m

How to Exercise GDPR Rights

The General Data Protection Regulation (GDPR) takes effect on May 25, 2018. This regulation standardizes data privacy laws across the European Union (EU), and EU citizens are entitled to exercise their GDPR rights.

SurveyMonkey account holders within or outside of the EU are required to respond to requests from EU data subjects who ask to exercise their GDPR rights.

Jump to...

 

GDPR Overview

Rights

Under GDPR, EU data subjects are entitled to exercise the following rights:

  • Right of Access: Find out what kind of personal information is held about you and get a copy of this information.
  • Right of Rectification: Ask for your information to be updated or corrected.
  • Right to Data Portability: Receive a copy of the information which you have provided under contract so that you can provide that information to another organization.
  • Right to Restrict Use: Ask for your personal information to stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
  • Right to Object: Objecting to use of your information (where a party is processing it on legitimate interest basis) and to have your personal information deleted.
  • Right to Erasure: In certain circumstances, you may also have your personal information deleted.

Roles

Data controllers determine how personal data is processed, data processors process personal data on behalf of a data controller, and data subjects are persons whose personal data is collected or used.

Data controllers within or outside of the EU are required to respond to requests from EU data subjects who ask to exercise their GDPR rights.

  • Account holders are data controllers of the response data they collect, while SurveyMonkey is the data processor of this data.
  • SurveyMonkey is a data controller of very limited data about respondents—we may use things like cookie data and IP address for specific purposes as described in our Privacy Policy.
  • For data subjects like account holders and site visitors, SurveyMonkey is the data controller of personal data like name, email address, and digital identifiers like a cookie ID or IP address, among other things. We describe in detail the data we collect and how we use it in our Privacy Policy.

 

Account Holders

Managing Your Personal Data

Account holders can be either individual survey creators or organizations who own a SurveyMonkey account with multiple users. SurveyMonkey account holders can view, edit, delete, and download a lot of personal data directly.

These articles can help you manage your personal data:

Managing Response Data

Account holders are required to respond to requests from EU data subjects who ask to exercise their GDPR rights. As a data processor, SurveyMonkey is not responsible for handling these requests on behalf of account holders.

These articles can help you manage response data:

 

Respondents & Panelists

Survey respondents and panelists are people that answered a survey sent by an account holder. You should contact the account holder who is responsible for editing, deleting, or giving you a copy of your responses.

If you’re unable to get in touch with the account holder, please try to track down the following information before contacting us:

  • Survey link, email invitation, or web page you used to take the survey
  • Approximate date and time you took the survey
  • Your name and email address
  • Any response you provided that can be used to identify you

Since SurveyMonkey is not the data controller of response data, we can't directly handle these requests, but we'll do our best to identify and put you in contact with the account holder.

 

Site Visitors

A site visitor can be anyone that visits a SurveyMonkey webpage. Site visitors can delete personal data we might have stored about them at anytime by clearing cookies, opting out of cookies, and unsubscribing from marketing emails.

 

GDPR Requests

If you’re unable to exercise your GDPR rights as an EU citizen using the information above, please contact us.

We respond to requests within 30 days. However, it may take longer to complete the request. We’ll be sure to let you know these details over email. We use any information you give us in your request only to fulfill the request and delete it within 12 months.

If you're dissatisfied with how we managed your request, you can contact your local data protection supervisory authority from the ODPC Website. Our European entity is SurveyMonkey Europe UC, which operates in Ireland under the remit of the Irish Office of the Data Protection Commissioner.

The General Data Protection Regulation (GDPR) takes effect on May 25, 2018. You're entitled to exercise GDPR rights if you're an EU citizen.

Get answers