m

SurveyMonkey and Privacy Rights

SurveyMonkey is complying with applicable privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our features help you to be compliant.

SurveyMonkey customers and survey takers may be entitled to exercise rights under privacy laws, and we'll do our best to help customers comply with requests they may get from respondents.

If you're in the EU, you can enter into a Data Processing Agreement (DPA) with SurveyMonkey. If you're in California, you can fill out this form to get a copy of our CCPA addendum.

Jump to...

 

Rights Under Privacy Laws

You may be entitled to exercise the following rights regarding your data:

  • Right of Access: Find out what kind of personal information is held about you and get a copy of this information.
  • Right of Rectification: Ask for your information to be updated or corrected.
  • Right to Data Portability: Receive a copy of the information you've provided under contract so you can provide it to another organization.
  • Right to Restrict Use: Ask for your personal information to stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
  • Right to Object: Object to use of your information where a party is processing it on legitimate interest basis, and object to have your personal information deleted.
  • Right to Erasure (also known as Right to be Forgotten): Request that your personal information be deleted in certain cases.

 

Account Holders

Account holders can be either individual survey creators or organizations who own a SurveyMonkey account with multiple users. You can view, edit, delete, and download some of your data directly in your account, or you can contact us to exercise your rights.

These articles can help you manage your personal data in SurveyMonkey:

Deleting your account may not remove all your personal data from SurveyMonkey. If you want to exercise your right to be forgotten, contact us so we can help.

SurveyMonkey account holders within or outside of the EU may be required to respond to requests from people who ask to exercise their rights.

Account holders are responsible for ensuring surveys they send are compliant with privacy laws, as necessary. We suggest using features to make responses anonymous to avoid collecting personal data and informing survey takers about how you plan to use survey data by adding a consent statement. We encourage you to seek your own legal advice to comply with privacy laws and regulations.

 

Respondents & Panelists

Survey respondents and panelists are people who answered a survey sent by an account holder. If you’re a respondent or panelist with a request, you should contact the account holder who send you the survey. The account holder is responsible for editing, deleting, or giving you a copy of your responses.

If you're unable to get in touch with the account holder, contact us with the following:

  • Survey link, email invitation, or web page you used to take the survey
  • Approximate date and time you took the survey
  • Your name and email address
  • Any response you provided that can be used to identify you

Since SurveyMonkey doesn't control the response data you collect, we can't directly handle these types of requests, but we'll help you identify and put you in contact with the account holder.

 

Site Visitors

A site visitor can be anyone who visits a SurveyMonkey webpage. Site visitors can delete personal data that might be stored about them by clearing cookies, opting out of cookies, and unsubscribing from marketing emails.

Other Communications

If you've communicated with SurveyMonkey via email or other channels not listed, and you want to exercise your rights, contact us. We may ask you to verify your identity and for info about the communications you received so we can complete your request.

 

Handling Data Requests

How account holders can comply with survey taker data requests

As an account holder, you're required to respond to requests from people who ask to exercise their rights. Since SurveyMonkey is not the controller of response data, we can't directly handle these requests for you, but we'll help you comply with requests you might get from respondents.

These articles can help you manage respondent data requests:

If you're unable to fulfill a survey taker's request using the information above, contact us.

How SurveyMonkey complies with data requests

If you're unable to exercise your rights using the information above, or you want to exercise your right to be forgotten, contact us. We respond to requests within 30 days. However, it may take longer to complete the request. We'll let you know these details over email.

If you're in the European Union and you're not satisfied with how we managed your request, you can contact your local data protection supervisory authority. If you're in the European Union, you can find your local authority on the ODPC Website. Our European entity is SurveyMonkey Europe UC, which operates in Ireland under the remit of the Irish Office of the Data Protection Commissioner.

SurveyMonkey is complying with applicable privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our features help you to be compliant.

Get answers