- Home
- What is CX?
- Features
- Pricing
- Customers
- Salesforce
- Resources
- Careers
-
Request a Demo
As a survey company with a global customer base, we take data security seriously. Privacy is a top priority, which is why we've spent months preparing for the General Data Protection Regulation (GDPR).
GDPR is the new European Union (EU) data protection law taking effect on May 25th. The law tightens the regulations around collecting and processing data in the EU, so many global companies will see significant impacts. Like many other organizations, we've taken critical steps to prepare for these changes, and as of May 1, 2018, GetFeedback is GDPR-ready.
The GDPR applies to businesses that collect and process "personal data." The GDPR defines personal data as: "any information relating to an identified or identifiable natural person (‘data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
This is a broad definition, and includes data that is obviously personal (such as an individual's name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual's IP address). Inevitably, in the course of providing our services, we will process personal data about our customers (the people who create and conduct the survey online) and their survey respondents (people who answer those surveys).
For example, when customers and their users sign up for a GetFeedback account, we will collect certain basic contact information. In connection with the surveys our customers carry out, we may process a survey respondent's contact details (if and only if our customer has asked for this information within the design of their survey) and any survey response data provided to our customers via the surveys. We may also automatically collect certain online digital information when users and survey respondents interact with the services or a survey—such as IP addresses, cookie data and online navigation data.
GetFeedback is typically a processor of the personal data it collects when providing its services to customers. For example, GetFeedback will be a processor of the specific personal data and information that its customers may choose to assess by using GetFeedback's survey software and services. This means that in addition to complying with its customers' processing instructions, GetFeedback now complies with the new legal obligations that apply directly to processors under the GDPR.
With support from external advisors, as of May 1, GetFeedback has completed multiple lines of work to become GDPR-ready before May 25th:
We completed a comprehensive data mapping exercise, creating the data processing records required by Article 30 of GDPR
We completed product changes to ensure GetFeedback supports its customers' GDPR readiness
We revised our standard customer terms to incorporate the mandatory data processor terms required by Article 28 of GDPR
We reviewed, and where necessary, revised, all arrangements we have with our third party sub-processors to ensure that all such sub-processor arrangements comply with GDPR
We revised our privacy notices for GDPR compliance, including incorporating the mandatory disclosures required by Article 13 of the GDPR
EU data protection law prohibits the export of personal data outside of the European Economic Area ("EEA") to non-EEA recipients, like GetFeedback, unless certain safeguards are in place, such as ensuring the recipient is self-certified to the EU-US Privacy Shield.
GetFeedback, Inc. has self-certified to the EU-US and Swiss-US Privacy Shield frameworks. In practice this means that GetFeedback in the US will be considered a "safe" recipient, offering an adequate level of protection to the personal data of its customers and their survey respondents that is transferred from Europe to the United States.
If you have any questions about GetFeedback and GDPR, please contact your GetFeedback Customer Success Manager, or email us at privacy@getfeedback.com.