Data Protection
Protecting data on an online survey site is crucial to maintain privacy and comply with legal regulations such as GDPR, CCPA, and others. DataRolls helps you protect your own interests, collect data in a legally compliant manner and protect the privacy of you. Only through the seamless interaction of several components can a high level of data protection be guaranteed:
I. PERSONAL INFORMATION WE COLLECT
• Personal Profile Information. The Join / Sign Up form collects your first and last name, your email address and your chosen password. If you Sign Up via Facebook or any other social media platform, we also collect this information.
• Contact Information. If you opt to receive surveys via text-message or other messaging media we also collect your mobile phone number or relevant contact details.
• Questionnaire Data. The initial profiling questionnaire collects information about your background, education, working status, consumer habits and, optionally, your health. We collect information about any updates you make to your profiling information.
• Opinion Data. During research opportunities we collect information you provide relating to your opinions, attitudes, experiences and use of certain products or services. Occasionally we may collect video, audio or photographic submissions you make during a research opportunity.
• User Experience Data. We collect information about your logins, comments on blogposts, ratings, polls, web pages viewed.
• Rewards Information. Any personal information we may require in order to issue you with a prize or reward or monitor your usage of our credit point scheme.
• Correspondence Data. Any correspondence you send us.
• Social Media Information. Information you provide to us via social media or through your social media feed.
Generally, we collect Personal Information when you provide it to us by visiting the DataRolls site and Features or using our Services. This may include registering for any account with us, filling out surveys, joining a mailing list, or otherwise volunteering or providing information about yourself. We may use your Personal Information and other information we collect about you in order to provide you with our Services, to improve the DataRolls site and Features, to provide advertising, content, surveys, offers, promotions, and rewards, and for other marketing, administrative and general business purposes.
If you don’t provide us with your Personal Information, we will generally be unable to provide you with our Services and you will be unable to use the DataRolls site and services.
II. Data Protection Methods:
1. Data Encryption
Encryption in Transit: Use SSL/TLS protocols to encrypt data transmitted between users and the server, preventing unauthorized access during transfer.
Encryption at Rest: Encrypt stored data (survey responses, user information) using algorithms like AES to protect data from breaches.
2. Access Control
Role-Based Access: Implement a role-based access control (RBAC) system to restrict access to sensitive data based on user roles.
Authentication & Authorization: Require strong user authentication, such as multi-factor authentication (MFA), and ensure that users can only access the data they are authorized to view.
3. Data Anonymization and Pseudonymization
Anonymization: Remove or mask identifiable information from the survey data to ensure the identity of respondents cannot be easily discovered.
Pseudonymization: Replace private data with pseudonyms, making it difficult to trace back to the individual without access to additional information.
4. Data Minimization
Collect only the data necessary for the survey's objectives. This reduces exposure to sensitive or personally identifiable information (PII) and complies with privacy regulations.
5. Secure Data Storage
Store data in secure, compliant environments like databases that enforce strict access controls and logging.
Use cloud providers that comply with industry standards and regulations.
6. Data Retention Policies
Implement and enforce data retention policies that define how long survey data will be stored and when it will be deleted, in compliance with legal and regulatory requirements.
7. User Consent & Transparency
Informed Consent: Ensure users provide explicit consent before collecting their data, clearly stating how their data will be used.
Privacy Policy: Publish a comprehensive privacy policy that outlines what data is collected, how it is used, and how users can exercise their data rights (access, correction, deletion).
8. Regular Security Audits
Conduct regular security audits and penetration tests to identify and address vulnerabilities in your survey platform.
9. Backup and Disaster Recovery
Ensure regular, encrypted backups of data are made to prevent loss in case of a disaster or breach.
Implement disaster recovery strategies to quickly restore operations in case of data loss or breach.
10. Compliance with Legal Regulations
GDPR (General Data Protection Regulation): For surveys targeting users in the EU, ensure compliance with GDPR rules, such as the right to access, rectify, or delete personal data.
CCPA (California Consumer Privacy Act): For surveys targeting users in California, provide transparency about data collection, and ensure users can opt-out of data sales.