Posted on: 2018-02-23
Last updated: 2018-02-23
GDPR for account owners
SurveyLegend provides an online solution for creating surveys, forms and polls. Our users create questionnaires using our tool, and our system collects answers from their participants, on behalf of the users.
Your responsibilities
As a user of (account owner at) SurveyLegend, you must keep in mind that the new GDPR regulations will have wide-ranging impacts on organisations collecting and processing data in the EU. So if you’re running online survey campaigns such as employee or customer experience programs, it’s likely you’ll be affected.
There are a lot of changes with the new rules. Make sure to familiarise yourself with them. Here are just some of the key changes which are likely to affect your customer or employee experience programs:
Data correction
Individuals will have the right to request their data is rectified or erased, or they can request restrictions on its processing. Often referred to as
the right to be forgotten.
The rules explicitly state it must be as easy to withdraw your data as it was to consent to it in the first place. What it means for you? If your respondents contact you and ask you to remove their answers (responses), you must comply according to the GDPR. To delete a respondent’s data, go to the respective survey, then navigate to the
Individual responses view, search for the respondent, and
delete their responses.
Data permissions
An individual will now have to take affirmative action in order for a business to store and use their data. So permission needs to be expressly given through a deliberate action for each processing purpose. Organisations may need to consider conditions for processing other than consent such as in relation to a contract, or because of a legal obligation that your organisation has.
Therefore, you must take appropriate actions to firstly inform your respondents about their rights, and secondly inform them about your privacy policy and how you or your organization handles personal or sensitive data. You may also need to ask them to allow you to record their data. This could be achieved by using a
Single selection question at the beginning of your survey.
Privacy assessment
Data processors will need to implement a high level of security to safeguard the controller’s data, and to conduct a Privacy Impact Assessment (PIA) where they are carrying out higher risk processing activities.
Since you own the data that is collected, you are solely responsible about how it is processed to shared with others. In case you need to share their collected data with 3rd parties, we have made sure that you have to possibility of doing so, without compromising the privacy of your respondents. This is done by filtering out all personally identifiable data from the displayed results, and auto generated visualized analytics page for 3rd parties, which we call
Public Analytics.
However, you as a user have
other possibilities of sharing your collected data with 3rd parties. We are not and cannot be responsible for how you share or use the data collected from respondents!
Our technology gives you the power, but power brings responsibility too. Please use it carefully.
Sensitive Personal data
Online identifiers such as IP addresses and cookies may now be considered as identifiable properties and genetic or biometric data are both now included in the definition of ‘sensitive personal data’.
Keep in mind that you as survey creator can see respondents’ IP addresses when they answer your questionnaire. This is possible both via
Individual responses view, and when you export the data.
Online visibility of your surveys
Any surveys, forms, polls, or questionnaires that you create with SurveyLegend can be accessed by a unique link, no matter if you
embed your questionnaires in a web-page using an iFrame or display them to your respondents using other technologies. These links are randomly generated by our system, and practically they can be guessed by people. This means even people who have not received your survey link may be able to access/open your survey; unless you manually
unpublish/deactivate them,
delete them,
password protect them, or completely
delete your account.
Our responsibilities
Data correction
You also have the
right to be forgotten! So, whenever you want, just login to
your account and from there
Delete your account.
Then, all your data, collected responses, uploaded files, statistics, and surveys will be permanently deleted from our servers.
Data permissions
When you register an account at SurveyLegend, you agree to our
Terms and Privacy policies. A link to this page is available in the
registration page, as well as all other pages in the footer section of our website.
Privacy assessment
In
this page, and other pages which explain our
GDPR Compliance policies, we handle all your sensitive and personal data respectfully and responsibly. They are never shared with any 3rd parties, they are never sold. We also always use the best technological advancements and latest industry standards to
protect and secure your sensitive data.
Sensitive personal data
As explained in
this page, we use online identifiers such as IP addresses and cookies to identify users who chat with us via our LiveChat support. Cookies are used for normal technical purposes such as keeping you logged-in to the app while you are creating surveys or forms.
Storage and data deletion
Any SurveyLegend user can
delete surveys and their related data manually by deleting an entire survey with all related data or a single individual response, through the web app.
To delete all data the user can close/delete their account. When closing an account, all data about the user is automatically deleted, including surveys, responses, pictures and all uploaded digital files.