Effective 17 July 2026

Data Processing Addendum

This addendum explains the data-protection commitments that apply when FeedbackPilot processes personal data for a business customer.

Version 2026-07-17

Parties

The customer is the business that accepts the FeedbackPilot Terms of Service.

FeedbackPilot is the processor and operator of FeedbackPilot.

Privacy contact: support@feedbackpilot.co.uk.

1. Scope and application

This Data Processing Addendum forms part of the FeedbackPilot Terms of Service when FeedbackPilot processes personal data on behalf of a business customer. If this addendum conflicts with the Terms of Service on data-protection matters, this addendum takes priority.

2. Roles and instructions

The customer is the controller, or a processor acting for another controller, for personal data added to its workspace. FeedbackPilot acts as the processor and will process that personal data only on the customer's documented instructions, including the instructions contained in the Terms of Service and normal use of the service, unless applicable law requires otherwise.

3. Details of processing

The subject matter is the hosting and operation of FeedbackPilot. Processing continues for the subscription term and any limited retention period described in the Privacy Notice. Processing may include collecting, storing, organising, retrieving, displaying, exporting, deleting, and transmitting information as needed to provide the service. Data may include customer names and contact details, job records, private feedback, review records, testimonial permissions, improvement actions, and related support information. Data subjects may include the customer's staff, customers, prospects, contractors, and other people whose information the customer lawfully adds to the service.

4. Customer responsibilities

The customer is responsible for the lawfulness of its instructions, the personal data it provides, the notices it gives to individuals, and the permissions or lawful bases needed for processing. The customer must not instruct FeedbackPilot to process personal data in a way that breaches applicable data-protection law.

5. FeedbackPilot obligations

FeedbackPilot will ensure that people authorised to process customer personal data are subject to confidentiality obligations, use appropriate technical and organisational measures designed to protect the data, assist the customer with reasonable data-subject requests and compliance enquiries, and make information reasonably necessary to demonstrate compliance available to the customer.

6. Personal data breaches

FeedbackPilot will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data and will provide information reasonably available to help the customer meet its legal obligations. Notification does not amount to an admission of fault or liability.

7. Subprocessors

The customer gives FeedbackPilot general written authorisation to use subprocessors needed to provide the service. FeedbackPilot remains responsible for requiring subprocessors to protect customer personal data consistently with this addendum. Current subprocessors and their purposes are listed on the Subprocessor List. We will provide reasonable notice of a material new subprocessor where required so the customer can raise a reasonable data-protection objection.

See the current Subprocessor List.

8. International transfers

Where customer personal data is transferred to a country without an applicable adequacy decision, FeedbackPilot will use a lawful transfer mechanism and appropriate safeguards, such as approved contractual clauses, where required by data-protection law.

9. Return and deletion

On termination or written request, FeedbackPilot will delete or return customer personal data within a reasonable period unless applicable law requires retention. Data may remain temporarily in backups until those copies expire through the normal backup cycle. Billing, permission, security, and audit evidence may be retained where reasonably necessary or legally required.

10. Audits and enquiries

On reasonable written request, FeedbackPilot will provide information reasonably necessary to demonstrate compliance with this addendum. Audits must be proportionate, protect other customers and confidential information, and avoid unnecessary disruption. Where suitable independent reports or written responses address the request, those materials may be provided instead of an on-site audit.

11. Liability and governing law

The liability limits and governing-law provisions in the Terms of Service apply to this addendum. Nothing in this addendum limits rights or obligations that cannot legally be limited.