Posted on: 2018-02-23
Last updated: 2018-02-23
GDPR for account owners
SurveyLegend provides an online solution for creating surveys, forms and polls. Our users create questionnaires using our tool, and our system collects answers from their participants, on behalf of the users.
As a user of (account owner at) SurveyLegend, you must keep in mind that the new GDPR regulations will have wide-ranging impacts on organisations collecting and processing data in the EU. So if you’re running online survey campaigns such as employee or customer experience programs, it’s likely you’ll be affected.
There are a lot of changes with the new rules. Make sure to familiarise yourself with them. Here are just some of the key changes which are likely to affect your customer or employee experience programs:
Individuals will have the right to request their data is rectified or erased, or they can request restrictions on its processing. Often referred to as the right to be forgotten.
The rules explicitly state it must be as easy to withdraw your data as it was to consent to it in the first place. What it means for you? If your respondents contact you and ask you to remove their answers (responses), you must comply according to the GDPR. To delete a respondent’s data, go to the respective survey, then navigate to the Individual responses view, search for the respondent, and delete their responses.
An individual will now have to take affirmative action in order for a business to store and use their data. So permission needs to be expressly given through a deliberate action for each processing purpose. Organisations may need to consider conditions for processing other than consent such as in relation to a contract, or because of a legal obligation that your organisation has.
Data processors will need to implement a high level of security to safeguard the controller’s data, and to conduct a Privacy Impact Assessment (PIA) where they are carrying out higher risk processing activities.
Since you own the data that is collected, you are solely responsible about how it is processed to shared with others. In case you need to share their collected data with 3rd parties, we have made sure that you have to possibility of doing so, without compromising the privacy of your respondents. This is done by filtering out all personally identifiable data from the displayed results, and auto generated visualized analytics page for 3rd parties, which we call Public Analytics.
However, you as a user have other possibilities of sharing your collected data with 3rd parties. We are not and cannot be responsible for how you share or use the data collected from respondents!
Our technology gives you the power, but power brings responsibility too. Please use it carefully.
Sensitive Personal data
Online identifiers such as IP addresses and cookies may now be considered as identifiable properties and genetic or biometric data are both now included in the definition of ‘sensitive personal data’.
Keep in mind that you as survey creator can see respondents’ IP addresses when they answer your questionnaire. This is possible both via Individual responses view, and when you export the data.
Online visibility of your surveys
Any surveys, forms, polls, or questionnaires that you create with SurveyLegend can be accessed by a unique link, no matter if you embed your questionnaires in a web-page using an iFrame or display them to your respondents using other technologies. These links are randomly generated by our system, and practically they can be guessed by people. This means even people who have not received your survey link may be able to access/open your survey; unless you manually unpublish/deactivate them, delete them, password protect them, or completely delete your account.
Then, all your data, collected responses, uploaded files, statistics, and surveys will be permanently deleted from our servers.
When you register an account at SurveyLegend, you agree to our Terms and Privacy policies. A link to this page is available in the registration page, as well as all other pages in the footer section of our website.
In this page, and other pages which explain our GDPR Compliance policies, we handle all your sensitive and personal data respectfully and responsibly. They are never shared with any 3rd parties, they are never sold. We also always use the best technological advancements and latest industry standards to protect and secure your sensitive data.
Sensitive personal data
As explained in this page, we use online identifiers such as IP addresses and cookies to identify users who chat with us via our LiveChat support. Cookies are used for normal technical purposes such as keeping you logged-in to the app while you are creating surveys or forms.
Storage and data deletion
Any SurveyLegend user can delete surveys and their related data manually by deleting an entire survey with all related data or a single individual response, through the web app.
To delete all data the user can close/delete their account. When closing an account, all data about the user is automatically deleted, including surveys, responses, pictures and all uploaded digital files.