Survio recognizes that its customers, visitors, users and others utilizing the Survio System or visiting the Survio website value their privacy. This document (Personal Data Protection Rules) contains important information pertaining to the processing of personal data by our company.
Survio would therefore like to inform you of the principles and procedures in the processing of personal data, which is conducted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).
Please note: In the event of any discrepancies between the English and Czech language version of these Personal Data Protection Rules, the English version shall prevail. The English version is available at: www.survio.com.
The following terms, among others, are used within the text – “User”, “Survio Sites/Questionnaires” and “Third Party”, the definitions of which are set out in the Terms.
Further, under the term “Agreement”, Survio means a legal act on the basis of which the provider undertakes to provide you with its services, whether for payment or free of charge.
Under the term “Survio System”, Survio means software that enables Users to create questionnaires/surveys according to the User’s requirements.
Controller’s Identification and Contact Information: Survio s.r.o., identification number (IČ) 28300785, with its registered office at: Brno, Hlinky 995/70, ZIP code 60300, Czech Republic, contact address: Hlinky 78a, Brno, 603 00, Czech Republic, a company registered in the Commercial Register with the Regional Court in Brno, section C, file 59684 (hereinafter also referred to as “Survio” or “we”), contact e-mail: firstname.lastname@example.org.
Data Protection Officer: Survio has appointed a Data Protection Officer to help address any data protection issues. If any such issues arise, please contact the Data Protection Officer directly. The Data Protection Officer is available to help you deal with inquiries regarding the handling of personal data or to provide additional information on the protection of personal data:
Name: Richard Žižka
Phone: +420 725 008 003
Transfer of Personal Data to a Third Country or International Organization: In cases where Survio transfers your personal data to non-EU countries, it always ensures compliance with Article 44, et seq., of the GDPR and also requires compliance from personal data processors. Survio will transfer data only to non-EU countries that are able to ensure the level of protection provided under the GDPR. This level of protection is ensured in particular by the adequacy decision issued by the EU Commission or the application of standard data protection clauses in accordance with Article 46(2)(c) of the GDPR.
Survio does not transfer personal data to third countries or international organizations, except for the transfer of personal data to Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, which operates the SendGrid service. This processor shall ensure an adequate level of security of personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and Directive 95/46/EC, on the basis of standard contract clauses, please see: https://www.twilio.com/legal/data-protection-addendum.
Automated Individual Decision-Making: Survio does not conduct profiling or automated individual decision-making.
Information on the Purpose of Data Processing: If personal data are being processed for the purpose of fulfilling an agreement or fulfilling legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.
Supervisory Authority: The relevant supervisory authority according to Survio’s registered office is the Office for Personal Data Protection with its registered office at: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, e-mail: email@example.com, tel.: +420 234 665 125.
Certification: Survio declares that it has obtained the ISO/IEC 27001 certification, which guarantees that the company meets internationally recognized standards for information security management systems.
Survio operates both in the position of a personal data controller, as well as in the position of a personal data processor. Survio operates in the position of a personal data controller in relation to the personal data of Users and of natural persons who visit the Survio website (Art. II of these Rules). In relation to personal data that the User stores on Survio servers (the User puts together a questionnaire in which respondents fill in their personal data), Survio operates as a processor, as it only provides the User with data space for the purposes of data storage. The controller of such personal data is the User itself (Art. III of these Terms).
Survio operates in the position of a personal data controller in relation to the personal data of Users and natural persons who visit the Survio website.
For the purpose of fulfilling agreements (in particular communicating with customers and concluding agreements), implementing measures taken before the conclusion of an agreement (negotiations before the conclusion of an agreement) or fulfilling legal obligations (in particular bookkeeping and issuance and registration of tax documents), Survio processes primarily the following personal data: name, surname, company name, identification number, tax identification number, residence/registered address, phone number, and e-mail address.
Survio also processes data that it obtains from the User and other natural persons through their use of the Survio system or their visits to the Survio website: cookie files, protocol files (IP address, or other online identifiers). Such personal data is processed on the basis of our legitimate interest or your consent.
