Last updated: March 18th, 2022.
We appreciate your interest in our website. The protection of the information you entrust to SelfSurvey is a priority for us, and we want you to feel safe and secure when you use our service. We would therefore like to inform you at this point which personally identifiable data and information we collect when you use our service and for what purposes it is used.
Prof. Dr. Till Winkler
University of Hagen
Faculty of Business Administration and Economics
Chair of Information Management
SelfSurvey is a platform where user can fill out academic surveys on topics of their interest and, in return, receive meaningful feedback based on their answers and an underlying research model. This analysis typically includes an individualized benchmark compared to answers from other respondents who have previously filled out that survey. The main goal of SelfSurvey is, therefore, to provide individualized benchmarks to its users thus make insights from academic research directly tangible and usable to their participants.
As the benchmarks provided by SelfSurvey are based on previously collected historical data, the underlying concept of SelfSurvey is the one of reciprocity: Participants share their survey data allowing that it can be used to derive individualized benchmarks for others – and in return they receive their own individualized benchmark.
Users can access and return to the results of their surveys at any time through the overview page of SelfSurvey. Furthermore, users can also edit their answers at any time and get an updated benchmark immediately. On the evaluation page, the (summarized) result can be shared via social media (Facebook, Twitter, LinkedIn), if the user wants to show their results to others.
Another important feature of SelfSurvey is the invitation functionality. Users can invite other respondents via email to fill out a survey, provided they have the consent of the invited respondent. This functionality can be useful for users who are experts in the domain of a survey (e.g., analysts) and wish to help others (e.g., managers) make sense out of their survey results. If the invited respondent accepts the invitation and fills out the survey, the answers and results will be shared with the inviting user. The answers and results can be seen, but not altered by the inviting user. Furthermore, if the invited user deletes the survey, it will also be deleted for the inviting user.
We distinguish three different types of personally identifiable data that SelfSurvey collects for different purposes:
(i) user data, which is voluntarily provided by the user to authenticate and manage their account; We process these data according to Art 6 Par 1 Lit a GDPR.
(ii) survey data, which are voluntarily provided by the user when filling specific surveys; We process these data according to Art 6 Par 1 Lit a GDPR.
(iii) automatically collected data, which are generated when using the service. We process this data based on our legitimate interest according to Art 6 para 1 lit f GDPR to optimize our services and prevent misuse.
To provide account functionalities such that a user can log-in to their account and see their filled-out surveys, invite others etc., SelfSurvey needs to collect and store basic user data. This user data currently includes an email address, name, company, and password. The user data is collected in the registration process and can be changed later if needed through the user account page. The email address needs to point to a working email account that is only accessible to the user. Users are allowed to enter pseudo information (e.g., fake names) for fields other than their email address. We process this data based on your consent according to Art 6 para 1 lit a GDPR. You can revoke your consent at any time with effect for the future. This does not change the lawfulness of the data processing that has taken place until then. If you withdraw your consent, we will delete your data immediately. To do so, please send us an e-mail to firstname.lastname@example.org.
SelfSurvey collects and stores survey data when users fill out a survey. Storing the survey data is necessary to calculate the individualized benchmarks and comparisons that SelfSurvey provides. Survey data can include all sorts of data depending on the specific survey, for example, answers on rating scales, number fields, and text entries. SelfSurvey stores the survey data separated from the user data and links survey data to the user data in a pseudo-anonymized manner. This means that the survey data as such does not allow any conclusions to be drawn about the user data.
Since SelfSurvey is a platform to support to research and engaged scholarship, the survey data can, and is intended to be used in an anonymized form for academic purposes by the researchers stated as authors of the specific survey. Use of survey data through third parties other than the authors of a survey is generally excluded. Further details regarding the survey data can be found in the privacy statements of each specific survey, which are referenced on the start page of each survey.
In addition to the data provided by the user, SelfSurvey may collect some data automatically while using the service. This is necessary to ensure correct functioning of the service, enable a smooth user experience, and improve the service. For example, cookies are stored to enable that a user can stay logged-in for a certain time and usage time of certain functionalities could be stored for improving our service. We process this data in our legitimate interest according to Art 6 para 1 lit f GDPR. As far as it concerns data that we store directly on your terminal equipment or read from there, we refer to §25 TTDSG.
In particular, the following types of automatically collected data may be stored by SelfSurvey:
- Device information: SelfSurvey may store data about the user’s device (e.g., operating system and browser version). This may be done to improve our service. For example, this data could make it easier to identify device specific appearance issues.
- Server logs: SelfSurvey may automatically collect server logs. This may be done to improve the usability of our service by knowing about the traffic (e.g., which features are visited most) and about possible errors (e.g., error information are stored to track errors).
