Last updated: July 1, 2019
The GDPR expands the privacy rights of EU individuals and places new obligations on all organisations that market, track, or handle EU personal data. SurveyEngine has decided to adopt these regulations uniformly and globally.
Below is a summary of how GDPR will impact you and your data.
What are we doing?
An audit of GDPR compliance has been made yielding changes to a number of internal processes, policies communications, such as this one, with all individuals and companies SurveyEngine is conducting business with. Specifically, we have:
- Updated our privacy and cookies policy and harmonised these with our terms of service.
- Initiated training sessions for all staff on GDPR compliance.
- Required all EEA supplier contracts to be GDPR compliant.
- Established GDPR compliant respondent data collection policies as the default, for example, 18 years or older, no cookies and anonymised data collection.
- Broadened the GDPR requirement of ‘Special Category Data’ to include any PII (personally identifiable information) for all countries.
What does this mean for you and your data?
Within the provisions of contractual and legitimate interests, your data won’t be shared outside the company without consent. Your data may be held within the company for a minimum of 5 years and you will have the right to access this information, update it, delete it, restrict processing or object to its use by SurveyEngine GmbH.
If you are a Supplier…
We will hold your data insofar as it is necessary to fulfill mutual contractual obligations. If you are also a data processor, such as a panel, recruiter or market research company, you will be required to demonstrate to SurveyEngine current and ongoing GDPR compliance.
If you are a Customer or Subscriber…
As with suppliers, we will hold your data that we need in order to fulfill our contractual obligations with you.
If you are a Colleague, Partner, Former Client or Business contact…
If you are not currently involved contractually with SurveyEngine but have been in contact with SurveyEngine or its team as part of a normal business inquiry, SurveyEngine continues to collect and retain your contact information, record conversation notes and communicate for internal business operations.
If you are a Respondent…
Non-PII (Personally Identifiable Information) gathering methods continue to be the favored way of collecting response data. This will be ensured through the use of anonymous respondent keys and anonymous IP hashes. In addition, any panel or recruiter acting as a data processor for SurveyEngine will be required to be compliant with the provisions of GDPR.
Where PII collection methods are a requirement, specific informed consent will be sought from respondents as the legal basis for processing data as well as their subject access rights as per the GDPR.
Contacting our Data Protection Officer
For more information on the role of our data protection officer click here.