Last updated 15th May 2023, in accordance with the requirements of the General Data Protection Regulation (GDPR).
GFB (Getfeedback) Ltd is registered on the ICO Data Protection Register, registration number Z6917638.
GFB (Getfeedback) Ltd is committed to protecting and respecting your privacy, and to acting in compliance with the General Data Protection Regulation.
As an online publisher of surveys, we, GFB are committed to protecting your privacy and maintaining the security of any personal information received from you.
We follow strict security procedures in the storage and disclosure of information, which you may have given us, to prevent unauthorised access in accordance with stringent requirements of the General Data Protection Regulation.
The purpose of this statement is to explain to you what personal information we collect and how we may use it.
As an online publisher of surveys, we, GFB are committed to protecting your privacy and maintaining the security of any personal information received from you. We follow strict security procedures in the storage and disclosure of information, which you may have given us, to prevent unauthorised access in accordance with stringent requirements of the data protection legislation in the UK and other European Countries. The purpose of this statement is to explain to you what personal information we collect and how we may use it.
Our lawful basis for processing personal data
Our lawful basis for processing personal data for employee engagement surveys, online psychometric and 360 assessments is that it is necessary for the purposes of legitimate interests pursued by the controller or a third party.
Our lawful basis for processing personal data for direct marketing of our goods and services is consent of the data subject. In accordance with the General data Protection Regulation we will ensure that people are made to actively opt-in to continue to receive our direct marketing from 25th May 2018.
What data we may collect from you and how we will use your data
If you are completing an employee engagement survey, GFB's code of confidentiality ensures that no reference to the origin of individual responses will be made in reports. This code of confidentiality also applies to free form (verbatim) comments. Your individual responses will not be made available to anyone within your company. The questions in the “Demographics” section are asked so that we can compile results for different groups within the company.
Reports showing responses to “scale-based questions (Strongly Agree to Strongly Disagree) only breakdown to groups of 10 or more and reports showing free form (verbatim) responses only breakdown to groups of 50 or more. So if you are, for example, the only female based in location within a function then your responses will be grouped with other employees to give an overall result, grouped with other females to give a result by sex, grouped with others in the function to give result by function and grouped with others based in the location to give a result by location but your responses will never be reported as a standalone response.
If you are completing an online psychometric assessment, we process personal data relating to either your application with a potential employer, or an internal assessment with your current employer.
If you are completing an online 360 assessment, we process personal data relating to an internal assessment with your current employer. We do not sell, rent or exchange your personal information with any other third party for commercial reasons. We will follow the confidentiality arrangements set out in the email you received asking you to take part in the feedback process, if you require a copy of this email please do contact us on firstname.lastname@example.org.
In connection with our research, your personal data may be aggregated into a demographic database for the purposes of analysing trends, monitoring equal opportunities and creating geographic norms. Before we aggregate your data, we will delete your name and other contact information to make sure the database can never relate to an individual.
Data retention and how we retain data
In accordance with the GDPR, personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. Where GFB is the Data Controller, in relation to personal data and collected as a result of use of assessment such is generally retained for a period of 24 months after which it is deleted. Any research data retained thereafter (e.g. psychometric norms and validity data) no longer constitutes personal data as it is anonymised and aggregated on GFB’s systems prior to research use, at which point no individual is identified or identifiable from such data and the data no longer falls within the scope of the Act.
Where GFB act as the Data Processor, the decision on data retention periods rests with the Data Controller. The Data Controller has the ability to delete data using the shredder functionality available on our online assessment platform. GFB's online assessment platform includes a shredder functionality that can be used to shred personal data such as name or email address. This data is removed and only non attributable data is retained for research purposes only where required.
GFB are located in the UK. We may transfer personal data to EEA countries, but no personal data will be transferred outside of the EEA by GFB or our subcontractors.
GFB's systems store personal data therefore all reasonable precautions shall be taken to ensure that appropriate confidentiality and control procedures are in place. GFB cannot be held responsible for client-side breaches of data confidentiality.
We take the security of your data and the accessibility to our systems very seriously. GFB host their systems in a UK based high security data center with an emphasis on physical security, network and application security, network availability and infrastructure availability – all of which equate to extremely high service availability.
GFB have a procedure in place if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. We will assess the scope and impact of the breach. Based on the assessment of the likely risks to individuals, we will notify the individuals and/or their connected organisations that a data breach has occurred where this may result in a significant risk to the rights and freedoms of individuals, or where we may be in breach of a contractual obligation. Any such notification to individuals will be carried out as soon as reasonably possible and will include information on the nature of the breach, the name and contact details of our Data Protection representative, the likely consequences of the breach, measures taken or proposed by GFB to address it, and recommendations for affected individuals to mitigate any potential adverse effects. Such individuals will also be provided advice on how to make a complaint to the ICO.
If, due to the nature of the breach that GFB is required to inform the ICO, we will do so within 72 hours of becoming aware of the essential facts of the breach. Such notification must include at least: your name and contact details; the date and time of the breach (or an estimate); the date and time we detected it; basic information about the type of breach; and basic information about the personal data concerned.
Your right to withdraw
If you do not wish GFB to use your personal data for direct marketing of our goods and services, You have the right to withdraw your consent at any time and can unsubscribe using the link in any email you have received from us or you can notify us in writing either by email to email@example.com or at the following address:
GFB (Getfeedback) Ltd
The White House
In accordance with the General data Protection Regulation we will ensure that people are made to actively opt-in to continue to receive our direct marketing from 25th May 2018.
GFB's online assessment platform includes shredder functionality that on request can be used to shred personal data such as name or email address. This data is removed and only non attributable data is retained for research purposes only where required.
What are session cookies?
Session cookies allow users to be recognised within a website so any page changes or item or data selection you do is remembered from page to page. Session cookies are stored in temporary memory and are not retained after the browser is closed. Session cookies do not collect information from the user’s computer. They typically will store information in the form of a session identification that does not personally identify the user.
3rd party cookies
If you click on a link from GFB's websites to any third party websites you may be sent cookies from these third party websites. Third party websites will have their own privacy and cookie policies which GFB cannot control. Please check the third-party websites for more information about their cookies and how to manage them.
Who we will share your data with
We do not sell, rent or exchange your personal information with any other third party for commercial reasons. If you are applying for a vacancy with a potential employer, then, by submitting this information, you grant us the right to share this information with your potential employer and your recruitment agent. If you are undertaking an internal assessment with your current employer, then, by submitting this information you grant us the right to share this information with your current employer.
How you can obtain data we hold about you
You have the right to know what information we hold on our system about you at any given time. To obtain details of the information we hold as it relates specifically to you, you may contact GFB at the following address:
GFB (Getfeedback) Ltd
The White House
When contacting us to ascertain the information we hold about you, it would be helpful if you could provide us with details of your full name, company and email address.
How you can contact us
If you have any questions about privacy please email us at firstname.lastname@example.org or contact GFB at the above address.
You have the right to complain to the ICO if you think there is a problem with the way we are handling your data.
Changes to the policy
GFB (Getfeedback) Ltd reserves the right to modify or update the policy from time to time.