It is one of our founding principles to do anything necessary to protect your data and privacy rights. Thus, we take this topic very seriously. We don't collect any data that is not necessary to provide you with the best possible user experience. Also, we treat the data that we collect with the greatest care. Which data we collect and what happens with it is outlined in detail in our data processing agreement (DPAs). This is agreement is pre-filled, signed by our managing director, and therefore legally binding.*
Wonder was founded shortly after GDPR came into effect. As a result, we have been focused on ensuring GDPR compliance from the very beginning. Learn here about the efforts we go through to ensure the highest level of data security for you.
*You may not rely on this Questions & Answers-section as legal advice. It shall only provide background information to help you better understand how Wonder has coped with this important legal topic of data privacy.
What is data privacy and data protection?
Data privacy and data protection both deal with the processing of data. Data protection focuses on protecting assets from unauthorized use, while data privacy defines who is authorized to access the data in the first place. One important difference is who controls which part. With data privacy, controls are mostly given to the user (in other words, the user can control which data is shared with whom), while data protection is mostly a company's responsibility.
What is personal data?
Personal data is defined as any data that can be linked back to a natural person. Everything you do online - from creating a Facebook account to posting a photo on Instagram - leaves a digital footprint. While it may seem small, it adds up and unprotected, an individual is vulnerable to having their personal data shared with third parties. Luckily, data privacy law focuses on ensuring an individual's rights are secure.
What's the General Data Protection Regulation (GDPR)?
Today, data protection law impacts organizations and governments around the world. The EU implemented a higher protection threshold than most other countries with the introduction of General Data Protection Regulation (GDPR) in 2018. GDPR introduced changes to previous data protection and data privacy law, specifically around areas like consent, reporting obligations, internal procedures, accountability, and penalties.
Does GDPR apply to you?
Yes. GDPR applies to you too - even if you are located outside of the EEA (European Economic Area). It applies to any business that a) markets their products to people in the EEA or b) monitors the behavior of people in the EEA. In other words, even if you’re based outside of the EEA, if you control or process the data of EU citizens, GDPR applies to you.
DPA - Data Processing Agreement (Auftragsverarbeitungsvertrag)
TOM’s - Technical and Organizational Measures
Third-country / US Data transfer - Standard Contractual Clauses - US-Europe privacy shield - Schrems II
Records of processing activities (Verarbeitungsverzeichnis)
DPO - Data Protection Officer
Wonder is hosted on Amazon Web Services (AWS). The servers where Wonder's data is stored are located in Ireland (eu-west-1 region).
Just send us an email to firstname.lastname@example.org stating that you want us to delete your personal data we may have stored. We have an internal standard procedure and will get back to you confirming that your request has been taken care of.
All our service providers are fully GDPR compliant including our US-based service providers. Please refer to the sections specific to the latest EU court rulings. Below you can find our signed DPAs with all service providers.