GDPR Compliance
Visit SurveyGizmo's GDPR Command Center for the latest information.
What is EU - US Privacy Shield?
- On October 6, 2015, the European Court of Justice issued a judgement declaring as invalid the European Commission’s Decision 2000/520/EC of 26 July 2000 on the adequacy of the U.S.-EU Safe Harbor Framework.
- As of July 12, 2016 the European Commission adopted the EU - US Privacy Shield.
- As of August 4, 2017 SurveyGizmo is Privacy Shield Certified.
What are the Privacy Shield “Principles?”
Each of the following Principles have specific requirements that SurveyGizmo must comply with:
- Notice Principle - The Notice Principle describes how an organization informs individuals about the type of data collected, its purpose, how the data will be used, who gets it, and their rights to it.
- Choice Principle - The Choice Principle comprises of how an individual can opt out of communications from an organization.
- Accountability for Onward Transfer - This principle describes how the data is processed and transferred to its destination.
- Security Principle - The Security Principle includes the reasonable and appropriate security measures to protect the data.
- Data Integrity and Purpose Limitation - This Principle describes how the collected information must be limited to the information that is relevant for the purposes of processing and that the data is only kept while it is still valid.
- Access Principle - The Access Principle describes that individuals must have access to personal information about them that an organization holds and are able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of these Principles.
- Recourse, Enforcement, and Liability - This Principle outlines the way in which an individual may file a complaint and an organization's obligations and required follow up procedures for assertions, verification of compliance, and prompt response to the filed complaint.
Please read on to learn how SurveyGizmo complies with each of the above-listed principles.
How does SurveyGizmo comply with the Notice Principle?
We comply with the Notice Principle by way of our Privacy Policy; specifically how we use the information provided to us, and what we collect automatically such as cookies, web beacons, log info.
How does SurveyGizmo comply with the Choice Principle?
We comply with the Choice Principle through the ability of our customers to be able to Opt-Out by sending an email to marketing@surveygizmo.com with the subject line “Unsubscribe.”
How does SurveyGizmo comply with the Accountability Onward Transfer Principle?
We comply with the Onward Transfer Principle by being responsible for our Sub Processors and entering into a Data Processing Agreement (DPA) with them.
How does SurveyGizmo comply with the Security Principle?
We comply with the Security Principle through reasonable and appropriate security measures to protect your data from loss, misuse and unauthorized access.
How does SurveyGizmo comply with the Data Integrity and Purpose Limitation Principle?
We comply with the Data Integrity and Purpose Limitation Principle by only using the data for its intended purposes (by the specific direction of our Customers) and only keeping it until the Customer tells us to delete it.
How does SurveyGizmo comply with the Access Principle?
We comply with the Access Principle by providing Customers and Survey Respondents access to their Personal Information through an email sent to support@surveygizmo.com with the subject line "Personal Information Request".
How does SurveyGizmo comply with the Recourse, Enforcement and Liability Principle?
We comply with the Recourse, Enforcement and Liability Principle by requesting individuals send complaints to compliance@surveygizmo.com. We must respond within 45 days of receiving a complaint and if the complaint is not resolved, it can be escalated to the BBB EU Privacy Shield organization.
What does SurveyGizmo say about obtaining consent from Respondents?
Per the SurveyGizmo Services Agreement section 7.3, our Customers are responsible for obtaining the appropriate and informed consent from all their Survey Respondents. They must provide all notices and information regarding the transfer and processing of any Survey Respondent Personal Information via the SurveyGizmo Services.
What does SurveyGizmo say about the collection of data from Respondents?
Per the SurveyGizmo Privacy Policy section titled Information Provided via Surveys, SurveyGizmo collects information about Survey Respondents from and under the direction of our Customers, and has no direct relationship with the Survey Respondents.
Who should the Respondents send their questions to?
If you are a Survey Respondent and have any questions or concerns regarding our customers’ privacy practices, or if you seek access to or wish to correct, amend or delete inaccurate data, you should contact the entity from whom you received a survey.
What will SurveyGizmo do if they receive a request from a Respondent?
If a Survey Respondent requests ‘access’ to their personal information, SurveyGizmo will notify them that we will follow our procedures to address the request. SurveyGizmo will require them (the respondent) to provide the specific survey link that collected their information. In most cases, we will directly contact the owner of the survey (SurveyGizmo Customer) and notify them of the Survey Respondent’s request. SurveyGizmo will follow the directions of the Customer.
Who is SurveyGizmo’s independent dispute resolution mechanism?
The BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. Please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint.