We felt it was a good time to remind our partners, brand clients and the broader marketing landscape of what we do – and don’t do – with data. Marketers have a difficult task navigating their own internal data practices, let alone worrying about how a tool, platform or partner might add complexity to that issue. The market is flooded with solutions that say they can grow a brand’s revenue, but not all organizations operate on a level of privacy compliance, nor with the transparency brands should expect. When it comes to the identity resolution space, organizations exist that skirt some of the basic privacy compliance standards – like failing to post their disclosure requirements according to CCPA or GDPR – and even offer services that would be considered questionable to marketers whose brands strive to place the safety and security of their customer data first. Some of those organizations may even take aim at solutions like Wunderkind by spreading or publishing falsehoods and misinformation to create fear, uncertainty and doubt in our products and services. Regardless of those tactics, Wunderkind has always been clear and transparent with how we operate and handle data, all while guaranteeing a lift in revenue for our clients.
To be transparent with our addressable market, this blog post attempts to further clarify how Wunderkind collects, stores, and uses consumer data in a privacy-compliant manner. We also strive to balance this topic with a blend of technical, legal, and layman’s terms, which isn’t always easy to do. Thank you for reading, nonetheless.
First and foremost
We believe the Wunderkind Identity Network stands out as a model for privacy compliance, carefully designed to safeguard consumer data and adhere to stringent regulations like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and Canada’s Anti-Spam Legislation (CASL). With nearly 1,000 brand clients as Wunderkind partners – the bulk of which have incredibly stringent security and data policies – it’s clear that we are meeting, if not exceeding, in the area of compliance and transparency.
Wunderkind is an industry leader in privacy in security compliance as demonstrated by our certifications under SOC 2 Type 2 and ISO 27001. We abide by code determined by the digital advertising alliance and are members of the NAI, IAB and EDAA. This means we operate above board and as our clients would expect us to.
We do not share behavioral data or PII between clients or with any outside parties. In simple terms, we don’t sell or share email addresses across our client base. Additionally, all customer data is logically separated to prevent commingling or misuse. Everything that is collected in our tag is encrypted in transit and in storage. Additionally, the Wunderkind Identity Network does not include any PII and solely uses pseudonymous data to protect consumer privacy.
Consent-based approach
Wunderkind’s product has two layers of consent based marketing — both the consent for tracking/sale of data based on local regulations, and marketing consent for sending triggered emails or text messages.
1. Opt-in vs. opt-out
Wunderkind’s approach to data collection and utilization complies with all local laws, and allows brands to implement their own compliant policies and standards to respect consumer privacy and choice. In the U.S., Wunderkind applies CCPA guidelines to the entire United States, as it currently maintains the highest privacy standard in the country and enables us to ensure nationwide compliance. CCPA requires brands to provide consumers clear notice of their data practices and choice to allow consumers to opt out of the “sale” of their data at any time. Under CCPA, the sale of data refers to exchanging personal information for monetary or other valuable consideration. Where required, Wunderkind adheres to GDPR — which requires consumers to provide an explicit opt-in to both marketing emails and the use of their data.
Global – GDPR
Unlike other some identity resolution technologies, Wunderkind is fully GDPR compliant because of our commitment to privacy and consumer choice. Our U.K. headquarters is based in London, where we service hundreds of international clients who trust us to remain compliant and stay ahead of impending changes.
Wunderkind’s tag will not load until a user confirms consent via a Cookie Modal or Consent Management Platform.
IF and only if a user accepts, Wunderkind will run our program including our Identity Graph. Our Identity Graph in Europe+ only includes users who have explicitly consented to the use of their data.
United States – CCPA
Wunderkind does not sell data in exchange for money nor does it share client personal information with outside parties. But to ensure undisputed compliance in the context of CCPA, we deem the usage of pseudonymous personal information as third-party activities; as a result, we constitute use of the Wunderkind ID network as the “sale of data” and we are defined as such.
Wunderkind gives consumers the ability to opt out in three easy ways:
- Wunderkind has registered with the state of California as a Data Broker
Our listing includes instructions for consumers to opt-out of Wunderkind’s tech, which meets the needs of the CCPA & CPRA Regulations. - “Do Not Sell My Data” or “Opt Out of Sale of Data” (DNSMD) requests
Wunderkind has built out the necessary backend technology and processes to read when a user submits a DNSMD request on a client website and opt them out of the sale of their data. - Consumer opt-out
Wunderkind is happy to manage any opt-out requests you receive via email to privacyrequests@wunderkind.co. Please reference our privacy policy for additional details: https://www.wunderkind.co/privacy/
2. Consent to send triggered emails
Global – GDPR
In GDPR-governed countries, Wunderkind uses an explicit opt-in check — meaning we check in real time in a client’s CRM to ensure a consumer is opted in to receive emails from that brand before sending any triggered emails.
United States – CAN-SPAM
CAN-SPAM regulations — the standard for email marketing in the US, operates on an opt-out regime, meaning email senders must ensure a consumer is not unsubscribed prior to sending triggered/transactional emails. Wunderkind follows this and takes it even a step further toward ensuring consumer choice — even if we identify someone via our ID network on a brand’s website and we see that they are not unsubscribed from that brand’s email marketing list, we also ensure they have showed intent with the brand by starting the checkout flow, or logging in for example, before considering them eligible. It’s all part of our commitment to driving quality conversions for our brands, at a scale that no other vendor can reach, in a privacy compliant way.
Trust and transparency at the core
To summarize our commitment to consumer privacy, Wunderkind’s Identity Network exemplifies a stringent, privacy-compliant approach to data collection and storage, ensuring that consumer data is handled compliantly, with the utmost care and consistent with each consumer’s opt-in and opt-out choices. As mentioned above, we offer ways for consumers to opt-out of the Wunderkind Identity Network and our services. This approach not only meets or exceeds current regulatory requirements but also fosters a trustworthy relationship between consumers and brands.
Wunderkind’s strength is providing unparalleled revenue while simultaneously placing consumer choice & privacy at the forefront of our technology.