User data is only used internally for the correct functioning of the service and not shared or sold to any third parties. It is only used to provide the account functionalities (e.g., log-in), customized user interface and communication between SelfSurvey and the user. We may also use your user data (e.g., email) to identify you when you report specific problems or bugs.
Survey data is used in two ways. First, it serves as the base for the overall benchmark functionality to provide benchmarks to other users. In this manner, the survey data is pseudo-anonymized and only linked to the user data to allocate the filled-out survey to its user. This link only exists as long as the user keeps his account on SelfSurvey (cf. Section “How long is the data be stored on SelfSurvey?” ). Second, the survey data may be used by the respective researchers stated as authors of the survey for academic the purpose of academic research (e.g., academic publications).
Automatically collected data is primarily used to ensure the correct functioning and improve our service. For instance, if usage data shows that a certain feature is not much used, our developer team may concentrate on improving specifically this feature.
Users can change their user data in the profile page of SelfSurvey, such as their name and password. If they wish to, they can also delete their user data completely. If a user would like to delete their user data or permanently delete their account, they can do so by emailing us at email@example.com .
User data is only stored as long as the account of the user exists and will be permanently and irreversible deleted afterwards. This does not apply to data that we have to store for a longer period due to legal retention obligations. In these cases, the data will be deleted after the retention periods have expired.
Survey data of a user will be saved even after a user deletes their account, but remain not personally identifiable, i.e. anonymized. The (anonymized) link between the user data and the survey data will be permanently removed when the account of a user is deleted. The survey data hence only serves as an anonymized source for benchmarking and research purpose after an account is deleted.
Automatically Collected data is stored for different durations. Cookies and Local Storage are stored in the browser can be deleted by the user (although this may affect the user experience). Server logs do not link to any personal information after the deletion of an account. The data is deleted within 7 days, unless it is needed for a longer period of time to clarify incidents in connection with the use of our services. In this case, the data will be deleted after the incident has been clarified.
SelfSurvey does currently not provide any regular communication, newsletters, or alike. We reserve the possibility, however, to contact our users for major updates. For instance, this might be the case when new surveys are available, new functionalities are added to the platform, or updates of the Privacy Statement are made.
In case SelfSurvey should provide a regular newsletter feature in the future, the possibility to opt-out from this communication will be guaranteed for all users, for example, through disabling the newsletter on the user’s account page.
We do not knowingly collect any personal information from children under the age of 18. If you are under the age of 18, please do not submit any personal information through the Website and Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Statement by instructing their children never to provide personal information through the Website and Services without their permission. If you have reason to believe that a child under the age of 18 has provided personal information to us through the Website and Services, please contact us.
You may exercise certain rights regarding your information processed by us. The rights specified here are in accordance with data protection regulations, in particular with the General Data Protection Regulation (GDPR), applicable for residents of the European Economic Area (EEA). In certain circumstances, you have the following data protection rights:
Any requests to exercise your rights can be directed to us through the contact details provided in this document (e-mail: firstname.lastname@example.org ). Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with personal information unless we first verify your identity or authority to make such a request and confirm that the personal information relates to you.
In principle, we do not disclose personal data to third parties without your explicit consent. We may pass on anonymized survey data to third parties for research and statistical purposes without requiring your consent. We oblige the recipients of the data neither to de-anonymize the data nor to use it for purposes other than scientific research.
All data is stored exclusively in the European Economic Area. Data will not be forwarded to third countries.
The website may contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Website and Services and to read the privacy statements of each and every resource that may collect personal information.
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of personal information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your personal information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.
In the event we become aware that the security of the website has been compromised or users personal information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the website or send an email to the users that have been affected.
We may occasionally update this privacy statement and its terms in our discretion to keep up with the feature development of the website. – You can see when the last update was made by looking at the “Last Updated” date at the top of this page. However, we will not, without your consent, use your personal information in a manner materially different than what was stated at the time your personal information was collected. We encourage you to review this privacy statement from time to time, to stay informed about our collection, use, and disclosure of personal information through the service.
In addition, if we ever should make any material changes to the way in which we treat personal information of our users, we will provide prominent notice by posting a notice on the service and/or send you an email to notify you. Any updated version of this statement will be effective immediately upon the posting of the revised statement unless otherwise specified. Your continued use of the website and services after the effective date of the revised statement (or such other act specified at that time) will constitute your consent to those changes.
If you have any questions after you have read this privacy statement, you may contact us at:
Prof. Dr. Till Winkler
University of Hagen
Faculty of Business Administration and Economics
Chair of Information Management