Privacy and Security
Effective: 1st of April, 2021
1. VISITORS, USERS AND PARTICIPANTS
2. PERSONAL DATA
- Visitors: In contrast to many “modern” organisations, Sprockler as an organisation is not interested in the identity and personal details of our Visitors. Therefore, we do not store email addresses from our Visitors.
- Participants: We do not store email addresses from the Participants who are invited to engage in an inquiry. Sometimes it happens that the Users will need these email addresses to invite Participants for an inquiry but even then, we will not store the email addresses. Instead, we only store a so-called hash from which email addresses cannot be retrieved. The hash enables us to know that a certain set of responses comes from one Participant. We don't know who this person is, and we cannot retrieve their email address.
- Breaking anonymity: There are legitimate situations where anonymity is not desirable. The User may include questions that ask Participants to share personal details like an email address. Only the Participants themselves can decide to offer these details. We consider this to be the most transparent way of breaking anonymity.
3. GENERAL/PERSONAL INFORMATION OF USERS
- Required info: To register for the use of the web applications, Users must provide a full name, an organization name and email address (only). To purchase service, we also require legitimate payment/invoicing information.
- Required info:Any Visitor can sign up for an account. As a Visitor, you will then have to register with your name and your email address to become an authorized User. This personal data will be stored in a secure way.
- Use of the account:When a User did not login to their account for a period of 3 months, the User of this account will get an email with the question if they want to continue the account. If this email remains unanswered for a period of another month, the account and all the corresponding data will be deleted. This means that not reacting to this reminder email means the account, the personal data and all inquiries conducted will be deleted after this period of 4 months.
- Contacting you:Sprockler may use your registration information to contact you to:
- Deliver the Service of the web applications.
- Improve our Site, Service, features and content.
- Provide customer service and personalise your experience.
- Administer and enable your use, enjoyment and navigation of our Service.
- Improve our understanding of your needs and interests.
- Fulfil requests you make via email@example.com
- Sharing personal data: We do not sell or share your personal details with third parties.
4. ACCESS TO INQUIRIES AND RESPONSES
- Participants rights: If you are an authorised User, you can administer and control your own inquiries. Sprockler only functions as a Service provider. The Participants can access the inquiry in data-collection mode only. According to article 15 of the GDPR, Participants have the following rights with respect to the information they provided to the User via the inquiry:
- The Right to rectification;
- The Right to erasure (the ‘right to be forgotten’);
- The Right to restrict processing;
- The Right to object.
- Rights of colleagues: Typically, the person who registered for the account will be the only person who can access the inquiries and the responses. Your organization may want to share your account to allow colleagues to support you in the inquiry. This is technologically possible. However: the GDPR requires that you undertake the necessary steps, which are (1) informing the Participants and (2) signing a Data Processing Agreement with these colleagues. Sprockler has a standard Data Processing Agreement available for this purpose. It is possible to grant your colleagues limited rights only. The person who created the account from an organization will be granted administration rights in all cases. They can create other accounts and set their rights.
- Technical support: As a User you own the inquiry data. We do not use your data, unless you request us to do so for technical support. In case you need technical support, you will grant access to the administrator of Sprockler to access your data. The administrator of Sprockler signed a nondisclosure agreement to this purpose.
- Maximum retention period: We will remove personal data or data of inquiries from our servers upon your request. The Users themselves are responsible for the implementation of our GPDR regulations with respect to the maximum retention period of personal data. The GDPR states that personal data may only be kept for the period necessary for the purposes for which the data was processed. Note: research reports as such (for instance created in the Visualizer application) may be retained for a much longer period (up to 10 years). However, personal data such as email addresses of participants or any information that can be traced to a specific person, may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed, in other words for the research period only. An exception can be applied to longitudinal research under the condition that personal data will be anonymised (no longer traceable at all).
5. DATA SECURITY
- TLS: Data security is very important to us. To that end, communications with our servers make use of Transport Layer Security (TLS version 1.2) including the communications between the iOS and Android apps and the server (uploading of responses of Participants). TLS is a cryptographic protocol that provides secure communication between the server and the computer of a Visitor, User or Participant. It's more or less the successor of SSL protocol (which is used by the majority of banks).
- Encryption on mobile: The Collector app also encrypts data that are temporarily stored on mobile devices. These data are removed from the device after the server confirms their receipt.
- Secure server: Sprockler outsources hosting and technical maintenance of our site and the three web applications to TransIP, which is a renowned hosting provider.
6. LINKS TO OTHER SITES OR SERVICES