Based on legitimate interest or your consent, Survio processes: e-mail address, phone number (sending business messages/newsletters by e-mail and SMS, providing direct marketing).
In the event that Survio intends to process different personal data than as stated in this article, or for different purposes, it can only do so on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted in a separate document.
Survio declares that it does not process the payment information of Users. All payment information is processed by a third party, specifically by the company cleverbridge AG, with registered office at Gereonstr. 43-65, 50670 Cologne, Federal Republic of Germany.
Information on the processing of personal data of employees is provided in a separate internal regulation.
As the controller of personal data, Survio does not process the personal data of Users that fall under special categories of personal data pursuant to Article 9 of the GDPR.
Survio processes your personal data for as long as there is a legal reason to keep it, after which we will delete the data immediately.
The specified scope of Users‘personal data of (name, e-mail address, and address) is processed for the duration of the contractual relationship and subsequently for a maximum of 5 years from the termination of the contractual relationship.
Personal data processed for the purpose of fulfilling obligations arising from special legal regulations, such as legal data retention or documentation obligations, is processed by Survio for the period specified by the applicable laws. These include, in particular, data retention obligations under applicable civil, commercial or tax laws. If the data retention obligation ceases, the personal data will be deleted immediately.
Survio obtains personal data directly from data subjects when entering into the Agreement. Survio always informs data subjects as to which of their personal data they must provide for the purposes of fulfilling the Agreement.
When visiting our website:
When visiting our website, Survio collects, processes, and stores the following types of data: browser type and language, IP address of the accessing computer, server requests, incl. time information and the referring URL (i.e. the address of the previous website, if you were redirected to the Survio website by clicking on a link).
This data is necessary in order for the website to be displayed correctly. In addition, this data can also be used as needed to keep the website secure (for example, to prevent hacking attempts). The IP address and browser language are also used to suggest the appropriate language settings for our website. The referring URL is used in anonymised form for statistical purposes. For technical security reasons and in particular to deter attempts to attack the Survio server, this type of data shall be processed in accordance with Article 6(1)(f) of the GDPR.
Customer care, answering questions and technical support:
You can use the Survio website for inquiries or to request technical support.
The contact e-mail or the form available after logging in is used to enter the data necessary for communication (e-mail address or phone number) and to write a message (Article 6(1)(a)(b) of the GDPR). This data is used to manage customer relationships (the course of contact) and to answer your questions/provide technical support.
If an individual solution needs to be adopted, especially in the case of a request for a phone consultation, you may be asked to provide the necessary data that Survio will process in order to provide an adequate level of support to the individual customer. It may include, in particular: name, surname, and employee position in the case of a corporate customer.
You may also be contacted in order to receive customer care by Survio. If you would like to participate in and possibly customise Survio services to your needs, you may be asked to provide contact information, in particular: name, surname, and employee position in the case of a corporate customer.
When using all communication channels, Survio adheres to the principle of data minimisation, so that you only have to enter data that Survio needs to be able to contact you and process your request.
In addition, for technical security reasons and to prevent attack attempts, your IP address is processed.
Conclusion of a contract:
Contact and billing information are required to process an order.
Your data provided within an order is processed by Survio only for the purpose of implementation or performance of the contractual relationship (Article 6(1)(a)(b) of the GDPR), unless expressly provided for other purposes.
The principle of data minimisation and avoiding unnecessary data is observed by providing only the information that Survio necessarily needs to perform the contract or to fulfill its contractual obligations (i.e. your name, ID number, address, e-mail address) or in respect to data which Survio has a legal obligation to handle. Survio does not process your payment details in any way; you only communicate this information to cleverbridge AG; please see below.
For technical and security reasons, your IP address is also processed. Of course, you may provide other information about yourself; however, the provision of such information is voluntary.
If you have subscribed to the newsletter, Survio will collect and process the following data: address, surname, name, and e-mail address.
For statistical purposes, we also perform anonymous link tracking.
