Privacy Policy

Survio recognizes that its customers, visitors, users and others utilizing the Survio System or visiting the Survio website value their privacy. This document (Personal Data Protection Rules) contains important information pertaining to the processing of personal data by our company.

Survio would therefore like to inform you of the principles and procedures in the processing of personal data, which is conducted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).

The Privacy policy relates to the Survio Terms of Use (hereinafter the “Terms”), which are available here.

Please note: In the event of any discrepancies between the English and Czech language version of these Personal Data Protection Rules, the English version shall prevail. The English version is available at:

The following terms, among others, are used within the text – “User”, “Survio Sites/Questionnaires” and “Third Party”, the definitions of which are set out in the Terms.

Further, under the term “Agreement”, Survio means a legal act on the basis of which the provider undertakes to provide you with its services, whether for payment or free of charge.

Under the term “Survio System”, Survio means software that enables Users to create questionnaires/surveys according to the User’s requirements.

I. Basic Information

Controller’s Identification and Contact Information: Survio s.r.o., identification number (IČ) 28300785, with its registered office at: Brno, Hlinky 995/70, ZIP code 60300, Czech Republic, contact address: Hlinky 78a, Brno, 603 00, Czech Republic, a company registered in the Commercial Register with the Regional Court in Brno, section C, file 59684 (hereinafter also referred to as “Survio” or “we”), contact e-mail:

Data Protection Officer: Survio has appointed a Data Protection Officer to help address any data protection issues. If any such issues arise, please contact the Data Protection Officer directly. The Data Protection Officer is available to help you deal with inquiries regarding the handling of personal data or to provide additional information on the protection of personal data:

Name: Richard Žižka
Phone: +420 725 008 003

Transfer of Personal Data to a Third Country or International Organization: In cases where Survio transfers your personal data to non-EU countries, it always ensures compliance with Article 44, et seq., of the GDPR and also requires compliance from personal data processors. Survio will transfer data only to non-EU countries that are able to ensure the level of protection provided under the GDPR. This level of protection is ensured in particular by the adequacy decision issued by the EU Commission or the application of standard data protection clauses in accordance with Article 46(2)(c) of the GDPR.

Survio does not transfer personal data to third countries or international organizations, except for the transfer of personal data to Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, which operates the SendGrid service. This processor shall ensure an adequate level of security of personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and Directive 95/46/EC, on the basis of standard contract clauses, please see:

Automated Individual Decision-Making: Survio does not conduct profiling or automated individual decision-making.

Information on the Purpose of Data Processing: If personal data are being processed for the purpose of fulfilling an agreement or fulfilling legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.

Supervisory Authority: The relevant supervisory authority according to Survio’s registered office is the Office for Personal Data Protection with its registered office at: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, e-mail:, tel.: +420 234 665 125.

Certification: Survio declares that it has obtained the ISO/IEC 27001 certification, which guarantees that the company meets internationally recognized standards for information security management systems.

Survio operates both in the position of a personal data controller, as well as in the position of a personal data processor. Survio operates in the position of a personal data controller in relation to the personal data of Users and of natural persons who visit the Survio website (Art. II of these Rules). In relation to personal data that the User stores on Survio servers (the User puts together a questionnaire in which respondents fill in their personal data), Survio operates as a processor, as it only provides the User with data space for the purposes of data storage. The controller of such personal data is the User itself (Art. III of these Terms).

II. Survio as a Personal Data Controller

Survio operates in the position of a personal data controller in relation to the personal data of Users and natural persons who visit the Survio website.

Why does Survio process personal data?

For the purpose of fulfilling agreements (in particular communicating with customers and concluding agreements), implementing measures taken before the conclusion of an agreement (negotiations before the conclusion of an agreement) or fulfilling legal obligations (in particular bookkeeping and issuance and registration of tax documents), Survio processes primarily the following personal data: name, surname, company name, identification number, tax identification number, residence/registered address, phone number, and e-mail address.

