything we can to protect your data and provide valuable analysis and reporting to all of our customers.
FAQ
How has Wicked Reports updated its data handling beyond the initial GDPR deadline?
Since 2018, Wicked Reports has expanded its compliance efforts to address regulations like the CCPA (California Consumer Privacy Act) and other global privacy mandates. We treat PII handling, customer data removal, and communication preferences as an ongoing compliance effort, not a one-time change, ensuring our clients can operate globally with confidence.
What specific steps are taken to ensure my customer's PII is removed upon request?
For Right to Be Forgotten or data removal requests (DSARs), clients notify us via the support channel. Wicked Reports then scrubs the Personally Identifiable Information (PII) from the customer's click history, tracking, and reporting data within the required regulatory window (typically 30 days), ensuring compliance while retaining essential, anonymized attribution data for historical analysis.
In a privacy-first world, how can Wicked Reports still provide accurate marketing attribution?
Wicked Reports is built to succeed in a cookieless future by prioritizing methods that link customer events to unique, compliant identifiers. We focus on first-party data collection and robust CRM/shopping cart integration, ensuring that critical metrics like Customer Lifetime Value (LTV) and multi-touch attribution remain accurate, transparent, and compliant with privacy regulations.