Registration / Customer account:
On our website, Survio offers Users the opportunity to register by entering personal data.
Registration is therefore required either for the performance of the contract (via the Survio online shop) with you or to carry out pre-contractual measures (Article 6(1)(a)(b) of the GDPR).
At the same time, Survio adheres to the principle of data minimisation and the avoidance of unnecessary data collection, so only the necessary fields are marked as mandatory when registering. Mandatory data include the e-mail address and password, including the password repeat. Other fields are optional and are marked as such.
By registering on the Survio website, the User’s IP address, date and time of registration (technical data in the background) are also stored. By clicking the “Register” button, you complete the creation of your customer account.
Please note: Survio will store your password in encrypted form. Survio employees cannot read this password. Therefore, they cannot provide you with any information if you forget your password. In this case, use the “Forgot Password” feature to receive an automatically generated new password by e-mail.
Survio uses the services of cleverbridge AG, a third-party partner, to handle and process your payments. In accordance with the principle of data minimisation, Survio does not process any payment data and you only communicates such data to cleverbridge AG.
Further details on data protection at cleverbridge AG can be found at: https://www.cleverbridge.com.
Product demonstration requests:
Survio provides parties interested in the product with the opportunity to have the product demonstrated. When a demonstration is requested, Survio requests information about the interested party in order to prepare and provide the demonstration. For this reason, Survio processes the following data of the interested party: surname, first name, e-mail address, phone number, field of business, job title and number of employees.
Survio provides the User with data space for the purposes of storing data operated within the Survio system, on Survio servers. The User’s data may also include the personal data of natural persons. In regard to personal data that the User stores on our servers (personal data of respondents), Survio operates as a personal data processor. The controller of such personal data is the User itself.
If you will be collecting the personal data of natural persons through questionnaires, you become a personal data collector and you are obligated to comply with all personal data protection rules set out by the GDPR and by other legal regulations governing such issue. Survio does not bear any liability for a breach of personal data protection rules by Users.
The utilization of the Survio system may be subject to the principles and rules of the given User, if Users have such principles. Users are allowed to refer to their policies directly in the questionnaire. If you provide your personal data to Users, contact the User directly with any questions regarding personal data protection, as the User is in the position of a personal data controller. Survio cannot be liable for the personal data protection principles or security procedures used by the User, which may differ from these Personal Data Protection Rules.
Survio is not entitled to publish information about its Users (personal data controllers). If you have provided your personal data when filling out the questionnaire, you have the right to contact the User through Survio in order for the User to fulfill its information obligation. Survio will inform you that Survio has forwarded your request to the User. Survio is not responsible for the User’s decision on whether to accept your request. If your request has not been satisfactorily resolved, you have the opportunity to request the deletion of personal data in accordance with the GDPR.
Survio does not conduct any operations with Users’ data, including personal data, with the exception of storing them on Survio servers, does not intervene in them in any manner, does not modify them, does not make them accessible, nor does it transfer them to third parties (with the exception of making them accessible to state authorities in accordance with the law), unless the Agreement provides otherwise. The sole purpose of handling such personal data is their storage and the possibility of them being accessed by the User.
Survio only process such personal data of respondents that will be stored through a Survio questionnaire on Survio servers, i.e. data that end users fill into questionnaires within the Survio system. These may be primarily name, surname, gender, age, job position, residence address, e-mail, etc.
In the event that data belonging to special data categories is stored on the Survio servers, the User is responsible for the lawfulness of obtaining and handling such data in accordance with the GDPR and the applicable national laws. Survio reserves the right to remove such personal data from its servers if Survio finds non-compliance with the conditions for processing personal data of special categories. Before deleting the personal data of respondents, Survio contacts the User with a request for correction.
Survio processes personal data for the duration of the contractual relationship with the User. After the account is cancelled by the User, all data are erased. Users are entitled to request the deletion of data at any time during the contractual relationship. In the event of receipt of the User’s request to delete data, Survio will delete all data without undue delay, but no later than within 15 days of receiving such a request.
