Once a year, a company specializing in personal data protection with which we cooperate conducts an audit of the processes and procedures used at Get Feedback. The audit takes the form of a check - comprehensive or selected, audited area. The check includes in particular:
Risk analysis.
An overview of the entities to which we entrust personal data as an administrator and the contracts concluded with these entities.
An overview of the entities to which we entrust data as a processor and the contracts concluded with these entities.
Checking the completeness and validity of documents held, in particular the Personal Data Protection Policy and dedicated data protection procedures.
An overview of the technical security measures we use.
Analysis of the validity and completeness of the confidentiality declarations, authorizations and records of authorizations issued by us.
An overview of the physical security measures we use.
An overview of other organizational safeguards that help us demonstrate compliance with key data processing principles, such as accountability, minimization, purposefulness, and limitation of processing.
After each check, iSecure (the auditing company) prepares a check report containing, among others: recommendations to be implemented and the deadline for their implementation.