Privacy Policy for Survey Back Office

Effective Date: 01-July-2024 | Last Updated: 01-July-2025

1. Introduction

Welcome to Survey Back Office ("we," "us," or "our"). We provide a software-as-a-service (SaaS) platform (the "Service") to our customers ("Clients"), who are typically market research companies. This Privacy Policy explains how we collect, use, process, and disclose information, including personal data, in the context of providing our Service.

This policy covers two types of data subjects: our Clients who use our Service, and our Clients' end-users, the survey respondents ("Respondents").

2. Our Role Under Data Protection Law

It is crucial to understand the distinct roles we play under data protection laws like the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

This Privacy Policy applies to the data for which we are a Data Controller (i.e., information about our Clients) and also explains our data processing practices on behalf of our Clients.

3. Information We Collect and Process

3.1. Information We Collect from Our Clients (as a Data Controller)

3.2. Information We Process on Behalf of Our Clients (as a Data Processor)

Our Clients determine what information they collect from Respondents. We process the following categories of data as instructed by our Clients:

4. How We Use Information

4.1. Use of Client Information

4.2. Use of Respondent Information

We only use Respondent information as directed by our Client, the Data Controller. Our use is strictly limited to:

We will never use Respondent data for our own marketing purposes or sell it to third parties.

5. Lawful Basis for Processing

For Client Information, our lawful basis for processing is the performance of our contract (our Terms and Conditions) with our Client. For Respondent Information, our Client, as the Data Controller, is responsible for establishing a lawful basis for processing, which is typically the explicit consent of the Respondent.

6. Data Sharing and Disclosure

We do not sell personal data. We may share information with third parties under the following circumstances:

7. Data Security

We implement reasonable technical and administrative security measures to protect the information we process from loss, misuse, and unauthorized access or disclosure. These measures include data encryption, access controls, and regular security assessments. However, no security system is impenetrable, and we cannot guarantee the absolute security of data.

8. Data Retention

We retain Client Information for as long as the Client's account is active or as needed to provide the Service and comply with our legal obligations. We retain Respondent Information according to the instructions of our Client. Clients may have the ability to set their own data retention policies within the Service.

9. Your Data Protection Rights

Depending on your location (such as the EU or California), you may have certain rights regarding your personal data.

For Clients: You may access, update, or request deletion of your account information by contacting us directly. You have rights including access, rectification, erasure, restriction of processing, and data portability concerning your personal data.

For Respondents: Since we are a Data Processor, you must direct any requests to exercise your data protection rights to the Data Controller, which is the company that sent you the survey. They are responsible for handling your request. If you contact us directly, we will forward your request to the relevant Client.

Your rights may include:

10. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. For transfers of data from the European Economic Area (EEA), we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure the lawful transfer of data.

11. Client's Legal Binded Agreement

12. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child has provided us with personal data without parental consent, we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We may notify you of any changes by posting the new policy on this page. We encourage you to review this policy periodically.

14. Jurdiction

Subject To Surat Jurdiction Only.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@surveybackoffice.com