/
GDPR compliance

GDPR compliance

Owned by Carlos Carasco
Last updated: Oct 16, 2023
2 min read

Feedier, operating under the legal entity ALKALAB and registered in France with the Registre du Commerce et des Sociétés de Lille (registration number 838 930 071), places a strong emphasis on compliance with the General Data Protection Regulation (GDPR). In this article, we'll outline Feedier's commitment to GDPR compliance, the key terminology, data processing details, and organizational measures that ensure the protection of personal data.

Table of Contents

1. Introduction

Feedier, as part of its value proposition, is committed to complying with GDPR. This commitment is further elaborated through our specific measures and processes.

Definition of Key Terms

  • Customer: The entity with an active subscription to the Feedier platform.

  • User: Employees or external service providers legally bound to the Customer who have access to the Feedier platform.

  • Respondent: Individuals who answer Feedier questionnaires and are not Users.

  • PDS: Personal data as defined in Article 2 of the GDPR.

  • Feedback: Survey responses, whether from Feedier surveys or imported via the Feedier dashboard.

  • Attribute: Data transferred by the Customer to Feedier as part of the service.

  • Team: Private and secure sections within the Feedier Platform, hierarchically organized.

2. Data Hosting and Security

Feedier ensures the secure hosting of data in compliance with the GDPR.

  • All data processed by Feedier is hosted in Europe by a recognized partner, AWS, meeting security standards.

  • Data hosting locations in Dublin and Paris.

  • No use of subcontractors for data processing.

  • Data is automatically deleted at the end of the Customer's contract.

3. Processing of Personal Data (DCP)

Feedier processes personal data under two distinct cases.

Case 1: Respondents' DCP

  • Purpose: Processing of personal data collected during the use of Feedier services, as determined by the Customer.

  • Data collected may include feedback and attributes but not additional personal information.

  • Tools provided to apply GDPR and respect Respondents' data.

Case 2: Users' DCP

  • Feedier hosts Users' data for authentication and security of Respondents' DCP.

  • Users can request, modify, or delete their data on the Feedier platform.

4. Data Management

Feedier's approach to data management emphasizes transparency and security.

  • Feedier acts as a data processor; the Customer remains the data owner.

  • Tools for easy data export/import in a usable format.

  • Daily encrypted backups of stored data.

  • Role and team management tools for access control.

5. Organizational Maturity

Feedier has adopted organizational measures to reinforce GDPR compliance.

  • Staff training in GDPR and ISO 27001 standard.

  • Option for Customer audits.

  • Appointment of a Data Protection Officer and a dedicated Data Protection Team.

  • Security incident management procedure and notification policy.

  • Features for data controllers to meet their obligations (Privacy by Design and Default).

  • Independent penetration tests (OWASP).

For further information, please refer to the Feedier PAS, the Feedier T&Cs, or contact the Data Protection Officer (DPO) at dpo@feedier.com. Feedier's commitment to GDPR compliance ensures that personal data is handled responsibly and securely.