Ndatara GDPR Compliance
Last updated: December 1 2019
The GDPR expands the privacy rights of EU individuals and places new obligations on all organisations that market, track, or handle EU personal data. SurveyEngine has decided to adopt these regulations uniformly and globally.
Below is a summary on how GDPR will impact you and your data.
What are we doing?
An audit of GDPR compliance has been made yielding changes to a number of internal processes, policies communications, such as this one, with all individuals and companies Ndatara is conducting business with. Specifically we have:
- Updated our privacy and cookies policy and harmonised these with our terms of service
- Initiated training sessions for all staff on GDPR compliance
- Required all EEA supplier contracts to be GDPR compliant
- Established GDPR compliant respondent data collection policies as the default, for example 18 years or older, no cookies and anonymised data collection
- Broadened the GDPR requirement of ‘Special Category Data’ to include any PII (personally identifiable information) for all countries.
- What does this mean for you and your data?
- Within the the provisions of contractual and legitimate interests, your data won’t be shared outside the company without consent. Your data may be held within the company for a minimum of 5 years and you will have rights to access to this information, update it, delete it, restrict processing or object to its use by Ndatara.
If you are a Supplier…
We will hold your data insofar as is necessary to fulfil mutual contractual obligations. If you are also a data processor, such as a panel, recruiter or market research company, you will be required to demonstrate to Ndatara current and ongoing GDPR compliance.
If you are a Customer or Subscriber…
As with suppliers, we will hold your data we need in order to fulfil our contractual obligations with you.
If you are a Colleague, Partner, Former Client or Business contact…
If you are not currently involved contractually with Ndatara but have been in contact with Ndatara or its team as part of a normal business inquiry, Ndatara continue to collect and retain your contact information, record conversation notes and communication for internal business operations.
If you are a Respondent…
Non-PII (Personally Identifiable Information) gathering methods continue to be the favoured way of collecting response data. This will be ensured through the use of anonymous respondent keys and anonymous IP hashes. In addition, any panel or recruiter acting as data processor for Ndatara will be required to be compliant with the provisions of GDPR.
Where PII collection methods are a requirement, specific informed consent will be sought from respondents as the legal basis for processing data as well as their subject access rights as per the GDPR.
Contacting our Data Protection Officer
for more information on the role of our data protection officer click here.