In order to ensure that personal data are processed fairly and lawfully, controllers must provide certain minimum information to data subjects, regarding the collection and further processing of their personal data. Such information must be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language. For instance see Article 5.1.a, 12-14 of the GDPR and recital 58 and 59 of the GDPR.
One of the ways to comply is by adding a privacy notice to your survey.
You can add such a notice by activating the survey setting Show privacy notice in footer. Once activated, a link to your own privacy notice will be shown in the footer of the survey and email invitations and you can link to it anywhere using a variable.
Creating a privacy notice for your survey
- Open the survey to which you want to add a privacy notice.
- Select Settings from the survey options menu.
- Select Options.
- Select Show privacy notice in footer. Then click Edit to type your privacy notice text and Save it. If your survey is multilingual, repeat for each language. Click View to see what the privacy notice page will look like to your respondents.
- Click Save at the bottom of the Options page.
The privacy notice will appear at the bottom of each survey page and email. You can also link to it in a question or elsewhere by adding the variable {{survey.privacyNoticeUrl}}. To add this variable, select the Variables dropdown menu in the question editor and select Privacy Notice.
Creating a privacy notice template at the account level
If you often create similar surveys, you can create a reusable privacy notification template at the account level. The account manager can do this by completing the following steps:
- Select Account from your profile menu in the top right corner of the page.
- Select Legal & compliance.
- Select Privacy Notice. Then click Edit. Create a privacy notice template for each language in which you create surveys.
If a survey owner or account manager activates the privacy notification at the survey level, the text of this template will be displayed. They can override it at the survey level and also see an option to reset to the privacy notice set at the account level.
What should be in a privacy notice?
Data subjects have the right to be provided with information on the identity of the controller, the reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of personal data. Such information must be provided in a concise, transparent, intelligible, using clear and plain language.
Article 13 of the GDPR is particularly helpful in understanding what information should be included in the privacy notice of a survey. Recitals: 60, 61, 62 can help with interpreting.
We suggest using a header for each of the points covered in article 13:
- Contact details
- Purposes and legal basis of the processing
- Categories of data being processed
- Recipients of the personal data
- Data retention
- Rights of the respondent (See Art. 13.2 and Recital 63 GDPR)
- Access, rectification, erasure, portability, revocation, complaint
- Existence of automated decision-making, including profiling
These are just suggestions and a starting off point. This list is not meant to be complete. You should seek independent legal advice for the actual privacy notice you will show to respondents, as only a lawyer can provide you with legal advice specifically tailored to your situation.
Note: You should also seek independent legal advice relating to your obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing in this article is intended to provide you with, or should be used as a substitute for, legal advice.
Leave a Reply