Survio also processes data that it obtains from the User and other natural persons through their use of the Survio system or their visits to the Survio website: cookie files, protocol files (IP address, or other online identifiers). Such personal data is processed on the basis of our legitimate interest or your consent.

Based on legitimate interest or your consent, Survio processes: e-mail address, phone number (sending business messages/newsletters by e-mail and SMS, providing direct marketing).

In the event that Survio intends to process different personal data than as stated in this article, or for different purposes, it can only do so on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted in a separate document.

Survio states that we do not process payment data (payment card numbers, interbank transactions, codes or payment tokens and other sensitive data necessary for payment processing) of Users. These types of data are processed by a third party, either by cleverbridge AG, located at Gereonstr. 43-65, 50670 Cologne, Germany or by Stripe Payments Europe Limited, located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

Information on the processing of personal data of employees is provided in a separate internal regulation.

As the controller of personal data, Survio does not process the personal data of Users that fall under special categories of personal data pursuant to Article 9 of the GDPR.

For what period of time does Survio process personal data?

Survio processes your personal data for as long as there is a legal reason to keep it, after which we will delete the data immediately.

The specified scope of Users‘personal data of (name, e-mail address, and address) is processed for the duration of the contractual relationship and subsequently for a maximum of 5 years from the termination of the contractual relationship.

Personal data processed for the purpose of fulfilling obligations arising from special legal regulations, such as legal data retention or documentation obligations, is processed by Survio for the period specified by the applicable laws. These include, in particular, data retention obligations under applicable civil, commercial or tax laws. If the data retention obligation ceases, the personal data will be deleted immediately.

Where does Survio obtain personal data?

Survio obtains personal data directly from data subjects when entering into the Agreement. Survio always informs data subjects as to which of their personal data they must provide for the purposes of fulfilling the Agreement.

When visiting our website:

When visiting our website, Survio collects, processes, and stores the following types of data: browser type and language, IP address of the accessing computer, server requests, incl. time information and the referring URL (i.e. the address of the previous website, if you were redirected to the Survio website by clicking on a link).

This data is necessary in order for the website to be displayed correctly. In addition, this data can also be used as needed to keep the website secure (for example, to prevent hacking attempts). The IP address and browser language are also used to suggest the appropriate language settings for our website. The referring URL is used in anonymised form for statistical purposes. For technical security reasons and in particular to deter attempts to attack the Survio server, this type of data shall be processed in accordance with Article 6(1)(f) of the GDPR.

Customer care, answering questions and technical support:

You can use the Survio website for inquiries or to request technical support.

The contact e-mail or the form available after logging in is used to enter the data necessary for communication (e-mail address or phone number) and to write a message (Article 6(1)(a)(b) of the GDPR). This data is used to manage customer relationships (the course of contact) and to answer your questions/provide technical support.

If an individual solution needs to be adopted, especially in the case of a request for a phone consultation, you may be asked to provide the necessary data that Survio will process in order to provide an adequate level of support to the individual customer. It may include, in particular: name, surname, and employee position in the case of a corporate customer.

You may also be contacted in order to receive customer care by Survio. If you would like to participate in and possibly customise Survio services to your needs, you may be asked to provide contact information, in particular: name, surname, and employee position in the case of a corporate customer.

When using all communication channels, Survio adheres to the principle of data minimisation, so that you only have to enter data that Survio needs to be able to contact you and process your request.

In addition, for technical security reasons and to prevent attack attempts, your IP address is processed.

Conclusion of a contract:

Contact and billing information are required to process an order.

Your data provided within an order is processed by Survio only for the purpose of implementation or performance of the contractual relationship (Article 6(1)(a)(b) of the GDPR), unless expressly provided for other purposes.

