Survio recognizes that its customers, visitors, users and others utilizing the Survio System or visiting the Survio website value their privacy. This document (Personal Data Protection Rules) contains important information pertaining to the processing of personal data by our company.
We would therefore like to inform you of the principles and procedures in the processing of personal data, which is conducted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).
Please note: In the event of any discrepancies between the English and Czech language version of these Personal Data Protection Rules, the English version shall prevail. The English version is available at www.survio.com.
The following terms, among others, are used within the text – “User”, “Survio Sites/Questionnaires” and “Third Party”, the definition of which is set out in the Terms.
Further, under the term “Agreement”, we mean a legal act on the basis of which the provider undertakes to provide you with its services, whether for payment or free of charge.
Under the term “Survio System”, we mean software that enables Users to create questionnaires/surveys according to the User’s requirements.
Controller’s Identification and Contact Information: Survio s.r.o., identification number (IČ) 28300785, with registered office at Brno, Hlinky 995/70, PSČ 60300, Czech republic, contact address: Hlinky 78a, Brno, 603 00, Czech republic a company registered in the Commercial Register with the Regional Court in Brno, section C, file 59684 (hereinafter also referred to as “Survio” or “we”), contact e-mail: firstname.lastname@example.org.
Data Protection Officer: A data protection officer has not been appointed.
Transfer of Personal Data to a Third Country or International Organization: Survio does not pass personal data on to third parties. This includes countries, companies or international organizations. An exception to this is data processed by Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, a provider of the SendGrid service. This entity ensures an appropriate level of securing personal data, and adheres to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), based on standard contractual clauses.
Automated Individual Decision-Making: Survio does not conduct profiling or automated individual decision-making.
Information on the Nature of the Provision of Data: If personal data are being processed for the purpose of the fulfillment of an agreement or the fulfillment of legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.
Supervisory Authority: The supervisory authority is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Praha 7, Czech republic, e-mail: email@example.com, tel.: +420 234 665 125.
Survio operates both in the position of a personal data controller, as well as in the position of a personal data processor. Survio operates in the position of a personal data controller in relation to the personal data of Users and of natural persons who visit the Survio website (Art. II of these Rules). In relation to personal data that the User stores on Survio servers (the User puts together a questionnaire in which respondents fill in their personal data), Survio operates as a processor, as it only provides the User with data space for the purposes of data storage. The controller of such personal data is the User itself (Art. III of these Terms).
Survio operates in the position of a personal data controller in relation to the personal data of Users and natural persons who visit the Survio website.
Why do we process personal data?
For the purpose of the fulfilment of an agreement or the fulfilment of legal obligations, Survio processes primarily the following personal data: name, surname, company name, identification number, tax identification number, residence/registered address, telephone, e-mail.
Survio also processes data that it obtains from the User and other natural persons through their use of the Survio system or their visits to the Survio website: cookie files, protocol files (IP address, or other online identifiers). Such personal data is processed on the basis of our legitimate interest or your consent.
In the event that Survio intends to process different personal data than as stated in this article, or for different purposes, it can only do so on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted in a separate document.
Survio declares that it does not process the payment information of Users. All payment information is processed by a third party, specifically by the company cleverbridge AG, with registered office at Gereonstr. 43-65, 50670 Cologne, Federal Republic of Germany.
For what period of time do we process personal data?
The personal data of Users are processed for the duration of the contractual relationship. After the account is cancelled by the User, all data are erased. We process personal data in order to fulfill obligations arising from special legal regulations for the time as set out by such legal regulations.
Where do we obtain personal data?
We obtain personal data directly from data subjects when entering into the Agreement. We always inform data subjects as to which of their personal data they must provide for the purposes of fulfilling the Agreement.
Survio provides the User with data space for the purposes of storing data operated within the Survio system, on Survio servers. The User’s data may also include the personal data of natural persons. In regard to personal data that the User stores on our servers (personal data of respondents), we operate as a personal data processor. The controller of such personal data is the User itself.
Notice for the User
If you will be collecting the personal data of natural persons through questionnaires, you become a personal data collector and you are obligated to comply with all personal data protection rules set out by the GDPR and by other legal regulations governing such issue. Survio does not bear any liability for a breach of personal data protection rules by Users.
