Assign topic to the user
Anonymized data are not ruled by the EU GDPR so you should insert the notice in which you claim that the survey is anonymized and any personal data will be collected. To insert this notice you must be sure that the system does not link the email of your client to the answer, nor the IP address is tracked and the data collected through the survey do not make identifiable the individual.
Otherwise, you need to collect consent and make a specific privacy notice. You cannot say that your personal data shall be processed under our privacy policy unless your privacy policy states how you process data collected through a survey.
The best practice is to draft a tailored privacy notice for the survey, where you define:
- The purpose of processing (why you are collecting the information to provide a service? For marketing purposes? To develop a new product?)
- The legal basis (which will be based on consent)
- The data retention period (how long will you keep data? Consider that the controller must process data until the purpose of processing is reached. Online marketing is considered 12/24 months to be a fine period, but maybe data get old too soon and you don’t need to keep the results from the survey for so long
- What kind of data you will collect: health? Income? Property? Location? Age?
- If any data transfer outside the EU applies
- The rights for the data subjects
Here you can find more information about consent and privacy notice:
- Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
- Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
- If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
Hi. Thank you for the reply. One last question. Am I allowed to use the emails of our clients that we regularly communicate for this purpose (NPS forms) without a formal consent from the recipient? Or do we have to ask them wheter they consent being sent an NPS survey via these emails? Thanks
If the purpose of processing is the same as that the email was given, you can use the emails. You need to evaluate if your clients can reasonably think that he/she is going to receive those surveys. If the answer is not, you will need consent, otherwise, you can send the NPS survey.
Comment as guest or Sign in
Mar 29, 2021