Dedicated to protecting our customers
Questback has created this Security Statement to demonstrate our dedication to protecting our customers against any dissemination of information. Statement updated 22nd October 2015.
Questback processes personal data only for purposes that are objectively justified by Questback’s services towards its customers. All processing is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Personal Data Directive). Questback processes personal data both as a processor and as a controller, as defined in the Personal Data Directive.
Questback adheres to the Personal Data Directive, and the local adaptions of the Personal Data Directive. Consequently, Questback processes all customer data in the EU/EEA.
All data collected by Questback customers through surveys, panels or communities will be stored exclusively in secure hosting facilities in the EU (Bremen and Frankfurt in Germany). Questback’s data processing agreement with its hosting provider ensures that no processing will take place in conflict with this statement.
All transfer of data internally in the EEA, hereunder transfer of data to the secure hosting facility in Germany, is done according to internal data processing agreement in the Questback group.
No processing of personal data will take place outside the European Economic Area (EEA) unless Questback’s customers specifically authorise such transfer in written agreement. This will typically be the case for Questback’s customers located in the US, who will have access to their separate instance in the hosting facility.
Information collection and use
Collection of data through Questback’s platform covers collection of customer data, and data from respondents to surveys, members of panels and members of communities, as specified below. Any information stored on Questback’s sites is treated as confidential. All information is stored securely and is accessed by authorised personnel only.
For the purposes of this statement, Questback defines the term “customer” as an entity with which Questback has an established relationship, and “respondent” as any individual who responds to surveys made by customer and powered by Questback, or takes part in panels and/or communities made by customer and powered by Questback.
Collection and processing of customer data
During a customer’s registration on Questback’s sites, Questback collects information such as company name, e-mail, address, location, telephone/fax and name of contact person and other relevant personnel. This information is used to identify contact persons within customers’ organisation in Questback’s system, for billing reasons and to be able to contact customers to provide necessary service and information. The information gathered will be used within the Questback group only. Information gathered in the EU/EEA area will not be transferred outside the EU/EEA area. Information gathered by Questback customers in the US will be stored in the EU, and processed by Questback’s employees in the US.
Questback customers can at any time access and edit, update or delete contact details by logging in with username/password on Questback’s site. Questback customers have access to create several users with different privilege levels within their account, depending on their license agreement. It is, however, customer’s responsibility to choose the level of access each user should have and to protect its information by selecting which users within the organisation can access protected folders.
Collection and processing of respondent data
Questback provides feedback management on a Software-As-A-Service (SAAS) platform.
Surveys, panels and communities used for gathering feedback are created by customers, who make them available to the relevant businesses, organisations and individuals. It is the customers’ responsibility to ensure that collection and processing of data is done according to applicable law. For further information about such responsibility, please see Overview of Customer’s Responsibilities as Data Controllers.
Questback will not process personal data for other purposes or by other means than agreed with its customers contractually.
Hidden identity in surveys
When hidden identity is used in surveys, no identifiable information, like browser type and version, Internet IP address, operating system, or e-mail address, will be stored with the answer. This is to protect the respondent’s identity.
When a customer’s subscription to any Questback service is terminated or expired, the account will be deactivated and not accessible. Information collected through the site will be deleted.
Questback implements technical and organisational measures to ensure information security for customers and respondents. Such measures include data storage exclusively in secure hosting facilities in Germany, abiding the ISO 27K framework, and encrypted communication between our servers and any clients accessing our site using Secure Socket Layer (SSL). SSL is a technology widely used by any web-services seeking the protection of information on the internet. To ensure our customers that they truly are accessing Questback services we have adopted the use of industry standards certificates from one of the most trusted Certificate Authorities available on the internet. You can see this by clicking on the privacy icon in your browser. Questback’s customers are in control of any data entered into the platform by them or their respondents, and it is their responsibility to ensure that no data is collected, processed or stored in violation with current and relevant regulations.
Changes to this statement
Questback may occasionally change this information; such changes will be notified by changing the last updated section in this document and may also be shown as a welcome message when login on our site for a limited period of time. We encourage our customers to regularly check for any updates to this statement.
Want to learn more?
For further information please see Overview of Customer’s Responsibilities as Data Controllers.