Survio does not transfer personal data to any other controllers. Processors of personal data are:
The processing of personal data may be conducted by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with the definition of the purpose of processing, whereby processors cannot use data for other purposes.
Under certain conditions, personal data may be made available to state authorities (courts, police, notaries, financial authorities, etc., within the scope of the exercise of their statutory powers) or may be provided to other entities within the scope as set out by a special law.
For the purpose of securing the User’s data against their unauthorized or accidental disclosure, Survio utilizes reasonable and appropriate technical and organizational measures.
Technical measures consist in the application of technologies that prevent unauthorized access to the User’s data by third parties, in particular the use of firewalls, updated antivirus programs, etc. For the purpose of maximum protection, Survio uses encryption of the User’s and end users’ data, primarily including passwords for logging into the Survio system, communication within the Survio system and all data stored on servers. Survio uses TLS/SSL (Transport Layer Security/Secure Socket Layer) encryption for data transmission. Access to areas with a high concentration of personal data processing is protected by electronic security systems.
Organizational measures comprise a set of rules for our employees’ behaviour and are incorporated into Survio’s internal regulations, which are, however, considered confidential due to security reasons. The procedures are based exclusively on the “need to know” principle. Survio thus limits the number of persons who have access to personal data and the ability to handle personal data. Employee access to personal data, as well as methods of handling it, is closely monitored.
Survio takes to ensure that, in the event of the placement of servers at a data center operated by a third party, similar technical and organizational measures are also implemented by such third party.
All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Czech Republic.
As a data subject, you have:
Survio uses cookie files, which are small text files that identify the user of the website www.survio.com and record the user’s user activities. The text in a cookie file is often comprised of a series of numbers and letters that positively identify the user’s computer, but do not provide any specific personal data on the User. The cookie usually contains the domain name from which it was sent, information on the age of the cookie, and an alphanumeric identifier.
The website www.survio.com automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data. In addition, Survio records the request from the browser and the time of the request, as well as the status and the amount of data transferred within this request.
Survio also collects information about your browser and your computer’s operating system and their versions. It also records the website from which you accessed the Survio website. Your computer’s IP address is only stored for as long as the website is used and for the following three months. After three months, the IP address is deleted or anonymised by truncation.
This data is used by Survio to operate the website, in particular to identify and remedy any errors, to determine the use of the website and to make adjustments or improvements. These are the purposes for which Survio has a legitimate interest in the processing of data pursuant to Article 6(1)(f) of the GDPR.
Based on its legitimate interest (Article 6 (1)(f) of the GDPR), Survio uses technically necessary cookies, which are necessary for the operation of the website and to ensure its functionality. Survio uses two types of cookies, persistent cookies and session cookies. Persistent cookies remain on your hard drive even after you close your browser. Persistent cookies may be used by the browser during further visits to the website: www.survio.com. Persistent cookies can be deleted. Session cookies are temporary and are deleted as soon as you close your browser.
In addition, Survio uses additional cookies with your permission. These cookies allow Survio to analyse how Users use our website. Survio can thus create the content of the website according to the needs of the visitors. Cookies also allow Survio to measure the effectiveness of a given advertisement and place it, for example, according to the User’s interests. Survio needs your consent to process personal data (Article 6(1)(a) of the GDPR). Of course, if you have given your consent, you can withdraw it at any time without giving a reason.
Please note: If you disable optional cookies, not all features of the Survio website may be fully usable.
Cookie files and similar technologies serve several purposes, which include:
There may also be third party cookie files located on the website www.survio.com. This may be, for example, because we have authorized a third party to conduct a website analysis. Survio utilizes the following service providers:
On its website, Survio uses the Google Analytics tracking tool from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This is how your User’s interactions with the Survio website are obtained and systematically evaluated.
In doing so, your following data is stored:
The legal basis for the processing of your personal data is your consent pursuant to Article 6(1) sentence 1 letter a) of the GDPR. You can withdraw your consent at any time.
The purpose of processing your personal data by Google Analytics is to analyse the interaction of visitors to the Survio website with the Survio website. By evaluating the data obtained here, Survio can optimize its offer and increase User comfort.