The principle of data minimisation and avoiding unnecessary data is observed by providing only the information that Survio necessarily needs to perform the contract or to fulfill its contractual obligations (i.e. your name, ID number, address, e-mail address) or in respect to data which Survio has a legal obligation to handle. Survio does not process your payment details in any way; you only communicate this information to the payment processor, ie. cleverbridge AG or Stripe Payments Europe Limited; please see below.

For technical and security reasons, your IP address is also processed. Of course, you may provide other information about yourself; however, the provision of such information is voluntary.


If you have subscribed to the newsletter, Survio will collect and process the following data: address, surname, name, and e-mail address.

For statistical purposes, we also perform anonymous link tracking.

Registration / Customer account:

On our website, Survio offers Users the opportunity to register by entering personal data.

Registration is therefore required either for the performance of the contract (via the Survio online shop) with you or to carry out pre-contractual measures (Article 6(1)(a)(b) of the GDPR).

At the same time, Survio adheres to the principle of data minimisation and the avoidance of unnecessary data collection, so only the necessary fields are marked as mandatory when registering. Mandatory data include the e-mail address and password, including the password repeat. Other fields are optional and are marked as such.

By registering on the Survio website, the User’s IP address, date and time of registration (technical data in the background) are also stored. By clicking the “Register” button, you complete the creation of your customer account.

Please note: Survio will store your password in encrypted form. Survio employees cannot read this password. Therefore, they cannot provide you with any information if you forget your password. In this case, use the “Forgot Password” feature to receive an automatically generated new password by e-mail.

Payment systems:

Survio uses the services of external third-party partners cleverbridge AG and Stripe Payments Europe Limited to handle and process your payments. In accordance with the principle of data minimization, Survio does not process payment data that you provide to cleverbridge AG or Stripe Payments Europe Limited to any extent.

Further details on data protection at cleverbridge AG can be found at:

Further details on data protection at Stripe Payments Europe Limited can be found at:

Product demonstration requests:

Survio provides parties interested in the product with the opportunity to have the product demonstrated. When a demonstration is requested, Survio requests information about the interested party in order to prepare and provide the demonstration. For this reason, Survio processes the following data of the interested party: surname, first name, e-mail address, phone number, field of business, job title and number of employees.

III. Survio as a Personal Data Processor

Survio provides the User with data space for the purposes of storing data operated within the Survio system, on Survio servers. The User’s data may also include the personal data of natural persons. In regard to personal data that the User stores on our servers (personal data of respondents), Survio operates as a personal data processor. The controller of such personal data is the User itself.

Notice for the User

If you will be collecting the personal data of natural persons through questionnaires, you become a personal data collector and you are obligated to comply with all personal data protection rules set out by the GDPR and by other legal regulations governing such issue. Survio does not bear any liability for a breach of personal data protection rules by Users.

Notice for respondents

The utilization of the Survio system may be subject to the principles and rules of the given User, if Users have such principles. Users are allowed to refer to their policies directly in the questionnaire. If you provide your personal data to Users, contact the User directly with any questions regarding personal data protection, as the User is in the position of a personal data controller. Survio cannot be liable for the personal data protection principles or security procedures used by the User, which may differ from these Personal Data Protection Rules.

Survio is not entitled to publish information about its Users (personal data controllers). If you have provided your personal data when filling out the questionnaire, you have the right to contact the User through Survio in order for the User to fulfill its information obligation. Survio will inform you that Survio has forwarded your request to the User. Survio is not responsible for the User’s decision on whether to accept your request. If your request has not been satisfactorily resolved, you have the opportunity to request the deletion of personal data in accordance with the GDPR.

What is the purpose of processing and how does Survio handle data?

Survio does not conduct any operations with Users’ data, including personal data, with the exception of storing them on Survio servers, does not intervene in them in any manner, does not modify them, does not make them accessible, nor does it transfer them to third parties (with the exception of making them accessible to state authorities in accordance with the law), unless the Agreement provides otherwise. The sole purpose of handling such personal data is their storage and the possibility of them being accessed by the User.

