Safe, secure, and ready for GDPR

Nothing matters more to us than the security of your data. We have you covered for the EU’s new General Data Protection Regulation (GDPR).

Securing your data

Protecting customer data is a top priority at Delighted. We understand you are trusting us with your data and we take the responsibility of securing it extremely seriously. Our Security page outlines all of our practices. Additionally, Delighted has a Data Protection Impact Assessment (DPIA) that documents our handing of all your data, including personal data.

Data correction

Account admins can modify collected personal data to meet the correction requirement of the GDPR with a simple request to our Concierge team.

Right to be forgotten

As an account admin, you can permanently delete individual people, responses, and respondent personal data should an individual request it.

Built for security

Delighted protects all of our customers with an array of security features.

  • Authenticated email (DKIM, SPF, DMARC)
  • Data encryption in transit
  • Data encryption at rest
  • Data centers routinely audited with industry-standard SSAE-16 methods
  • Data redundancy for resilience during disasters
  • Two-factor authentication
  • Continuous network monitoring
  • EU-US Privacy Shield Certified
  • Swiss-US Privacy Shield Certified
  • Users can opt-out of re-contact for a survey
  • Industry-standard security evaluations
  • Independent third-party security reviews and penetration tests
  • Role-based authentication
  • IP address whitelisting

What is GDPR?

Effective May 25th 2018, GDPR tightens the rules for businesses on how they collect, store and process EU citizens’ personal data. The new regulations impact organizations worldwide who collect and process personal data of EU citizens. Some of the key changes likely to impact your customer feedback programs are listed below.

See all GDPR changes

Data correction

EU citizens will have the right to request that their personal data are rectified, and they can request restrictions on how their data are used. In addition, they may asked to “be forgotten,” requiring that all their personal data be permanently erased. Generally speaking, the GDPR explicitly states it must be as easy to withdraw your data as it was to consent to it in the first place.

Consent

A business must seek an individual’s unambiguous consent prior to collecting any personal data. How the personal data will be used must be clearly stated, and business contact details provided if more information is requested. Organizations may need to consider conditions for processing other than consent, such as in relation to a contract, or because of another legal obligation (such as employer-employee).

Privacy assessment

Data processors will need to implement a high level of security to safeguard the controller’s data, and to conduct a Data Protection Impact Assessment (DPIA) that documents how personal data will be safeguarded. Our Security page describes our key privacy-related processes and procedures.

Enabling you to be GDPR compliant

Delighted enables customers to be GDPR compliant. Briefly stated, that means Delighted:

  • Provides sufficient guarantees to the controller to implement appropriate technical and organizational measures designed to safeguard Customer data
  • Processes data (that could include personal data) only to fulfil its obligations as related to the Services
  • Enables users to modify and delete their account
  • Enables users to modify and delete complete survey responses, as well as remove all requested customer data
  • Provides security documentation that describes the processes and procedures for safeguarding the data at our Security page
  • Can sign a contract that governs the processing of EU personal data

GDPR contract – Data Processor Agreement (DPA)

GDPR Article 28, Section 3, requires that a contract be in place between a data controller and a data processor. For years, the Delighted Terms of Service and Privacy Policy have provided the fundamental legal requirements and obligations regarding data ownership, processing behavior, safeguarding data, and more.

However, to provide added GDPR coverage and compliance, we’ve since updated our Terms of Service to include our DPA. These Terms of Service are agreed to upon creation of a Delighted account. If you have a Delighted account, you are already covered.

Any questions?

Don’t hesitate to contact us to find out more about our changes and how we’re helping you to comply.

Contact us