Wicket Privacy Policy

As of August 16, 2022

Last updated: August 16, 2022

Wicket, LLC (“Wicket,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

1. Who we Are

Wicket is a software company that has developed a unique cloud-based authentication management and registration platform (“Platform”) that enables a variety of authentication services on behalf of our clients, which include hosts or organizers of events as well as employers that own and operate various facilities (our “Clients”). Through our Platform, we provide you with a variety of facial authentication services (“Facial Authentication Services”) on behalf of our Clients, which uses your own face to seamlessly interact through a venue or facility. For instance, using our Facial Authentication Services, we can provide you with fast access for admissions to venues or facilities, VIP suite credentialing, touchless purchasing of food, beverages, and merchandise, verification of age and/or payment information (on behalf of third party point-of-sale devices), safe pairing of your tickets, mobile wallets, identification, and more. In addition, employees and staff of our Clients, can enroll for secure, touchless access to physical or virtual spaces.

“You” refers to individuals who access and use our Platform and Facial Authentication Services. You may be an attendee of an event operated by one of our Clients, or an employee of one of our Clients. In addition, You may be an agent of a Client, who is authorized to access the Platform as an administrator. Or, You may be a visitor to various websites and domains operated by us (including our website located at www.wicketsoft.com and/or from which You are accessing this Privacy Policy; collectively “Websites”) and are interested in browsing and learning about our Facial Authentication Services, or any other services or products offered by Wicket (“Services”). Our Platform, Facial Authentication Services, Websites, and Services may collectively refer to as our “Site” and “Services.”

Please note that enrolling and registering in our Facial Authentication Services is entirely optional. If You are invited to, register for, check into, or receive information regarding a Client event through a Wicket Site or in connection with our Facial Authentication Services, You will be considered an “Event Attendee” and we will provide any Personal Information You submit through our Site or in connection with your use of our Facial Authentication Services to the Client of the event (but we do not provide any of your Personal Information to any other third parties). Wicket does not control the Client’s venue or management process. We are not responsible for any decisions or actions taken by the Client with respect to your information (or by any third-party with whom the Client may share your information). Client is responsible for managing your information appropriately if and when they receive it. Please read the applicable privacy policies of the Client of an event or that operates a facility before submitting Personal Information.

With separate products, Wicket also enables the gathering of anonymized and aggregated data insights (“Density and Audience”) for use by our Clients to facilitate facility and event management. For example, Density and Audience can provide crowd density measurements, line management, wait-times to resources such as food vendors, merchandising or retail areas, and people counting for attribution in large, sponsored spaces. Using our vision analytics technology, Density and Audience can recognize demographic identifiers to allow our Clients to understand who engages with their digital and static assets. These products recognize features of people in general, and not features specific to an individual and do not record or store recorded footage. The Density product recognizes and counts the number of persons in a frame as it looks for features of a person, such as a head, arms, and feet. The Audience product recognizes the number of persons in a space, the number of associated faces that glance in a specific direction and also age and gender demographic counts based on general facial measurements.

Please note that our Density and Audience products meet the most stringent current privacy standards as these only capture anonymous data points and present them as aggregated data and analysis, and we do not record and store associated images or video footage. This means that personally identifiable information is not captured, possessed, recorded, used, stored, or retained. Density and Audience data collected cannot be used to identify an individual. Density and Audience data we collect may be used by our Clients and by Wicket for internal business purposes only (and is not shared with any other third parties). For example, a Client may use this information to track the number of fans congregating at a concession stand during events or understand the number of fans in a section of their concourse 30 minutes before the event start time throughout the course of a season.

2. About this Privacy Policy

This Privacy Policy applies to all information that Wicket may collect about You or that You may provide us in connection with your access and use of our Site and Services, as well as our social media pages, mobile apps, edge devices, and any electronic messages we receive from You or that we send You that link to this Privacy Policy (including texts, emails, or QR codes that You receive), and other communications in which You may provide Personal Information to Wicket.

