What is GDPR?
General Data Protection Regulation (in short GDPR) is a regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The regulation has replaced the EU Directive on personal data protection (95/46/EC) and has been implemented on May 25, 2018.
Regulation harmonized the approach to personal data regulations in the whole EU.
GDPR implementation in SurveyLab
Security and protection of personal data is of key importance to us. We care for safety and privacy at every stage of system design. We are constantly updating the software we use to ensure a high level of security.
Access to the application is secured by the SSL / HTTPS protocol. We enforce the use of strong passwords by our users to increase the level of security.
Our servers and therefore data are located in France in the European Union. We use OVH services. The biggest European hosting services provider.
We process only data that is necessary for the provision of services by us. To create an account in SurveyLab we need an email address. At this address, we send information confirming the creation of an account and an account activation link. To properly issue an invoice for companies, we need company registration data, e.g. company name, address, and TaxID.
System users can check their data at any time, modify it, copy or delete it by deleting the account. All these operations are possible after logging into the system in the Account tab Account settings. The user's data is stored for as long as the user does not delete them.
Automatic payments in the system are handled by specialized entities, PayPal and Stripe. In SurveyLab we only store transaction history and invoices, we never collect credit card details or information related to user's bank accounts.
Surveys and tests
All survey links are hashed to prevent unauthorized people from accessing surveys.
Users can send emails with invitations to fill out surveys and tests via SurveyLab. All invitations to fill out surveys sent using our system include an opt-out link. The respondent by clicking on the link can unsubscribe from participation in the research.
All data placed on the account by the user, e.g. contact lists, surveys, and reports on the conducted research are his property.
Periodically, we can send (in the form of a newsletter) important system messages regarding new functionalities, offers or significant changes in the application itself, the company or our business environment. On request, users can receive automatic email notifications about new responses.
Users can resign from receiving newsletters.
What GDPR regulates?
GDPR regulates the “processing” of personal data of EU residents. It includes the collection, storage, transfer and usage of data. The regulation applies to every company that is processing data, no matter if this company has a physical presence in the EU.