What kind of personal data does Survio process?

Survio only process such personal data of respondents that will be stored through a Survio questionnaire on Survio servers, i.e. data that end users fill into questionnaires within the Survio system. These may be primarily name, surname, gender, age, job position, residence address, e-mail, etc.

In the event that data belonging to special data categories is stored on the Survio servers, the User is responsible for the lawfulness of obtaining and handling such data in accordance with the GDPR and the applicable national laws. Survio reserves the right to remove such personal data from its servers if Survio finds non-compliance with the conditions for processing personal data of special categories. Before deleting the personal data of respondents, Survio contacts the User with a request for correction.

For what period of time does Survio process personal data?

Survio processes personal data for the duration of the contractual relationship with the User. After the account is cancelled by the User, all data are erased. Users are entitled to request the deletion of data at any time during the contractual relationship. In the event of receipt of the User’s request to delete data, Survio will delete all data without undue delay, but no later than within 15 days of receiving such a request.

IV. Recipients of Personal Data

Survio does not transfer personal data to any other controllers. Processors of personal data are:

The processing of personal data may be conducted by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with the definition of the purpose of processing, whereby processors cannot use data for other purposes.

Under certain conditions, personal data may be made available to state authorities (courts, police, notaries, financial authorities, etc., within the scope of the exercise of their statutory powers) or may be provided to other entities within the scope as set out by a special law.

V. Data Security Methods

For the purpose of securing the User’s data against their unauthorized or accidental disclosure, Survio utilizes reasonable and appropriate technical and organizational measures.

Technical measures consist in the application of technologies that prevent unauthorized access to the User’s data by third parties, in particular the use of firewalls, updated antivirus programs, etc. For the purpose of maximum protection, Survio uses encryption of the User’s and end users’ data, primarily including passwords for logging into the Survio system, communication within the Survio system and all data stored on servers. Survio uses TLS/SSL (Transport Layer Security/Secure Socket Layer) encryption for data transmission. Access to areas with a high concentration of personal data processing is protected by electronic security systems.

Organizational measures comprise a set of rules for our employees’ behaviour and are incorporated into Survio’s internal regulations, which are, however, considered confidential due to security reasons. The procedures are based exclusively on the “need to know” principle. Survio thus limits the number of persons who have access to personal data and the ability to handle personal data. Employee access to personal data, as well as methods of handling it, is closely monitored.

Survio takes to ensure that, in the event of the placement of servers at a data center operated by a third party, similar technical and organizational measures are also implemented by such third party.

All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Czech Republic.

VI. Rights of Data Subjects

As a data subject, you have:

VII. Cookie Files and Protocol Files

Survio uses cookie files, which are small text files that identify the user of the website and record the user’s user activities. The text in a cookie file is often comprised of a series of numbers and letters that positively identify the user’s computer, but do not provide any specific personal data on the User. The cookie usually contains the domain name from which it was sent, information on the age of the cookie, and an alphanumeric identifier.

The website automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data. In addition, Survio records the request from the browser and the time of the request, as well as the status and the amount of data transferred within this request.

Survio also collects information about your browser and your computer’s operating system and their versions. It also records the website from which you accessed the Survio website. Your computer’s IP address is only stored for as long as the website is used and for the following three months. After three months, the IP address is deleted or anonymised by truncation.

This data is used by Survio to operate the website, in particular to identify and remedy any errors, to determine the use of the website and to make adjustments or improvements. These are the purposes for which Survio has a legitimate interest in the processing of data pursuant to Article 6(1)(f) of the GDPR.

Types of cookies

Based on its legitimate interest (Article 6 (1)(f) of the GDPR), Survio uses technically necessary cookies, which are necessary for the operation of the website and to ensure its functionality. Survio uses two types of cookies, persistent cookies and session cookies. Persistent cookies remain on your hard drive even after you close your browser. Persistent cookies may be used by the browser during further visits to the website: Persistent cookies can be deleted. Session cookies are temporary and are deleted as soon as you close your browser.