This Privacy Policy does not apply to 1) information collected by any third party, including our Clients and any third party link that may be accessible from or on our Site and Services; and 2) any third party software or applications that integrate with our Site and Services.

Please read this Privacy Policy carefully to familiarize yourself with Wicket’s privacy practices and procedures. If You do not agree with this Privacy Policy, please do not access or use our Site and Services.

BY CLICKING “I AGREE TO THE USER PRIVACY TERMS DEFINED IN WICKET’S PRIVACY POLICY” WHEN REGISTERING WITH WICKET OR A PROGRAM AT A CLIENT BEING ADMINISTERED BY WICKET, OR BY ACCESSING, USING, OR INTERACTING WITH ANY PART OF OUR SITE AND SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, THAT YOU UNDERSTAND IT AND ITS TERMS AND CONDITIONS, AND THAT YOU AGREE TO BE BOUND LEGALLY BY IT AND ITS TERMS AND CONDITIONS.

We may update this Privacy Policy periodically to reflect new features or changes in our personal information practices, so please check it periodically for updates. When we update this Privacy Policy, we will post a notice at the top of it detailing any significant changes and state the date when this Privacy Policy was most recently updated. We will provide other notice to you as required by law. Your access and continued use of our Site and Services, after we make changes to this Privacy Policy is deemed to be acceptance of those changes.

3. Compliance with Children’s Online Privacy Protection Act Compliance

Our Site and Services and its contents are intended for adults 18 years of age and are not intended for individuals under 13 years of age. We do not knowingly collect any Personal Information from individuals under 13 years of age in compliance with COPPA (Children’s Online Privacy Protection Act) and the GDPR (General Data Protection Regulation).

Individuals under the age of 13 may not use or provide any information to or through our Site and Services. If we discover that we have any information from an individual under 13, we will delete it. If You believe we might have any information from or about a child under 13, please contact us immediately at:

access-optout@wicketsoft.com

4. Opting Into Wicket’s Facial Authentication Services

Our Facial Authentication Services verify the identity of an individual who has already provided consent to be in the system via Wicket’s opt-in procedure. Using our facial authentication technology, we analyze certain data points from your uploaded photo to create a 3D numeric representation of your face (called an “Embedding”) that is stored on our encrypted cloud servers and edge devices. The stored data cannot be reverse engineered or used to create an image of your face.

The following approach is generally used when deploying our Facial Authentication Services for our Clients:

  • Wicket, or a Wicket Client, will send You an invite that includes a link to register with Wicket’s Facial Authentication Services (that is entirely optional and requires your explicit consent). For example, as an Event Attendee or as an employee of a Client, You may be invited to register for our Facial Recognition Services (via a text, email, by clicking a link, scanning a QR code at a venue/facility, or by other means).
  • When You access the invite, You may be directed to one or more web pages to learn about our Facial Authentication Services, and choose to provide consent to use your name, email address, photo and any data derived from your photo in connection with your use of our Facial Recognition Services.
  • After we obtain your consent and verify your email address, You are directed to a web page to upload a current photo of yourself from your device to our Platform.
  • Once uploaded, our Platform evaluates your photo for approval by checking various elements, such as size, clarity, lighting, multiple faces, and filters.
  • We then create an Embedding of your photo, which is saved on our Platform and our edge devices at a venue or facility.
  • When You attend an event as an Event Attendee, or arrive at a facility for work, You can then use our Facial Authentication Services as a special check-in option, where a Wicket edge device scans your face taking measurements to create an embedding and authenticate it to Embeddings of all authorized users at that Client.

5. Your Photo

Please note that when You submit a photo (selfie), we store it as a source image only on our secure cloud servers (unless You send us an email to opt-out as detailed below). We then create the Embedding of your photo, which is stored on our cloud servers and on one or more edge devices at a Client’s venue or facility. Accordingly, when You enter a venue or facility, an edge device will take measurements of your face to create an embedding which is then compared to Embeddings of all registered users at that Client. If a match is found and You have necessary permissions to proceed, You will be given appropriate access.