Notice for respondents
The utilization of the Survio system may be subject to the principles and rules of the given User, if Users have such principles. If you provide your personal data to Users, contact the User directly with any questions regarding personal data protection, as the User is in the position of a personal data controller. We cannot be liable for the personal data protection principles or security procedures used by the User, which may differ from these Personal Data Protection Rules.
What is the purpose of processing and how do we handle data?
Survio does not conduct any operations with Users’ data, including personal data, with the exception of storing them on Survio servers, does not intervene in them in any manner, does not modify them, does not make them accessible, nor does it transfer them to third parties (with the exception of making them accessible to state authorities in accordance with the law), unless the Agreement provides otherwise. The sole purpose of handling such personal data is their storage and the possibility of them being accessed by the User.
What kind of personal data do we process?
We only process such personal data of respondents that will be stored through a Survio questionnaire on Survio servers, i.e. data that end users fill into questionnaires within the Survio system. These may be primarily name, surname, gender, age, job position, residence address, e-mail, etc.
For what period of time do we process personal data?
Survio processes personal data for the duration of the contractual relationship with the User. After the account is cancelled by the User, all data are erased.
Survio does not transfer personal data to any other controllers. Processors of personal data are:
The processing of personal data may be conducted by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with the definition of the purpose of processing, whereby processors cannot use data for other purposes.
Under certain conditions, personal data may be made available to state authorities (courts, police, notaries, financial authorities, etc., within the scope of the exercise of their statutory powers) or may be provided to other entities within the scope as set out by a special law.
For the purpose of securing the User’s data against their unauthorized or accidental disclosure, we utilize reasonable and appropriate technical and organizational measures. Technical measures consist in the application of technologies that prevent unauthorized access to the User’s data by third parties. For the purpose of maximum protection, we use encryption of the User’s and end users’ data, primarily including passwords for logging into the Survio system, communication within the Survio system and all data stored on servers. Organizational measures comprise a set of rules of behavior for our employees and are incorporated into Survio’s internal regulations, which are, however, considered confidential due to security reasons. Survio takes to ensure that, in the event of the placement of servers at a data center operated by a third party, similar technical and organizational measures are also implemented by such third party.
All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Czech Republic.
As a data subject, you have:
We use cookie files, which are small text files that identify the user of the website www.survio.com and record the user’s user activities. The text in a cookie file is often comprised of a series of numbers and letters that positively identify the user’s computer, but do not provide any specific personal data on the User.
The website www.survio.com automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data.
Cookie files and similar technologies serve several purposes, which include:
There may also be third party cookie files located on the website www.survio.com. This may be, for example, because we have authorized a third party to conduct a website analysis. Survio utilizes the following service providers:
We utilize two types of cookie files – permanent and one-time. A permanent cookie file remains on the hard disk even after the browser is closed. Permanent cookie files may be used by the browser during subsequent visits to the website www.survio.com. Permanent cookie files may be removed. One-time cookie files are temporary and are erased as soon as you close the browser.
Instructions for blocking or removing cookie files in browsers can generally be found in the personal data protection principles or in the user guide documentation of individual browsers.
The User’s browser automatically reports certain information upon every display of the website www.survio.com. When registering on the website www.survio.com or when browsing the website, servers automatically record certain information that the web browser sends upon every visit to the website. These server protocols (so-called “log files”) may contain information such as a web request, IP address, type of internet browser, browser language, linking / exit sites and URLs, platform type, number of clicks, domain names, entry portals, number of pages seen and the order of such pages, the amount of time spent on certain pages, the date and time of a submitted request, and one or more cookie files that may positively identify the web browser.
Survio declares that in the provision of personal data protection, it abides primarily by the following legal regulations:
European Union Legislation
All of the legislation based upon Article 16 of the Treaty on the Functioning of the European Union and Article 7 and 8 of the Charter of Fundamental Rights of the European Union, specifically:
Council of Europe Legislation
Czech Republic Legislation
By entering into the Agreement, the User confirms that it has acquainted itself with these Personal Data Protection Rules.
Last modified 2021-01-26.