SurveyMonkey

SurveyMonkey and Privacy Rights

SurveyMonkey customers and survey takers may be entitled to exercise rights under privacy laws, and we'll do our best to help customers comply with requests they may get from respondents.

SurveyMonkey offers a Data Processing Agreement (DPA), which includes the most recent EU and UK approved Standard Contractual Clauses/Model Clauses referred to in the EU GDPR and the UK GDPR for all customers.

Our DPA is available in our legal center. If you're a self-serve user of SurveyMonkey or Wufoo, this DPA is automatically incorporated into your Terms of Use. Enterprise customers, please speak to your customer success manager for information on your contractual processing terms with SurveyMonkey.

You may be entitled to exercise the following rights regarding your data:

  • Right of Access: Find out what kind of personal information is held about you and get a copy of this information.
  • Right of Rectification: Ask for your information to be updated or corrected.
  • Right to Data Portability: Receive a copy of the information you've provided under contract so you can provide it to another organization.
  • Right to Restrict Use: Ask for your personal information to stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
  • Right to Object: Object to use of your information where a party is processing it on legitimate interest basis, and object to have your personal information deleted.
  • Right to Erasure (also known as Right to be Forgotten): Request that your personal information be deleted in certain cases.

Account holders can be either individual survey creators or organizations who own a SurveyMonkey account with multiple users. You can view, edit, delete, and download some of your data directly in your account, or you can contact us to exercise your rights.

These articles can help you manage your personal data in SurveyMonkey:

SurveyMonkey account holders within or outside of the EU may be required to respond to requests from people who ask to exercise their rights.

Account holders are responsible for ensuring surveys they send are compliant with necessary privacy laws. Learn more about data collection and privacy best practices.

Survey respondents and panelists are people who answered a survey sent by an account holder. If you’re a respondent or panelist with a request, you should contact the account holder who sends you the survey. The account holder is responsible for editing, deleting, or giving you a copy of your responses.

If you're unable to get in touch with the account holder, contact us with the following:

  • Survey link, email invitation, or web page you used to take the survey
  • Approximate date and time you took the survey
  • Your name and email address
  • Any response you provided that can be used to identify you

Since we don't control the response data you collect, we can't directly handle these types of requests, but we'll help you identify and put you in contact with the account holder.

A site visitor can be anyone who visits a SurveyMonkey webpage. Site visitors can delete personal data that might be stored about them by clearing cookies, opting out of cookies, and unsubscribing from marketing emails, or by requesting the account holder who invited them as a guest delete their comments.

If you've communicated with SurveyMonkey via email or other channels not listed, and you want to exercise your rights, contact us. We may ask you to verify your identity and for info about the communications you received so we can complete your request.

As an account holder, you're required to respond to requests from people who ask to exercise their rights. Since SurveyMonkey is not the controller of response data, we can't directly handle these requests for you, but we'll help you comply with requests you might get from respondents.

These articles can help you manage respondent data requests:

ENTERPRISE FEATURE: Use Response Manager to search across your team to find and delete response data.

If you're unable to fulfill a survey taker's request using the information above, contact us.

If you're unable to exercise your rights using the information above, or you want to exercise your right to be forgotten, contact us. We respond to requests within 30 days. However, it may take longer to complete the request. We'll let you know these details over email.

If you're in the European Union and you're not satisfied with how we managed your request, you can contact your local data protection supervisory authority. If you're in the European Union, you can find your local authority on the ODPC Website. Our European entity is SurveyMonkey Europe Unlimited Company, which operates in Ireland under the remit of the Irish Office of the Data Protection Commissioner.