Working safety in our application, sign-in process, collecting survey responses, storage and data protection are our top priorities.
1. Who is who according to GDPR?
It is the data subject who responds to the survey and has to give the consent to the data processor to process the data.
- Customers and users of Survio
They are the processors of personal data, authors of the surveys who are collecting responses from respondents. They need to obtain permission from respondents to process data (answers). As such, you are required to comply with all GDPR and privacy policies.
It acts in relation to its own users and customers as the data processor, since it only provides the application and a space for data storage purposes.
2. Encrypted communication - SSL certificate
We use SSL EV certificates with Extended Validation from Symantec. This type of certificate provides the highest possible website security with information about the organization for which it has been exposed (mainly used in the financial and banking sector).
All surveys where data collection and encryption are the most important priority are also secured with EV certificates. The ECC algorithm, currently the safest in the world (64,000 times stronger encryption) is used.
3. Malware and vulnerability
Symantec also performs weekly automated site security audits and regular scanning for malware and viruses.
We do the daily backups of all data (every 24 hours). You do not have to worry about losing any answers. If you have the Elite plan, you can set automatic back-ups of your responses and results to file sharing services such as Dropbox, Google Drive and MS One Drive.
5. Physical security
Survio's infrastructure is hosted in accredited 24/7/365 data centers, under CCTV systems, RFID access, access logging, and in locked servers. Only a limited number of selected people who have signed NDA contracts can have access to the servers themselves.