A. NOTICE & CHOICE
1. Affirmative Statement of Participation in the EU-US Privacy Shield Framework
SurveyConnect’s participation in the Privacy Shield applies to all personal information that is subject to the SurveyConnect Privacy Statement and is received from the European Union and European Economic Area. SurveyConnect will comply with the Privacy Shield Principles in respect of such personal information.
SurveyConnect is subject to the investigatory and enforcement powers of the Federal Trade Commission.
SurveyConnect’s adherence to the Privacy Shield Principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
To learn more about the Privacy Shield program, and to view SurveyConnect’s Privacy Shield certification, please visit https://www.privacyshield.gov/.
SurveyConnect’s participation in the Privacy Shield applies to its collection, use, and sharing of commercial data (data that SurveyConnect collects on behalf of its clients or their partners) and internal data (data that SurveyConnect collects for SurveyConnect internal purposes e.g. human resources).
4. SurveyConnect’s Data Collection Processes
SurveyConnect Commercial Data Processing
SurveyConnect provides 360 assessment and survey applications and services to the Human Resource, Talent Management, and OD markets. Our team offers complete support for every phase of 360 survey design, implementation, and analysis.
SurveyConnect End User Data & Privacy Policies
Both SurveyConnect and our clients are responsible for end user privacy. SurveyConnect receives end user data from clients in order to facilitate effective 360-Degree and survey solutions (e.g., name, email address, location). No financial information is ever received from our clients.
SurveyConnect requires that its clients provide the necessary notices and obtain informed consents from their end users.
Limiting Use and Disclosure of Personal Data
Personal data will not be used or disclosed by SurveyConnect for purposes other than those for which it was collected. Data collected may be used or disclosed by SurveyConnect with the consent of the individual, or as required or permitted by law.
If an individual has submitted data to SurveyConnect and wishes to have the information destroyed, the individual may contact SurveyConnect requesting its destruction. SurveyConnect will make reasonable efforts to securely remove the data from its systems.
SurveyConnect Employee & Internal Data & Privacy Policies
B. ACCOUNTABILITY FOR ONWARD TRANSFERS
To effectively process data on behalf of a client to serve the client’s needs, SurveyConnect may need to share that data with certain third parties or sub-processors. In such instances, SurveyConnect will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles. With regard to the Principle of Accountability for Onward Transfer, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
SurveyConnect may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements.
SurveyConnect uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.
SurveyConnect is a SaaS company that operates within segregated private datacenters. Data collected by SurveyConnect is co-located in secure locations operated by ViaWest.
D. DATA INTEGRITY & PURPOSE LIMITATION
It is the SurveyConnect client, not SurveyConnect, that determines the “purposes and means” of data processing, include data retention and termination. Under EU law, SurveyConnect is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).
You have the right to access your personal information, and to correct, amend or delete such information where it is inaccurate or processed unlawfully, as described in the Privacy Shield Principles. To exercise these rights, please email us at: firstname.lastname@example.org.
F. RECOURSE & ENFORCEMENT
SurveyConnect has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus, to resolve such complaints at no charge to you. If you do not receive timely acknowledgment of your complaint from SurveyConnect, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address any residual complaints not resolved by other means.
To learn more about the Privacy Shield program, please visit www.privacyshield.gov. To view our certification, please visit www.privacyshield.gov/list.
Human Resources Data Complaints: If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by SurveyConnect, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Survey Connect agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.