Surveys are useful business tools that can help you design products and services around your customers' preferences. However, surveys also collect personal information which means you must inform customers of your privacy practices and take precautions to protect data. In short, if you use surveys, you'll need a Privacy Policy.

This article will help explain why your survey platform needs a Privacy Policy, and help you create your own.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



Why You Need a Privacy Policy

There are two reasons you should have a Privacy Policy. First, it's required by law in most jurisdictions. Secondly, if you use a survey hosting platform, chances are the platform will recommend or even require that you have one.

Privacy Laws

Privacy Laws

Canada, Australia, the UK, the European Union and an array of countries around the world have passed privacy laws requiring protection of online data and a Privacy Policy. The Privacy Policy must disclose, at minimum, which information you collect, what you use it for, and who you share it with.

In the United States, there is no federal law. However, many states have passed their own laws with other states looking to following suit. For example, California has a number of privacy laws that require a Privacy Policy, such as the CCPA and CalOPPA.

All surveys have the potential to collect personal information. You need to collect names and login information so you can verify that surveys are completed by people and not bots. Also, surveys frequently request demographic information that may help determine sales trends.

The laws have subtle differences, but they share many common elements.

One is how they define personal information.

Email addresses, GPS locations, screen names, mailing addresses or general location (even if it is just a city name) are considered protected personal information under privacy laws.

Note that if you delve into sensitive personal information, like sexual orientation, religion, ethnicity or political affiliations, your responsibilities for keeping that information safe increase.

Survey Hosting Platforms

Survey Hosting Platforms

Third party services that allow you to distribute apps or send mass emails generally require Privacy Policies. Survey hosting platforms may either require this, or recommend it.

SurveyMonkey is a popular survey hosting site based in the UK. It has a Data Collection and Privacy Best Practices page that recommends you have a Privacy Policy. It also offers guidance on what users should include in those agreements.

SurveyMonkey starts by explaining why disclosing privacy practices is important and how it should be done. It then includes a list of what privacy statements often include:

SurveyMonkey Data Collection and Privacy Best Practices page: Tell People How You Handle Data section

These suggestions align closely with current privacy laws. Even basic Privacy Policies should include this information.

SurveyMonkey offers other guidance and suggestions about good privacy protections. These elements are often integrated into Privacy by Design plans that many corporations have already adopted to increase information security.

SurveyMonkey suggests that you only collect what personal information is necessary and only keep it for as long as necessary:

SurveyMonkey Data Collection and Privacy Best Practices page: Limit Collecting and Storing Personal Information section

Another recommendation by SurveyMonkey is to include a consent statement. This assures your privacy terms are accepted and survey respondents understand that they are sharing personal data with you:

SurveyMonkey Adding a Consent Statement or Privacy Notice page

Now that you see why a Privacy Policy is required, let's get more into how you can go about creating one for your website or mobile app.

Drafting a Privacy Policy for Your Surveys

Drafting a Privacy Policy for Your Surveys

The following examples show how to integrate information about surveys into a general Privacy Policy.

Identify Who is Conducting the Survey

Companies that routinely manage surveys will introduce themselves early in the Privacy Policy.

Snap Surveys, which offers survey production software, identifies its clients as the data controllers early in its Privacy Policy. It also notes that it works with other companies to help them create surveys, and that the information collected by the other companies may be housed on Snap Surveys' servers. It maintains that it is the data controller of all personal information other than survey data:

Snap Surveys Privacy Policy: Intro section - Data Controllers highlighted

This is a good way of making it clear what companies have access to the personal information collected by a survey.

And that leads us to the next point your Privacy Policy for a survey should cover.

What Personal Information Your Survey/Website Collects, and How

Your Privacy Policy needs to disclose that you collect personal information. You can use one clause to break down all the different types of information you collect, and the different ways that you do so.

Here's how SurveyMonkey does this, and mentions its surveys specifically:

SurveyMonkey Privacy Policy: Information Collect clause excerpt

Apple notes that it may collect information during a number of interactions, including when participating in an online survey:

Apple Privacy Policy: Personal Data Apple Collects From You clause with survey highlighted

Snap Surveys describes information it may hold via surveys its clients put out. It notes that the company running the survey remains the controller of the data, and that Snap Surveys will only process the data in accordance to the agreements between itself and the third party running the survey:

Snap Surveys Privacy Policy: Survey Data clause

Even if all your information collection is voluntary from your users and you get consent from the respondent first, you still need to cover this information in your Privacy Policy.

It makes your intentions clear and prevents misunderstanding.

How Collected Information is Used

Just as with any other collection of personal data, you must describe how you use information you collect from surveys.

SurveyMonkey's Privacy Policy breaks this down into a few sections, including one for creator data, which means the data of the company who created the survey, and the other for respondent data - the people taking the survey.

The respondent data section includes a lot of details on how everything from cookies to contact information is used. A section specific to how survey data is used can be seen here:

SurveyMonkey Privacy Policy: How We Use Information - Respondent Survey Data clause

If you host surveys for others, consider using this approach from Snap Surveys. Chances are, your data handling will be different for your client's information than for respondents. Making this clear maintains your compliance with relevant privacy laws.

If you hire a third party to manage your surveys, you will need to mention them in a separate paragraph on service providers or among the third parties who see your data.

Use of Cookies

Survey sites may use cookies the same way as other sites. These tools can make managing surveys easier, but you will need to keep clients and users informed of their presence.

Surveys may have cookies if the client requests them or if tracking needs to continue after the survey.

Snap Surveys explains that it uses cookies to distinguish users and for website performance, and gives information on disabling cookies. A separate page with more detailed cookie information is also linked in this clause:

Snap Surveys Privacy Policy: Cookies clause

SurveyMonkey's Cookies clause is very detailed and includes paragraphs for each different purpose cookies work to serve, such as to gather metrics, to personalize content and for security reasons:

SurveyMonkey Privacy Policy: Cookies clause

How You Keep Data Safe and Secure

Data is often stored longer with surveys because it can take time to process. If you are a third-party provider, you may have to keep it safe for clients for awhile. This means you need to reassure users that their data will be secure, and be clear about your storage and security measures.

Snap Surveys offers a detailed description of its security measures, including encryption, secured servers and following industry best practices:

Snap Surveys Privacy Policy: Security clause

Share as much information about your security measures as you are comfortable with doing. Not only is this reassuring to your users, but it shows you've taken reasonable steps to prevent a security breach.

How You Share Information

The difference between surveys and general web services is that surveys exist for the sole reason of collecting and sharing information. You also need to describe reasons for sharing that do not fall within the surveys. These include mergers and acquisitions involving your company, responding to legal procedures, enforcing other online agreement, and business dissolution or bankruptcy.

Here's how Apple lets users know how personal information may be disclosed for a variety of purposes:

Apple Privacy Policy: Sharing Personal Data clause

Summary

Surveys are an important part of marketing, business analytics and getting to know your customer and user base in beneficial ways.

However, survey data is often personal or sensitive.

For that reason, you need to have a Privacy Policy that includes surveys. This will keep your surveys in legal compliance and maintain transparency between you and your customers.

Make sure to disclose what personal information you are collecting, how it's collected, what you do with it, such as sharing it and securing it, as well as other specifics that may be required by privacy laws in your jurisdiction.