Privacy Policy

In this section:

About Privacy Settings
What is Personal Data? What Do You Need to Know about Personal Data Processing?
Separate Storage of Personal Data
Anonymization of Personal Data
How to Mark Personal Data?

About Privacy Settings

Since May 25, 2018, the so-called General Data Protection Regulation (GDPR) has been effective throughout Europe. GDPR regulates various aspects related to personal data processing by companies and government agencies. Its main goal is, on the one hand, to ensure the protection of personal data in the European Union, and, on the other hand, to enable free transition of personal data in the unified European market.

Surveys are not the same as they may require different types of data for different purposes. In most cases, QUESTIONSTAR, as a service provider, bears no relation to the data you collect as part of your surveys and the methods you use to process this data. This means that your company will be solely responsible for making sure that all your surveys are completed in compliance with GDPR. But the tools and settings offered by QUESTIONSTAR can help you meet the GDPR requirements.

You can use the Privacy tab in the Survey Settings to define how the personal data collected for your survey will be processed, especially after export:

Note: To protect your respondents’ privacy and data confidentiality, you won’t be able to undo the settings in this tab once they have been applied. And unlike other sections of the QUESTIONSTAR interface, this one requires that you explicitly confirm your choice by clicking the Apply Privacy Settings button.

What is Personal Data? What Do You Need to Know about Personal Data Processing?

According to European legislation and the German Federal Data Protection Act (BDSG), personal data is all information that relates to a given individual or may allow to establish their identity. Personal data includes a person’s name, address, email, and so on.

When Is It Allowed to Collect Personal Data?

Pursuant to the Data Protection Act, the collection and processing of personal data is strictly prohibited in all cases,
except those explicitly permitted by the law. Data processing may be permitted for labor documents or health and safety records.
Data processing required for the signing and performance of an agreement.

Special interests of a data controller deemed to supersede the interests of the data subject (protection of their personal data). These interests can be of economic nature. For example, the commercial interests of a trader who uses emails to send out ads to their current customers are deemed more important than their customer’s privacy.
Situations when the data subject provides a consent for the processing of their personal data.

Therefore, you are not allowed to collect personal data in your survey unless this is expressly permitted by law, or you need it to fulfill your contractual obligations, or you have a reasonable special interest to gather such data.

Consent for Processing and Storage of Personal Data

In all other cases, you will need to obtain explicit consent of your data subjects before you can store or process their data. According to Article 4, Clause 11 of DSGVO, this consent must meet certain requirements:
It must be voluntary. You cannot force your respondents to share their data especially if this is not required for achieving your goals. For example, if you want to give a prize as a Thank You gift for taking part in your survey to some of your participants, getting a consent for processing their emails is quite acceptable. However, you cannot use the same email for advertising purposes since this usage is not a pre-requisite for achieving your goals (profits).

The data subject must have complete information before giving their consent. Your data subject must be duly informed as to why they should provide his data and how it will be used.

The consent should be explicit and unmistakable. This means that the data subject must be fully aware that they are giving their consent, for example, they may be requested to check a relevant box or select the I agree option. Tacit consent, when the data subject’s consent is assumed and they need to uncheck a box to deselect this option, is not allowed.

Consent should be granted for one or more specific purposes. You cannot ask your respondents to provide a general consent without mentioning the specific goals of data processing.

Separate Storage of Personal Data

This may be not expressly required by law, but privacy officers and expert consultants highly recommend making sure that personal data is kept separate from other responses provided by your data subjects. You can meet this requirement by checking the Save Private Data Separately option.

In this case, your respondents’ responses will be saved in two files instead of one when you try to export them. And each of these files needs to be exported separately. The entries in these files are organized differently, so the relationship between the entries and their position in the files cannot be easily traced. However, each entry contains a key (ID) which can be used to link and combine the entries in both files.

Note: To ensure the confidentiality of your data, this parameter cannot be disabled later. And unlike other sections of the QUESTIONSTAR interface, this one requires that you explicitly confirm your choice by clicking the Apply Privacy Settings button.

To enable this option:

Check the box next to Save Private Data Separately.

2. Click Apply Privacy Settings (1). You will see a dialog box informing you that you won’t be able to disable this parameter.

