Surveys are all about collecting data, and that brings privacy law implications. When respondents submit personal data in a survey, they often have a range of rights including the right to information about your data handling. A Privacy Policy is the easiest way to provide this information to survey respondents.
Here's what you need to know and do when it comes to creating and providing a Privacy Policy for your surveys.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
- 1. What is a Privacy Policy?
- 2. Do You Need a Privacy Policy for Surveys?
- 3. How to Write a Privacy Policy for Surveys
- 3.1. What Personal Information You Collect
- 3.2. How You Collect Personal Information
- 3.3. How and Why You Use the Personal Information
- 3.4. How You Share Personal Information
- 3.5. How Long You Keep Personal Information
- 3.6. How You Secure Personal Information
- 3.7. Data Rights and How to Exercise Them
- 3.8. How to Contact You
- 4. How to Display a Privacy Policy for Surveys
- 5. How to Get Agreement to a Privacy Policy for Surveys
- 6. Summary
What is a Privacy Policy?
A Privacy Policy is a legal agreement that explains to readers how and why personal information is collected and used, what rights users have over this, and other important and relevant information about a businesses privacy practices.
Here's an example of a fairly standard table of contents from a Privacy Policy:
Do You Need a Privacy Policy for Surveys?
If your survey collects any personal information, you will need to have a Privacy Policy. This can be as simple as if you collect email addresses of survey respondents, or a last name.
Some laws that require a Privacy Policy when personal information is collected include the GDPR, PIPEDA, and COPPA.
Even if you aren't specifically covered by a privacy law, having a Privacy Policy makes sense for several reasons:
- It means you are ready if you expand your operations and come under a privacy law for the first time. (For example, you start collecting data from respondents in more countries or using a foreign-based data server.)
- It means you are ready if new laws are introduced in your country or state.
- It builds trust with potential survey respondents and may make them more likely to take part in a survey.
- It may be necessary to comply with ethics guidelines, for example when you conduct a survey for a university.
- It may give you more options in using the survey data, for example if you later want to disclose the data to a third party.
- It may be a requirement of technology providers such as services which host online surveys.
- It sets out clear guidelines and expectations for any staff or contractors who work on the survey for you.
How to Write a Privacy Policy for Surveys
Here are the main points that your Privacy Policy for surveys will need to address.
What Personal Information You Collect
Your Privacy Policy must disclose what types of personal information you will be collecting. This gives people an opportunity to review your policy and find this out before engaging and submitting any of their personal information without being informed.
This may seem obvious as respondents know what they have put in a survey, but this section is important for a couple of reasons. Firstly, it reminds people what data counts as personal information and reassures them that you handle it lawfully.
Secondly, it lets you summarize the information in broad categories. You can then use these categories when detailing how you handle the data. For example, you might say that you collect "demographic information" and "health conditions" and then later explain that you disclose the former to third parties but not the latter.
Yonder Consulting uses clear categories and a list format to explain what information it collects, and notes survey data in its own bullet point for clarity:
How You Collect Personal Information
Explain how you collect personal information. Let users know ways you will collect data automatically, and how they will manually submit information, such as via survey responses.
Here's how GWI explains its data collection methods in detail, and with multiple sections to outline various different ways the data is collected when a survey is taken:
How and Why You Use the Personal Information
Explain what you will use the information you collect via your surveys. Be as detailed as possible here, as using personal information for uses not disclosed is a violation of many privacy laws and basic principles as well.
Here's how Nielsen clearly details the ways it uses personal information and survey responses:
How You Share Personal Information
Set out whether you sell, share or disclose survey data with third parties. With most privacy laws, you can use broad categories, for example "we share the full survey results with partner universities" or "we sell anonymized response data about buying habits to market researchers."
Here's Deloitte explains the varying ways it does (and does not) share personal information connected to a survey:
How Long You Keep Personal Information
Say how long you will keep the personal information obtained via the survey before deleting them. If you don't have a specific time period, say how you will decide when to delete them.
University of Oxford gives a clear timeline, as seen here:
How You Secure Personal Information
Give an overview of the way you secure data. Remember that this means protecting it against not only unauthorized access but also unauthorized alteration or deletion. Outline the technical, physical and organizational steps you take.
Survey.com gives a detailed but concise overview of its security measures:
If you use any methods to anonymize, pseudo-anonymize or de-identify data, you should disclose this here. Use a plain language explanation of how the methods work. Explain any steps that mean users of the survey data will not be able to identify the respondent and connect them to their responses.
Prolific includes this information as part of its security section:
Data Rights and How to Exercise Them
Set out the data rights of survey participants under the relevant laws. These often include the right to:
- Ask you to delete their data
- Ask you to correct any errors
- Withdraw consent to use the data
Explain how people can exercise these rights, and how the process works.
Here's how SnapSurveys clearly explains respondents' rights and how to exercise them:
How to Contact You
Give users a method to contact you with any questions they may have, privacy related or not. The more methods given, the better. This can include email addresses, chat features, telephone numbers and a physical address.
Here's how SurveyMonkey gives multiple contact methods:
How to Display a Privacy Policy for Surveys
Make sure survey respondents can see your Privacy Policy at any time by publishing it on your website. Make it easy to find by linking it to your website footer, which appears on every page of your site.
SurveySparrow has a footer link menu to its Privacy Policy, plus dedicated statements for several privacy laws:
How to Get Agreement to a Privacy Policy for Surveys
The best way to get survey takers to agree to your Privacy Policy is to have them check a box next to an "I Agree" or similar statement to show that they are explicitly agreeing to the policy. You can implement this at the beginning of the survey, or when users sign up for an account on your platform.
For example, here's an example of how a business can require users to check a box to show they agree with the Privacy Policy at the time they are creating an account in order to then complete surveys:
Summary
If you collect personal data through surveys, you will often have a legal requirement to publish a Privacy Policy. Even if you aren't, publishing a Privacy Policy brings certainty and confidence to you and the survey respondents.
A Privacy Policy should set out what personal data you collect from survey respondents and how and why you use it. You should also disclose if you share the data, how long you keep it, and how you secure it. Finally, you should also give your contact details and how respondents can exercise their data rights.
Make sure survey respondents can read the Privacy Policy both before and after completing and submitting the survey. Obtain consent to the Privacy Policy before the person takes the survey and shares any personal information with you by having them check a box next to a statement that shows consent is being given.