Now we’re not handing out legal advice here, just a quick explanation about what Feefo do with your customers data, to help you understand what you might need to cover…
Controllers and Processors
Feefo acts as your data processor when it sends feedback invitations to your customers at your request. We are also a data controller, of feedback when we receive the review from your customers, and of responses you send to your customers. We’re essentially the middle man.
To address this within your policy, you will need to include;
- The personal data used for the activity. Feefo sends email invitations using name, email address and the product/service purchased to send invitation emails.
- Where you obtained the personal data from, for example your order form.
- The purpose for processing that personal data, for example only “to ask you for feedback via email”.
- The legal basis for processing – merchants may be able to rely on “legitimate interests”, provided that they have done, and are satisfied with the outcome of, a legitimate interests assessment.
- Who you share the personal data with to achieve this purpose – that’s us!
We even did the hard work for you and wrote an example!
“How do we use personal data to ask you for feedback via email?
We share your name, email address and the product/service you purchased (as obtained during the order process) with Feefo, who will send you an email on our behalf asking you to complete a review. Our legal basis for doing this is our legitimate interest in asking for feedback in order to improve our products and services.
Any questions just ask! Email us at GDPRcompliance@feefo.com, and we will be sure to help.