We do not store your source photo on any of our edge devices, but do store your embedding on the edge device, which is not usable to recreate a photo or rendering of your face. As such, anyone who inappropriately accesses an edge device will not have access to your photo, only the Embedding (i.e., the 3D mathematical representation of your photo), which cannot be recognizable as anything except a de-identified series of numbers. In addition, we take every reasonable step to limit the collection of your Personal Information to what is reasonably necessary to provide our Facial Authentication Services.

As noted above, Wicket has separate products that gather anonymized Density and Audience Data from smart cameras, measuring general usage, density, and activity data.

We do not share your photo, face data, Embedding, or any Density and Audience Data collected by our edge devices with any third parties.

6. Information We Collect and How We Collect It

We collect information from and about you, including:

  • Information by which You may be personally identified (“Personal Information”), such as your name, e-mail address, and phone number, as described above;
  • Biometric Information, such as, “selfie” photographs, photos on forms of identification (e.g. driver’s license, employee badge, student identification card, military identification card), video “selfies” for liveness detection;
  • Usage and analytics information from our Platform and edge devices, summarizing for example, the events You have attended using our Facial Authentication Services;
  • Information You provide when You report a problem through our Site or in connection with your use of our Facial Authentication Services;
  • Information that you provide in response to surveys that we might ask you to complete for research and internal business purposes;
  • Any e-mail, text, or other electronic communications or messages You send us concerning our Site and Services;
  • Call recordings when You call our customer service phone numbers;
  • Anonymous usage and analytics information from our Density and Audience products, such as demographics information about how many people walked past a section of a stadium during an event, length of or density of a queue, or how many people glanced at a digital screen during an event.

We collect this information:

  • Directly from You when You provide it to us by registering online, inquiring or requesting information about our Services, or placing an order for any of our products or Services;
  • Automatically from our Platform and edge devices once You enroll; and/or
  • From Clients, for example, if You receive an in-Platform promotion or other offer from a Client, we may be provided with your name and e-mail address.

7. Information We Collect Through Automatic Data Collection Technologies

As You navigate through our Website (www.wicketsoft.com), we may collect certain information about you, your actions and patterns, and other-related information via automated technologies, such as cookies and web beacons.

Such information may include details of your visits to our Website, including, without limitation, traffic data, communications data, and information about your computer or mobile device.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small amount of data placed on the hard drive of your computer or mobile device. You may refuse to accept browser cookies by activating the appropriate setting on your browser or device. However, if you select this setting you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
  • Server Logs. A web “server log” is a record of activity created by a computer that delivers certain web pages to your browser. Certain activities that You perform on our Website may record information in server logs, such as if You enter a search term into a search box located on the Website. The server log may record, for example, the search terms or information about your browser, such as your IP address and the cookies set on your browser.
  • Widgets. A “widget” is generally an application that can be embedded in a web page or mobile app. Widgets can provide real-time information to the Website.

In addition, as with most companies, when you visit our Website at www.wicketsoft.com, or use our Platform, we collect information about your computer, device, equipment, browsing actions, and patterns using Google Analytics. This information may include, but is not limited to:

  • Usage Information. Information relating to your use of our Site and Services.
  • Device Information. Information about your computer, device, mobile phone, and internet connection, such as your IP address, operating system, and browser type.
  • Auto-Fill Information. Information You enter or provide through our Website or provide in response to actions You have taken on our Website (such as information You enter on one or more of our Site forms or in response to actions You take on our Site). Such information may include, but not limited to login information, addresses, phone numbers, emails, and communications.

Please note that we do not combine the information collected through the use of Google Analytics with your Personal Information we may have collected as part of your opt-in to our Platform. Please note that Google’s ability to use and share information collected by Google Analytics about your visits to our Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing You on return visits to the Site by disabling cookies on your browser.

