Contact
Start

Producten

Contact
Start immediately

GDPR legislation & data security

Feedback Company believes it is important to inform clients about the data security that is applied to comply with the GDPR legislation. Below you will find a brief overview of what Feedback Company does to process its data in a way that is compliant with the GDPR legislation. Here you will find documentation and answers to frequently asked questions about information security. For additional information please email: helpdesk@feedbackcompany.com.

Technical and Organizational Measures

  • Up to date virus scanners on every laptop and PC
  • Accurate security VOIP (Voice Over IP) system from employees
  • Unique login codes and passwords for employees (with Password Expiration Policy)
  • Role-Based Access Policy
  • No unsecured backups
  • Clean desk policy (office policy)
  • Don’t leave your laptop, tablet or mobile phone unattended
  • Destroy old documents correctly
  • Access passes
  • Safes for sensitive company documentations.

Incident Policy
All incidents are handled according to the established Critical Issue Handling Process, all incidents are reported internally and logged on the Root Cause Analysis page.

Data breach protocol
All reported notifications to our Data Protection Officer are handled according to the established Data breach protocol.

Is our data processed outside the EU?
No, all our data is held by parties that can guarantee that the data is never processed outside the EU.

Do we have a data security certification?
Yes, Feedback Company has a Certificate from NL Digital, called the Data Pro Code. The Data Pro Code is a security certificate that is officially recognized and approved by the Dutch Data Protection Authority. With this, we can guarantee clients that we comply with the information obligations laid down by the Dutch Data Protection Authority, and that we process our data with AVG Complaint.

Security backups
Feedback Company naturally makes regular backups of the data in the event of a calamity. All backups are made via an encrypted connection and stored in two different places.

Retention period
The GDPR legislation states that at the end of the relationship/contract term, the processor must destroy the customer’s data, within at least 3 months. Feedback Company acts in accordance with the AVG legislation and ensures that the client’s processed data at the end of the contract is deleted. In some cases, the clients want to receive their collected data so that it can be kept for archival purposes, an export of the processed data is allowed and is reinforced once at the end of the relationship with the client. The export is always provided anonymously and therefore does not contain any traceable personal data, this is so that Feedback Company can maintain its security standard at all times.

The right to forget
Every client and customer of the client of Feedback Company can invoke the right-to-be-forgotten at any time. A request can be made for this via the e-mail address helpdesk@feedbackcompany.com.

List of Sub-processors and the nature of processing

Processor
Commerce nmr
Place
Nature of processing
Copernica B.V.
34129493
Amsterdam
Mail provider
Integrated Internet Services B.V.
34129493
Haarlem
DNS Provider/Mail provider
Google Ireland Limited
Dublin, Ireland
webhost
Google Netherlands B.V.
34198589
Amsterdam
Google Reviews Partnership
Middelkoop.cc
73667773
Capelle aan den Ijssel
webhost
Teamleader Nederland B.V.
63326426
Amsterdam
CRM
Interactivated Ecommerce B.V.
58348646
Groningen
Hosting Lightspeed & Shopify
Exact Online
30111298
Delft
Accounting package
Twilio Netherlands B.V.
73420514
Amsterdam
Mail provider
IBM Nederland B.V.
33054214
Amsterdam
research reports
via IBM SPSS Statistics Software.
HUMANIT DIGITAL CONSULTING, LDA
515 700 479
Porto
Software development and management
Functional Software, Inc. (Sentry.io)
474554430
San Francisco
Logging and monitoring
MongoDB, Inc
4462691
New York
Transactional Database
Redis Ltd
10520215
London
Database
Meili
844 156 364
Paris
Database
dbt Labs, Inc
984500F993BEAN9EH018
Delaware
Data transformation
Laravel Holdings Inc.
New York
Web deployment
Intercom
4731851
San Francisco
Customer tickets and requests
Github Inc
3488095
San Francisco
Software development version control
Microsoft B.V.
34061536
Amsterdam
Microsoft office 365 usage
ActiveCampaign, LLC
651750
United States
Marketing mailings
Design View
12048814
Bussum
Marketing he
Zapier
46-1268002
Australia
Marketing automation
Gravity Forms
Virginia, USA
Website forms
Typeform S.L.
ESB6583185
Barcelona, Spain
Website form
WeCloudIt B.V.
71513220
Breukelen, Netherlands
VOIP
Payt B.V.
01168588
Groningen, Netherlands
Payment provider and credit management
PlusCare b.v. (Phonecare)
30103717
Utrecht, Netherlands
Phone service provider (callcenter)