m

SurveyMonkey and GDPR Compliance

The General Data Protection Regulation (GDPR) takes effect on May 25, 2018. This regulation standardizes data privacy laws across the European Union (EU). You're entitled to exercise GDPR rights if you're an EU citizen, and we'll do our best to help customers comply with requests you might get from your respondents.

To learn more about how we manage EU customer data, or enter into a data processing agreement, please review SurveyMonkey Data Transfers and EU Laws.

Jump to...

 

GDPR Overview

Rights

Under GDPR, EU data subjects are entitled to exercise the following rights:

  • Right of Access: Find out what kind of personal information is held about you and get a copy of this information.
  • Right of Rectification: Ask for your information to be updated or corrected.
  • Right to Data Portability: Receive a copy of the information you've provided under contract so you can provide it to another organization.
  • Right to Restrict Use: Ask for your personal information to stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
  • Right to Object: Object to use of your information where a party is processing it on legitimate interest basis, and object to have your personal information deleted.
  • Right to Erasure: Request that your personal information be deleted in certain cases.

Roles

Data controllers determine how personal data is processed, data processors process personal data on behalf of a data controller, and data subjects are persons whose personal data is collected or used.

Data controllers within or outside of the EU are required to respond to requests from EU data subjects who ask to exercise their GDPR rights.

  • Account holders are data controllers of the response data they collect, while SurveyMonkey is the data processor of this data.
  • SurveyMonkey is a data controller of very limited data about respondents—we may use things like cookie data and IP address for specific purposes as described in our Privacy Policy.
  • For data subjects like account holders and site visitors, SurveyMonkey is the data controller of personal data like name, email address, and digital identifiers like a cookie ID or IP address, among other things. We describe in detail the data we collect, how we use it, and how long we retain it in our Privacy Policy.

 

Account Holders

Account holders can be either individual survey creators or organizations who own a SurveyMonkey account with multiple users. You can view, edit, delete, and download a lot of data directly, or you can contact us for additional info.

These articles can help you manage your personal data:

SurveyMonkey account holders within or outside of the EU are required to respond to GDPR requests from EU data subjects who ask to exercise their rights.

 

Respondents & Panelists

Survey respondents and panelists are people that answered a survey sent by an account holder. You should contact the account holder who is responsible for editing, deleting, or giving you a copy of your responses.

If you’re unable to get in touch with the account holder, please contact us with the following:

  • Survey link, email invitation, or web page you used to take the survey
  • Approximate date and time you took the survey
  • Your name and email address
  • Any response you provided that can be used to identify you

Since SurveyMonkey is not the data controller of response data, we can't directly handle these types of GDPR requests, but we'll do our best to identify and put you in contact with the account holder.

 

Site Visitors

A site visitor can be anyone that visits a SurveyMonkey webpage. Site visitors can delete personal data we might have stored about them at anytime by clearing cookies, opting out of cookies, and unsubscribing from marketing emails.

 

GDPR Requests

How account holders can comply with GDPR requests

As an account holder, you're required to respond to requests from EU data subjects who ask to exercise their GDPR rights. Since SurveyMonkey is not the data controller of response data, we can't directly handle these requests for you, but we'll do our best to help you comply with requests you might get from your respondents.

These articles can help you manage respondent data requests:

If you’re unable to fulfill a respondent's request using the information above, please contact us.

How SurveyMonkey complies with GDPR requests

If you’re unable to exercise your GDPR rights as an EU citizen using the information above, please contact us. We respond to requests within 30 days. However, it may take longer to complete the request. We’ll be sure to let you know these details over email.

If you're dissatisfied with how we managed your request, you can contact your local data protection supervisory authority from the ODPC Website. Our European entity is SurveyMonkey Europe UC, which operates in Ireland under the remit of the Irish Office of the Data Protection Commissioner.

The General Data Protection Regulation (GDPR) takes effect on May 25, 2018. You're entitled to exercise GDPR rights if you're an EU citizen, and we'll do our best to help customers comply with requests you might get from your respondents.

Get answers