Regulatory Environment
The General Data Protection Regulation (GDPR) came into effect in 2018, and have wide-ranging impacts on organizations that collect and process data in the EU. On the most basic level, the GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
Specifically, the GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer and/or use. It gives data subjects more rights and control over their data by regulating how companies handle and store the personal data they collect. Laws in other parts of the world, to include in various states in the US, are now following suit with similarly broad regulatory requirements to protect and enhance personal data rights.
It is imperative for enterprise companies, in particular, to prepare for these changes as the new regulations come with increased enforcement and failure to comply can lead to greater fines.
Privacy & GetFeedback Digital
At GetFeedback Digital we are committed to the security of your data and protecting the privacy of your clients. GetFeedback Digital endeavors to develop its services using the Privacy by Design and Privacy by Default philosophies. This means we consider privacy and personal data protection throughout all parts of our product development lifecycle. Our services are designed to limit personal data collection by default where possible, and we aim to give you control over features enablement where appropriate.
All data is stored in AWS Region EU (Ireland), meaning in the European Union. The customer portal and API are also hosted in the same location. Some very limited access to customer data may occur in other jurisdictions outside the EU (for example, if you receive customer success support from an individual located in one of our other office locations). You can view a full list of sub-processors applicable to all our services. All our employees are trained on data privacy compliance and security matters, and we enter into data processing terms and standard contractual clauses with all our sub-processors, where appropriate.
Where possible, GetFeedback Digital will perform upstream processing activities and analysis on anonymised or pseudonymised data. This means we will to the extent necessary, exclude or remove any screenshots, IP addresses, email addresses, free-form (text) responses and any identifiers that link the feedback item to the original item which may contain personal data before processing it.
Product Changes
Our product includes the following features:
- Storing location data: We made it optional to store the location or IP address of a user when they leave feedback. This option is off by default for all newly created buttons and forms.
- Data retention: We are giving our customers the option to set a data retention period so that any collected data will be removed automatically after the set period.
- Saving form values in GetFeedback Digital for Web: Currently, when a button is created, the form values are saved by default. We are turning this around, providing a safer default setting.
- Safer connections: Full survey URLs in GetFeedback Digital for Web, as well as GetFeedback Digital for Email widgets, will be using an encrypted connection (HTTPS) by default.
Data Processing Agreement
If you, as a customer, are processing personal data through the GetFeedback Digital platform, typically you will require a Data Processing Agreement (DPA). We have prepared a standard contract for this purpose, which accurately describes the specific characteristics of our product. If you need a DPA, we strongly urge you to make use of the GetFeedback Digital template, since it’s the most efficient option. The template is available through our Customer Success department.
If you have any questions regarding how GetFeedback Digital addresses privacy regulations, please contact your Customer Success Manager.