Surveys are useful business tools that can help you design products and services around your customers' preferences. However, surveys also collect personal information which means you must inform customers of your privacy practices and take precautions to protect data. In short, if you use surveys, you'll need a Privacy Policy.
This article will help explain why your survey platform needs a Privacy Policy, and help you create your own.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
-
At Step 1, select the Website option or App option or both.
-
Answer some questions about your website or app.
-
Answer some questions about your business.
-
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
- 1. Why You Need a Privacy Policy
- 1.1. Privacy Laws
- 1.2. Survey Hosting Platforms
- 2. Drafting a Privacy Policy for Your Surveys
- 2.1. Identify Who is Conducting the Survey
- 2.2. What Personal Information Your Survey/Website Collects, and How
- 2.3. How Collected Information is Used
- 2.4. Use of Cookies
- 2.5. How You Keep Data Safe and Secure
- 2.6. How You Share Information
- 3. Summary
Why You Need a Privacy Policy
There are two reasons you should have a Privacy Policy. First, it's required by law in most jurisdictions. Secondly, if you use a survey hosting platform, chances are the platform will recommend or even require that you have one.
Privacy Laws
Canada, Australia, the UK, the European Union and an array of countries around the world have passed privacy laws requiring protection of online data and a Privacy Policy. The Privacy Policy must disclose, at minimum, which information you collect, what you use it for, and who you share it with.
In the United States, there is no federal law. However, many states have passed their own laws with other states looking to following suit. For example, California has a number of privacy laws that require a Privacy Policy, such as the CCPA and CalOPPA.
All surveys have the potential to collect personal information. You need to collect names and login information so you can verify that surveys are completed by people and not bots. Also, surveys frequently request demographic information that may help determine sales trends.
The laws have subtle differences, but they share many common elements.
One is how they define personal information.
Email addresses, GPS locations, screen names, mailing addresses or general location (even if it is just a city name) are considered protected personal information under privacy laws.
Note that if you delve into sensitive personal information, like sexual orientation, religion, ethnicity or political affiliations, your responsibilities for keeping that information safe increase.
Survey Hosting Platforms
Third party services that allow you to distribute apps or send mass emails generally require Privacy Policies. Survey hosting platforms may either require this, or recommend it.
SurveyMonkey is a popular survey hosting site based in the UK. It has a Data Collection and Privacy Best Practices page that recommends you have a Privacy Policy. It also offers guidance on what users should include in those agreements.
SurveyMonkey starts by explaining why disclosing privacy practices is important and how it should be done. It then includes a list of what privacy statements often include:
These suggestions align closely with current privacy laws. Even basic Privacy Policies should include this information.
SurveyMonkey offers other guidance and suggestions about good privacy protections. These elements are often integrated into Privacy by Design plans that many corporations have already adopted to increase information security.
SurveyMonkey suggests that you only collect what personal information is necessary and only keep it for as long as necessary:
Another recommendation by SurveyMonkey is to include a consent statement. This assures your privacy terms are accepted and survey respondents understand that they are sharing personal data with you:
Here's how a survey from Google presents its Terms and Privacy Policy agreements at the beginning of a survey, as well as gets consent to the agreements:
As users move through the survey questions, they're reminded not to include any personal information. This helps protect user privacy and can help with the "notice" aspect of compliance with privacy laws:
Now that you see why a Privacy Policy is required, let's get more into how you can go about creating one for your website or mobile app.
Drafting a Privacy Policy for Your Surveys
The following examples show how to integrate information about surveys into a general Privacy Policy.
Identify Who is Conducting the Survey
Companies that routinely manage surveys will introduce themselves early in the Privacy Policy.
Snap Surveys, which offers survey production software, identifies its clients as the data controllers early in its Privacy Policy. It also notes that it works with other companies to help them create surveys, and that the information collected by the other companies may be housed on Snap Surveys' servers. It maintains that it is the data controller of all personal information other than survey data:
This is a good way of making it clear what companies have access to the personal information collected by a survey.
And that leads us to the next point your Privacy Policy for a survey should cover.
What Personal Information Your Survey/Website Collects, and How
Your Privacy Policy needs to disclose that you collect personal information. You can use one clause to break down all the different types of information you collect, and the different ways that you do so.
Here's how SurveyMonkey does this, and mentions its surveys specifically:
Apple notes that it may collect information during a number of interactions, including when participating in an online survey:
Snap Surveys describes information it may hold via surveys its clients put out. It notes that the company running the survey remains the controller of the data, and that Snap Surveys will only process the data in accordance to the agreements between itself and the third party running the survey:
Even if all your information collection is voluntary from your users and you get consent from the respondent first, you still need to cover this information in your Privacy Policy.
It makes your intentions clear and prevents misunderstanding.
How Collected Information is Used
Just as with any other collection of personal data, you must describe how you use information you collect from surveys.
SurveyMonkey's Privacy Policy breaks this down into a few sections, including one for creator data, which means the data of the company who created the survey, and the other for respondent data - the people taking the survey.
The respondent data section includes a lot of details on how everything from cookies to contact information is used. A section specific to how survey data is used can be seen here:
If you host surveys for others, consider using this approach from Snap Surveys. Chances are, your data handling will be different for your client's information than for respondents. Making this clear maintains your compliance with relevant privacy laws.
If you hire a third party to manage your surveys, you will need to mention them in a separate paragraph on service providers or among the third parties who see your data.
Use of Cookies
Survey sites may use cookies the same way as other sites. These tools can make managing surveys easier, but you will need to keep clients and users informed of their presence.
Surveys may have cookies if the client requests them or if tracking needs to continue after the survey.
Snap Surveys explains that it uses cookies to distinguish users and for website performance, and gives information on disabling cookies. A separate page with more detailed cookie information is also linked in this clause:
SurveyMonkey's Cookies clause is very detailed and includes paragraphs for each different purpose cookies work to serve, such as to gather metrics, to personalize content and for security reasons:
How You Keep Data Safe and Secure
Data is often stored longer with surveys because it can take time to process. If you are a third-party provider, you may have to keep it safe for clients for awhile. This means you need to reassure users that their data will be secure, and be clear about your storage and security measures.
Snap Surveys offers a detailed description of its security measures, including encryption, secured servers and following industry best practices:
Share as much information about your security measures as you are comfortable with doing. Not only is this reassuring to your users, but it shows you've taken reasonable steps to prevent a security breach.
How You Share Information
The difference between surveys and general web services is that surveys exist for the sole reason of collecting and sharing information. You also need to describe reasons for sharing that do not fall within the surveys. These include mergers and acquisitions involving your company, responding to legal procedures, enforcing other online agreement, and business dissolution or bankruptcy.
Here's how Apple lets users know how personal information may be disclosed for a variety of purposes:
Summary
Surveys are an important part of marketing, business analytics and getting to know your customer and user base in beneficial ways.
However, survey data is often personal or sensitive.
For that reason, you need to have a Privacy Policy that includes surveys. This will keep your surveys in legal compliance and maintain transparency between you and your customers.
Make sure to disclose what personal information you are collecting, how it's collected, what you do with it, such as sharing it and securing it, as well as other specifics that may be required by privacy laws in your jurisdiction.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.