The information we collect automatically is used to help us improve our Website and continue to deliver an improved experience.

8. Third-Party Content and Tracking Technologies

Our Platform and/or Website may include content from our Clients. Clients may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about You when You click on this content. We do not control our Client’s tracking technologies or how they may be used. If You have any questions about a Client’s advertisement or content, You should contact the Client directly.

Please note that once You leave our Platform or Website, You are no longer governed by this Privacy Policy.

9. How We Use Your Information

We will only use information that we collect about You or that You provide to us, including any Personal Information, for purposes described in this Privacy Policy and when applicable law allows us to do so. We will generally use your information to:

  • Perform and manage our enrollment process, including verifying email addresses of our users;
  • Operate and administer our Facial Authentication Services, including performance of a contract with any of our Clients, where we need to disclose Personal Information about Event Attendees or employees to perform our obligations under our contract with the Client;
  • Comply with and enforce applicable legal requirements and policies, including this Privacy Policy, or where we need to comply with a legal or regulatory obligation; and/or
  • Provide Services to users after they have given their consent (which can be withdrawn at any time).

We also use information that we collect about You or that You provide to us, including any Personal Information, for the following purposes:

  • To provide You with our Facial Authentication Services, including, for example, verifying your email address and using your photo to create and authenticate an Embedding:
  • To offer our Site and Services and its contents to you;
  • To send You information about products and services of ours that we think You might like;
  • To provide You with information and technical support;
  • To provide You with notices about your account;
  • To fulfill any other purpose for which You provide it;
  • To notify You about changes to our Site and Services;
  • To enhance the performance, safety, and security of our Facial Authentication Services;
  • To allow You to participate in interactive features on our Website and/or mobile app; and/or
  • For any other purpose with your consent.

If You have agreed to receive marketing communications from us, You can always opt out at any time.

10. Storage, Retention, and Transfer of Your Information

We may store data or other information that we collect about you, including Personal Information, in our databases and servers maintained by us, our affiliates, agents or service providers. If You access or use our Website and Platform services outside of the United States, information that we collect about You may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of information out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by Wicket and you. By allowing Wicket to collect information about you, You consent to such transfer and processing of such information without restriction. We may also store some information locally on your computer or other devices. For example, we may store information as local cache so that You can open the Site and view its content faster.

In the event we store your data or information, we will retain it for the length of time needed to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

11. Disclosure of Your Information

Except as provided in this Privacy Policy, Wicket will not disclose, transfer, sell, trade, rent, or otherwise provide your Personal Information to any third party.

We may disclose information that we collect about You or that You provide us, including Personal Information, to the following third-parties and in the following circumstances:

  • To our Clients;
  • To our subsidiaries and affiliates, for purposes consistent with this Privacy Policy;
  • To service providers, contractors, and other third parties we use to support our Facial Authentication Services and our business;
  • To a potential or actual buyer. assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Wicket’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by Wicket about users of our Website and Platform services is among the assets that may be or are actually transferred;
  • To fulfill the purpose for which You provide it;
  • For any other purpose disclosed by us when You provide the information;
  • To comply with any court order, law, ordinance, valid warrant, valid subpoena, or legal process, including to respond to any government or regulatory request;
  • To enforce our rights arising from any contracts entered between You and us, including for billing and collection; and/or
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Wicket, our customers, or others.

Please note that once we disclose your information in one of the above-listed circumstances, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices.

12. Choices About How We Use and Disclose, Retain and Destroy Your Information

We strive to provide You with choices regarding the Personal Information You provide to us. Please note that You can always choose not to provide information, even though that means You might not be able to access or use our Site and Services. In addition, we have created mechanisms to provide You with the following control over your Personal Information as detailed below.

