Questback Data Processing Agreement

Questback is a leading enterprise feedback management (EFM) provider that allows businesses to collect and analyze feedback from their customers and employees. As part of their services, Questback offers a data processing agreement that outlines how they handle and protect user data.

A data processing agreement (DPA) is a legal contract between a data controller (the business) and a data processor (Questback) that defines the terms and conditions of data processing activities. Under the European Union`s General Data Protection Regulation (GDPR), a DPA is mandatory for any data processing that involves personal data.

Questback`s DPA covers several key areas:

Data protection obligations: Questback commits to complying with the GDPR`s data protection principles, including the obligation to process personal data lawfully, fairly, and transparently.

Data security measures: Questback provides technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.

Sub-processing: Questback may use sub-processors to process personal data on behalf of the data controller. The DPA requires Questback to ensure that sub-processors meet the same data protection and security standards as Questback.

Data subject rights: Questback assists data controllers in fulfilling data subject requests, such as access, rectification, erasure, or portability.

Data breaches: Questback notifies the data controller without undue delay in case of a personal data breach.

International data transfers: Questback may transfer personal data outside the European Economic Area (EEA) only if adequate safeguards are in place, such as standard contractual clauses or the EU-US Privacy Shield.

Data retention: Questback retains personal data only as long as necessary for the purposes of the agreement, or as required by law.

Questback`s DPA demonstrates their commitment to data protection and privacy, and their compliance with GDPR requirements. By signing a DPA with Questback, businesses can ensure that their customers` and employees` personal data is processed in a secure and transparent manner.