QuestionPro’s commitment to GDPR compliance

As of 25-May 2018, the new EU General Data Protection Regulation (GDPR) law replaced the existing Data Protection Directive 95/46/EC. When technology-led information systems and digital businesses are creeping into every aspect of human life, adopting the GDPR marked a major milestone in EU’s data protection laws. 

Since the beginning, securing your data is one of our prime concerns and will remain so. Right from the incorporation, QuesitonPro has been providing best-in-class security and will continue to do so. Whether it is HIPPA or GDPR, we will always have you covered. 

We have a dedicated GDPR page to showcase how we comply with the GDPR rules and regulations. The page also contains a list of names and contacts of EU GDPR authorities by the nation. 

Here are some links to know more about committing to GDPR compliance

Our commitment to GDPR compliance

QuestionPro’s efforts to become GDPR compliant began months before the GDPR act came into existence. We started early because we value our customers and we value survey respondents and their right to privacy. Since we are storing all the data on physical servers in EU, the GDPR Compliance along with the national and international data protection & privacy laws has been our topmost priority.

Our journey to become GDPR compliant 

  • First, we conducted thorough research on how our product and the organizations using it will be impacted by the GDPR. 
  • As per the guidelines, we started by appointing a Data Protection Officer. 
  • Penning down every detail after studying the GDPR and other data protection laws we reformed and restructured our data privacy policy and data protection agreement. 
  • Brainstormed ideas and strategies to address the specific areas in our product that we supposed will be hugely impacted by the GDPR. 
  • We carried out necessary updates and improvements to our product to ensure GDPR compatibility.
  • Implemented necessary changes in our process and procedures to achieve complete compliance with the GDPR rules and regulations. 

What QuestionPro users need to know? 

There are few things every QuestionPro user needs to know depending on their jurisdiction and situation. Here are a few impactful changes that according to us might affect you

  • Standard Processor Agreement – We usually have a standard processor agreement for all our customers listing our obligations as a data processor. We do realize that QuestionPro might also need to sign data processor agreements owned by individual enterprises. However, we sign such agreements only for customers having Enterprise Licenses. For all other customers, we have a standard DPA and for whatsoever reason, we will not modify or negotiate the language in the agreement.
  • Terms of Service – All our users need to update their Terms of Service or Privacy Policy to properly communicate the purpose behind using QuestionPro surveys for data collection. Although we have clearly mentioned this in our Privacy Policy, not doing so might lead to hefty fines from the GDPR. We want our users to come up with policies and content clearly communicating the purpose of data collection, for how long it will be stored, and how it will be used.
  • Data Processing Agreement – All the users situated in the European Union region might be interested to sign a typical data processing agreement with us, we will be more than happy to do so. We have already updated our data processing agreement for our users situated outside the EU but conducting surveys to collect data from the EU residents.
  • GDPR compliant contracts  – Carrying forward our commitment to become GDPR compliant, we have had DPA agreements with both – the data center providers and cloud infrastructure providers ensuring all our contracts are GDPR compliant.
NOTE: Information collected through online surveys solely belong to the concerned researchers or organizations, not under any circumstances do QuestionPro reuse, sell, or share the respondent data.
NOTE: QuestionPro’s DP officer in rare circumstances can represent your organization, only if you have our enterprise customers with Edge Support Agreement or an Edge Service Contract.

If you have any questions regarding our GDPR compliance commitment you can get in touch with our customer support team.