  • Opting Out of Facial Authentication Services. Your data and information are only included in our Facial Authentication Services Platform if You have actively opted in and shared your information with us. If You have given the opt-in and are registered for our Facial Authentication Services Platform, but reconsider and wish to opt-out, You can easily do that at any time by emailing us at access-optout@wicketsoft.com. Once You opt-out, all your information, including your source photo, will be permanently deleted within one (1) week of You notifying Wicket directly or one week of a Client notifying Wicket if You choose to opt out by notifying the Client.
  • Tracking Technologies and Advertising on Website. You can set your browser to refuse all or some browser cookies, or to alert You when cookies are being sent. To learn how You can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If You disable or refuse cookies, please note that some parts of our Site and Services may then be inaccessible or not function properly.
  • Illinois State Law. For Illinois users, in accordance with Illinois state law, Wicket will retain biometric data only until the occurrence of the first of the following: a) The initial purpose for collecting or obtaining such biometric data has been satisfied; or b) Three years following your last interaction with Wicket.

13. Your Data Protection Rights

  • Accessing and Correcting Your Information. You can request access to or correction of any of the information You have provided to us, including Personal Information. We will use commercially reasonable efforts to honor your request. We may not accommodate a request to change your information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may charge a small fee to complete your request.
  • Erasing Your Information. You can also request that we erase your data under certain conditions, including by deleting your account or contacting us.
  • Transferring Your Information. You have the right to request that we transfer your information directly to You or to another organization under certain conditions.
  • Objecting to or Restricting Processing. You can object to our processing of your information, and You may request that we restrict the processing of your data in certain circumstances.

To exercise any of these rights or to inquire about these rights, please email us at access-optout@wicketsoft.com. If You believe we are violating your rights, You can file a complaint with your local supervisory authority. If You are a resident of the United Kingdom, You can lodge a complaint with the UK Information Commissioner’s Office: https://ico.org.uk/for-the-public.

14. Data Security & Storage

We understand that the security of your Personal Information is important. We have implemented reasonable technical and physical measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information You provide to us is stored on our secure servers behind firewalls at rest and in transit. The safety and security of your information also depends on you. Where we have given You (or where You have chosen) a password for access and use of certain parts of our Site and Services, You are responsible for keeping this password confidential. We ask You not to share your password with anyone.

All Personal Information collected will be protected from disclosure using a reasonable and appropriate standard of care recognized within the industry and to the same degree as Wicket’s confidential and sensitive information.

Unfortunately, the transmission of information via the internet is not completely secure; however, we implement additional generally accepted industry standards to protect your Personal Information; however, we cannot guarantee the security of your Personal Information transmitted to our website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.

15. California Privacy Rights

The information in this section applies only to California residents. If You are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) grants You the following rights:

  • Information. You can request information about how we have collected, shared and used your personal information during the past 12 months.
  • Access. You can request a copy of the Personal Information we maintain about you.
  • Deletion. You can ask us to delete the Personal Information we maintain about you.

To request access to or deletion of your Personal Information from our Platform you may call us at (800) 390-9009 or submit a request in writing to: access-optoutcalifornia@wicketsoft.com. The e-mail subject line and the content of your request must include the phrase “Your California Privacy Rights,” and include your name and e-mail address. Please allow 30 days to receive a response to your inquiry. Requests sent via written mail or facsimile will not be accepted

Please note, the CCPA may limit Your rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to You.

16. Data Controller and Processors

When we collect information from you, we may be doing so on our own behalf (in which case we will be considered a “controller” of your data), or on behalf of an Wicket Client who is using our Facial Authentication Services in connection with access to an venue, event, or facility and manage access-related activities (in which case, the Client will be the “controller” and Wicket will be considered a “processor” of your data). We are the data controllers as we are collecting and using your Personal Information. We use trusted third parties as our data processors for technical and organizational purposes, including for payments and email marketing. We use reasonable efforts to make sure our data processors are GDPR-compliant.

17. Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

Wicket, LLC

675 Massachusetts Avenue

Cambridge, MA 02139

Email address: access-optout@wicketsoft.com