Survio deletes or anonymises data collected by Google Analytics as soon as it is no longer needed for Survio’s purposes. It takes place after 26 months.
This service may transfer the collected data to another country. Survio points out that this service may transfer data outside the European Union and the European Economic Area and to countries that do not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without any legal remedies available. Below is a list of countries to which the data is transferred. This can be done for various purposes, such as storage or processing. However, Survio is taking the measures that are possible and necessary under Article 44et seq., of the GDPR in order to ensure the level of data protection in third countries.
Learn more at: https://www.google.com/tagmanager/use-policy.html.
In addition, Google Tag Manager includes the following sub-services (Eloqua, LinkedIn Insight Tag, Hotjar, Google Ads Remarketing, Google Ads Conversion Tracking, Facebook Pixel) and Google Tag Manager, and the sub-services are linked based on your consent (Article 6(1)(a) of the GDPR). You can find the cancellation option in the description of individual sub-services. If you object to one sub-service, that objection will automatically apply to the other sub-services included in Google Tag Manager.
These services may transfer data to another country outside the European Union and the European Economic Area and to countries that do not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without any legal remedies. However, we take measures that are possible and necessary according to Article 44et seq., of the GDPR in order to ensure the adequate level of data protection in third countries.
Cookies are set by Microsoft Corporation.
The cookies set by CookieYes Limited are used to check:
Cookies are set by Cloudflare, Inc.
Cookies are set by LinkedIn Corporation.
G2.com, Inc. This cookie is used to store information on the User’s session with a unique session ID. It stores information such as referrer, landing page, and other.
Cookies are set by Facebook, Inc.
This cookie is used:
Cookies are set by Datadog, Inc. The RUM SDK browser relies on cookies to store session information and track the User’s session on various websites. These are first-party files (set up on your domain) that aren't used for cross-site tracking. More information on: https://docs.datadoghq.com/real_user_monitoring/browser/troubleshooting/#rum-cookies
Cookies are set by Seznam.cz, a.s.
Instructions for blocking or removing cookie files in browsers can generally be found in the personal data protection principles or in the user guide documentation of individual browsers.
The User’s browser automatically reports certain information upon every display of the website www.survio.com. When registering on the website www.survio.com or when browsing the website, servers automatically record certain information that the web browser sends upon every visit to the website. These server protocols (so-called “log files”) may contain information such as a web request, IP address, type of internet browser, browser language, linking / exit sites and URLs, platform type, number of clicks, domain names, entry portals, number of pages seen and the order of such pages, the amount of time spent on certain pages, the date and time of a submitted request, and one or more cookie files that may positively identify the web browser.
Survio declares that in the provision of personal data protection, it abides primarily by the following legal regulations:
All of the legislation based upon Article 16 of the Treaty on the Functioning of the European Union and Article 7 and 8 of the Charter of Fundamental Rights of the European Union, specifically:
Survio is present on social networks to facilitate communication with customers, interested parties and Users who are logged in there and to inform them about Survio’s offers.
Please note that you use these platforms and their features at your own risk. This is especially true for using interactive features (e.g. commenting, sharing or rating). Survio also points out that your data may be processed outside the European Union.
In addition, your data may be processed for market research and advertising purposes. In this way, for example, it is possible to create User profiles using your User behaviour and interests. For example, ads that are likely to match your interests may be turned on or off within the platform. For this purpose, so-called cookies are usually stored on your computer. Independently, User profiles can also store data that was not obtained directly from your end device (especially if you are a member of the respective platform and you are logged in to it).
As a provider of this information service, Survio does not collect or process any other data about your use of its service beyond this scope.
The processing of the User’s personal data takes place on the basis of Survio’s legitimate interests in effective User information and communication with the User pursuant to Article 6(1) sentence 1 letter f) of the GDPR.
By entering into the Agreement, the User confirms that it has acquainted itself with these Personal Data Protection Rules.
Last modified 2021-08-26.