Check Apply Permanently in this dialog box (2).
Click Apply once again (3).

Note: Data separation implies that data collected for different purposes must be processed separately. As a rule, your survey collects data for a specific (research) purpose.

On QUESTIONSTAR, the data from different surveys can only be assessed or exported separately. So, the data separation requirement shall be met automatically.

Anonymization of Personal Data

In the case of separate personal data storage, all responses will be divided between two files. Each entry contains a key (ID) that can be used to link the entries in both files. This means that you can later combine personal data with other responses provided by data subjects.

When the Anonymize IDs setting is enabled, the key (ID) will not be included in the exported files. Since the entries in both files are organized differently (randomly), the subject’s personal data can no longer be linked or combined with their other responses.

Note: If you have enabled the Anonymize IDs option, for the sake of anonymity, reports and analytical data will not be displayed until at least 10 respondents have completed the survey. Before this happens, the system will show a message saying that it doesn’t have enough data for analysis.

Note: To ensure data confidentiality, this parameter cannot be disabled later. And unlike other sections of the QUESTIONSTAR interface, this one requires that you explicitly confirm your choice by clicking the Apply Privacy Settings button.

To enable the Anonymize IDs option:

Check the box Save Private Data Separately, if you haven’t done so already.
Check the Anonymize IDs box.

Click Apply Privacy Settings. You will see a dialog box informing you that you won’t be able to disable this parameter.

Check Apply Permanently in this dialog box.

Click Apply once again.

Storing Your Data in Germany

According to Europe laws, the personal data of Europe citizens must be stored within the borders of Europe. QUESTIONSTAR possesses the capacities to store personal data on the territory of Europe.

Use Only German Servers parameter:

This parameter is turned on by default and cannot be disabled.

How to Mark Personal Data?

The platform cannot determine whether or not a question in your survey has something to do with personal data, unless this is an email address.

This is why you must make sure to properly identify personal data to meet the requirements to personal data protection described in this article.

To mark a private question:

Go to Edit Survey, select a question, and click the gear icon, if necessary (in the upper right corner of the question box), to open the right properties pane.

Set the Private Question switch to On. This question will be marked as private. You can easily find such questions in the questionnaire − look for a fingerprint icon in the Survey Editor:

Note: Please note that this option can only be turned on or off before the first launch of your survey. After launching your survey, you can no longer disable the Private Question setting. However, you can still mark additional questions as private.

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid	30 minutes	Stripe sets this cookie cookie to process payments.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ym_visorc	30 minutes	Yandex sets this cookie to allow the site's Session Replay to function correctly.
ymex	1 year	Yandex sets this cookie to collect information about the user behaviour on the website. This information is used for website analysis and for website optimisation.
yuidss	1 year	Yandex stores this cookie in the user's browser in order to recognize the visitor.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_120478415_3	1 minute	Set by Google to distinguish users.
_gat_UA-120478415-10	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_ym_d	1 year	Yandex sets this cookie to store the date of the users first site session.
_ym_isad	20 hours	Yandex sets this cookie to determine if a visitor has ad blockers.
_ym_uid	1 year	Yandex sets this cookie to identify site users.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
yabs-sid	session	Yandex sets this cookie to store the session ID.
yandexuid	1 year	Yandex sets this cookie to identify site users.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
i	10 years	This cookie is set by OpenX to record anonymized user data, such as IP address, geographical location, websites visited, ads clicked by the user etc., for relevant advertising.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
m	2 years	No description available.
metrika_enabled	session	No description available.

HELP

FAQ

Q&A

In this section:

About Privacy Settings

What is Personal Data? What Do You Need to Know about Personal Data Processing?

When Is It Allowed to Collect Personal Data?

Consent for Processing and Storage of Personal Data

Storing Your Data in Germany

Use Only German Servers parameter:

How to Mark Personal Data?

What are your Feelings

In this section:

About Privacy Settings

What is Personal Data? What Do You Need to Know about Personal Data Processing?

When Is It Allowed to Collect Personal Data?

Consent for Processing and Storage of Personal Data

Storing Your Data in Germany

Use Only German Servers parameter:

How to Mark Personal Data?

What are your Feelings

Share This Article :

How can we help?

Cookies, CCPA & GDPR