In addition, Survio uses additional cookies with your permission. These cookies allow Survio to analyse how Users use our website. Survio can thus create the content of the website according to the needs of the visitors. Cookies also allow Survio to measure the effectiveness of a given advertisement and place it, for example, according to the User’s interests. Survio needs your consent to process personal data (Article 6(1)(a) of the GDPR). Of course, if you have given your consent, you can withdraw it at any time without giving a reason.

Survio uses the CookieYes Consent Management platform to obtain and manage your consent. It is operated by CookieYes Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, England, MK12 5NW, United Kingdom. The CookieYes Consent Management platform uses JavaScript to collect device information, browser information, anonymisedanonymised IP address, login and logout information, date and time of visit, URL requests, website path and geographical location. This JavaScript allows CookieYes Limited to inform Users about certain tags and web technologies on our website and to obtain, manage and document their consent. The legal basis for data processing is Article 6(1)(c) of the GDPR, and Survio is required by law to provide proof of consent (in accordance with Article 7(1) of the GDPR). The aim is to know the preferences of Users and to implement and legally document them accordingly. The data will be deleted as soon as it is no longer needed for logging and there are no legal retention requirements. Consent data (consent and withdrawal of consent) are stored for a period of three years. The data will then be deleted immediately or provided to the relevant authority in the form of a data export upon request. The User can permanently prevent the execution of JavaScript at any time using the appropriate settings in the User’s browser, which would also prevent CookieYes Limited from running JavaScript. For more information on the privacy of CookieYes Limited, please visit:

Please note: If you disable optional cookies, not all features of the Survio website may be fully usable.

Why does Survio use cookies?

Cookie files and similar technologies serve several purposes, which include:

There may also be third party cookie files located on the website This may be, for example, because we have authorized a third party to conduct a website analysis. Survio utilizes the following service providers:

Google Analytics

On its website, Survio uses the Google Analytics tracking tool from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This is how your User’s interactions with the Survio website are obtained and systematically evaluated.

In doing so, your following data is stored:

The legal basis for the processing of your personal data is your consent pursuant to Article 6(1) sentence 1 letter a) of the GDPR. You can withdraw your consent at any time.

The purpose of processing your personal data by Google Analytics is to analyse the interaction of visitors to the Survio website with the Survio website. By evaluating the data obtained here, Survio can optimize its offer and increase User comfort.

Survio deletes or anonymises data collected by Google Analytics as soon as it is no longer needed for Survio’s purposes. It takes place after 26 months.

This service may transfer the collected data to another country. Survio points out that this service may transfer data outside the European Union and the European Economic Area and to countries that do not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without any legal remedies available. Below is a list of countries to which the data is transferred. This can be done for various purposes, such as storage or processing. However, Survio is taking the measures that are possible and necessary under Article 44et seq., of the GDPR in order to ensure the level of data protection in third countries.

Google Tag Manager

The Survio website uses Google Tag Manager from Google Ireland Limited, Google Gordon House Building, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service makes it possible to manage tags on a website via the User interface. The Tag Manager tool itself (which implements tags) is a domain that does not use cookies. In principle this means: no cookies are used and no personal data is collected. Google Tag Manager runs other tags that can collect data. However, Google Tag Manager does not access such data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags that are implemented together with Google Tag Manager.

Learn more at:

In addition, Google Tag Manager includes the following sub-services (Eloqua, LinkedIn Insight Tag, Hotjar, Google Ads Remarketing, Google Ads Conversion Tracking, Facebook Pixel) and Google Tag Manager, and the sub-services are linked based on your consent (Article 6(1)(a) of the GDPR). You can find the cancellation option in the description of individual sub-services. If you object to one sub-service, that objection will automatically apply to the other sub-services included in Google Tag Manager.

