WRDS Privacy and GDPR Policy

Your privacy and the protection of your data are important to us. This page documents the data we collect from you and what you can do to remove your data if you choose to do so.

Introduction

GDPR is the European Union's General Data Protection Regulation. WRDS is compliant with GDPR as a data Controller and is committed to the highest data privacy and protection standards.

This page is also intended to address privacy concerns under the California Consumer Privacy Act (CCPA)

Top of Section

Data Collection and Removal

WRDS collects the following information when using our platform

  • General users: name, email, IP address, phone number
  • WRDS Representatives: name, email, IP address, phone number
  • Procurement contacts: name, email, phone number

This information is needed to be part of the WRDS community. To cancel your account and be removed from the community, email wrds-support@wharton.upenn.edu. The information will be removed within 5 business days.

Top of Section

Use of Information

WRDS’ uses user and other information primarily for statistical purposes to identify the dominant areas of interest of users and better prepare future content of the site. The main goal is to constantly improve the value of the site and to protect the security of the entire WRDS system.

Occasionally, WRDS will send emails to advise users of additional databases, changes within the site, or information that may be otherwise helpful.

For general users, phone number is only used for 2-factor authentication (2FA).

Top of Section

Data Sharing and Protection

WRDS does not sell personal information to any 3rd party organization. WRDS shares information with 3rd parties only as needed and described below. WRDS Users may access their own database usage history at any time from the Account page. WRDS representatives at each institution (often a librarian or department chair) are entitled to see database usage from their institution. Data providers are entitled to see aggregate usage information of their own databases, but not personally identifiable details.

WRDS staff, in coordination with Wharton Computing and the University of Pennsylvania, conduct security audits of the platform.

The University of Pennsylvania employs a Data Protection Officer who currently has the title “Privacy and Security Officer”.

3rd Parties Receiving Data

Users are advised that information maintained by WRDS may be disclosed in connection with judicial or administrative proceedings or if in the sole discretion of WRDS disclosure is necessary to protect WRDS or the Trustees of the University of Pennsylvania.

WRDS partners with Cisco for their Duo 2-factor authentication (2FA) product. As a service that confirms identities, by its nature Duo collects information about users. This includes email address, phone number, IP address, device info, and WRDS user name - but not first or last name. Cisco is a Data Processor under GDPR and maintains a Privacy Data Sheet.

Top of Section

Top