GDPR (iperceptions/Astute VoC)
Last Updated: April 12th, 2018.
WHAT IS GDPR?
GDPR (General Data Protection Regulation) is a new set of rules designed to give European citizens more control over what organizations can do with their data.
Under the terms of GDPR, organizations have to ensure that personal data is gathered legally and under strict conditions and protect it from misuse and exploitation.
IPERCEPTIONS’ COMMITMENT TO GDPR
Protecting your data has always been one of our top priorities, and that isn’t going to change. iperceptions will be fully compliant to GDPR regulations when they come into effect on May 25th 2018.
Everyone deserves to feel safe when online. As customer experience experts, iperceptions understands the importance of trust between businesses and their online visitors. Whether you are an end-user, visitor to our website, or a survey participant, we will take all measures to ensure your data is safe with us.
HOW IS IPERCEPTIONS GDPR COMPLIANT?
iperceptions is fully committed to being GDPR compliant when it comes into effect as of May 25th 2018.
1. Processing of PII
It is important to note that iperceptions does not by default collect, store, handle or otherwise process Personally Identifiable Information (PII) provided by respondents of iperceptions surveys or Comment Cards.
However, there are certain ways PII could be processed by iperceptions as part of its services:
PII is not collected in standard iperceptions surveys. However, the IP address of respondents may be collected and as per the current interpretation of the GDRP, IP addresses would be considered to be covered data.
Collection of respondents’ IP addresses can be disabled by changing a setting in the “Project Info” page for the survey on the iperceptions Platform.
End-users may also configure the survey to include specific questions for which the answer may include PII (for example a survey could include questions which ask respondents to provide an account number or an e-mail address).
These types of scenarios require explicit survey programming by the end-user, or by iperceptions on behalf of the client, in the iperceptions Platform. As such, the end-user retains complete control and responsibility over any collection of PII resulting from its survey programming and should provide iperceptions with specific processing requirements.
INADVERTENT PII COLLECTION:
Certain question types can be programmed for a survey in the iperceptions Platform to include text fields within which respondents can type their answer (for example, these question types include “Open-Ended Text” and “Request Form Fields”). iperceptions Comment Cards may also be configured to have questions which include text fields.
These question types make it possible for respondents to potentially provide PII, such as e-mail addresses and account numbers;
The collection of PII can be eliminated by avoiding the use of open-text questions, whenever possible.
Moreover, special logic can be implemented to sanitize certain patterns in the open-ended feedback, such as credit card numbers, flight numbers, etc. Please reach out to your iperceptions representative to learn more about implementing this logic for your project.
IPERCEPTIONS PLATFORM END USERS:
iperceptions Platform end-users are required to provide their name, company name, and e-mail address when first creating their iperceptions user account, with the e-mail address then being used as the username for their user account.
Internet Protocol (IP) address information is also collected for each end-user session on the iperceptions Platform.
iperceptions will collect, store and process this PII in compliance with the GDPR requirements.
2. Data Retention
Part of the GDPR requirements include applying appropriate, secure, and timely deletion policies.
As a policy, iperceptions retains data collected for a period of three years after which time the data is securely deleted. However, our customers are better placed to determine the adequate retention period for their data and iperceptions is always available to discuss implementing a customer-specific retention policy that would better reflect the compliance requirements of the customer. Please communicate with your iperceptions representative to discuss any specific retention requirements.
3. Data Access, Correction and Deletion
In our role as data processor as defined by GDPR, we will take appropriate measures to assist our customers in fulfilling access, deletion, and other requests from individuals.
Upon request, iperceptions can find, modify and permanently delete any data relating to an individual provided the data collected includes data that is identifiable.
iperceptions will collaborate with its customers to respond to any data access request that may be received from data subjects without undue delay.
CONTACT US REGARDING GDPR
For any questions regarding iperceptions’ commitment to the GDPR, or to remove or modify your data, please email us at firstname.lastname@example.org. We’ll get back to you shortly.