These services may transfer data to another country outside the European Union and the European Economic Area and to countries that do not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without any legal remedies. However, we take measures that are possible and necessary according to Article 44et seq., of the GDPR in order to ensure the adequate level of data protection in third countries.


Cookies are set by Microsoft Corporation.


The cookies set by CookieYes Limited are used to check:


Cookies are set by Cloudflare, Inc.


Cookies are set by LinkedIn Corporation.

G2Crowd, Inc. This cookie is used to store information on the User’s session with a unique session ID. It stores information such as referrer, landing page, and other.


Cookies are set by Facebook, Inc.

This cookie is used:


Cookies are set by Datadog, Inc. The RUM SDK browser relies on cookies to store session information and track the User’s session on various websites. These are first-party files (set up on your domain) that aren't used for cross-site tracking. More information on:


Cookies are set by, a.s.

Cookie Settings

The majority of web browsers accept cookie files automatically. However, it is possible to utilize the controls that enable them to be blocked or removed. Users of the website are thus entitled to set their browser in such a way so that the use of cookies on their computer is prevented.

Instructions for blocking or removing cookie files in browsers can generally be found in the personal data protection principles or in the user guide documentation of individual browsers.

Protocol Files

The User’s browser automatically reports certain information upon every display of the website When registering on the website or when browsing the website, servers automatically record certain information that the web browser sends upon every visit to the website. These server protocols (so-called “log files”) may contain information such as a web request, IP address, type of internet browser, browser language, linking / exit sites and URLs, platform type, number of clicks, domain names, entry portals, number of pages seen and the order of such pages, the amount of time spent on certain pages, the date and time of a submitted request, and one or more cookie files that may positively identify the web browser.

VIII. Applicable Personal Data Protection Legislation

Survio declares that in the provision of personal data protection, it abides primarily by the following legal regulations:

European Union Legislation

All of the legislation based upon Article 16 of the Treaty on the Functioning of the European Union and Article 7 and 8 of the Charter of Fundamental Rights of the European Union, specifically:

Council of Europe Legislation

Czech Republic Legislation

Social networks

Survio is present on social networks to facilitate communication with customers, interested parties and Users who are logged in there and to inform them about Survio’s offers.

Please note that you use these platforms and their features at your own risk. This is especially true for using interactive features (e.g. commenting, sharing or rating). Survio also points out that your data may be processed outside the European Union.

In addition, your data may be processed for market research and advertising purposes. In this way, for example, it is possible to create User profiles using your User behaviour and interests. For example, ads that are likely to match your interests may be turned on or off within the platform. For this purpose, so-called cookies are usually stored on your computer. Independently, User profiles can also store data that was not obtained directly from your end device (especially if you are a member of the respective platform and you are logged in to it).

As a provider of this information service, Survio does not collect or process any other data about your use of its service beyond this scope.

The processing of the User’s personal data takes place on the basis of Survio’s legitimate interests in effective User information and communication with the User pursuant to Article 6(1) sentence 1 letter f) of the GDPR.

IX. Final Provisions

By entering into the Agreement, the User confirms that it has acquainted itself with these Personal Data Protection Rules.

If necessary, Survio may update these Personal Data Protection Rules. The current version of the Privacy policy will always be available on the website If a significant change occurs within these Privacy policy in regard to the manners of handling personal data, Survio will inform the User by publishing a notification in a visible manner prior to the implementation of such changes. We recommend checking the Privacy policy from time to time when utilizing the Survio system or the website

Last modified 2022-01-17.

Contact Sales

Start surveying now!

  • Build a survey Easy-to-use survey editor, 100+ ready-made survey templates
  • Collect responses Mobile friendly, omnichannel collection, identity tracking
  • Analyze results Fast and comprehensive analytics, one-click reports
  • Engage with Survio PRO User management, custom dashboards, integrations, API
  • GDPR
  • SSO
  • ISO 27001:2013