Privacy Policy

This privacy policy describes how Srvey Group OÜ processes personal data in connection with PollPlaz, including the PollPlaz website, online panel, surveys, survey invitations, panel communication, technical support, points, rewards, gift cards, project delivery and related digital services.

1. General Information

The controller of personal data is Srvey Group OÜ, registry code 16894583, registered address Tihase tn 17a/5, Kristiine linnaosa, 13426 Tallinn, Harju maakond, Estonia.

This privacy policy explains what personal data we process, why we process it, who we may disclose it to and how long we keep it.

This policy applies to PollPlaz as an invitation-based online research panel. It covers panel membership, online surveys, survey invitations, sample management, quality control, technical operation, reward administration and communication with panel members.

2. Personal Data We Process

2.1 Data Collected Through Websites And Contact Channels

We may process name, email address, organization, message content and other information you provide when you contact us.

We may also process technical data such as IP address, browser type, device information, cookie information, logs and security-related data created by anti-abuse or bot-protection systems.

2.2 Data Related To PollPlaz Panel And Survey Participation

For panel account management, we may process contact data such as email address and, where needed, phone number.

For age checks, sample modelling and survey matching, we may process date of birth, age or age group.

For sample modelling and survey relevance, we may process approximate location data such as country, region, city, municipality, settlement or district. This may be used to understand urban or rural status and to build representative samples.

We may process survey answers, background data, profile data, project-specific data, points, reward status, gift card redemption data and participation history.

2.3 Special Categories And Sensitive Topics

Depending on the purpose of a survey, we may process information about social attitudes or other sensitive topics. Surveys may ask about health, political views, ethnic background, public issues or other areas that require extra care.

We collect such information only to the extent needed for the survey purpose. As a rule, we separate identifying data from survey answers during analysis.

Participation in surveys is voluntary. A panel member can choose not to answer a survey or not to answer a specific question.

2.4 Address Data

We do not normally ask panel members for an exact home address during ordinary online surveys.

In exceptional cases, we may process exact address data if this follows from the survey method, reward fulfilment, fraud prevention or a lawful sample source. For example, this may be needed for postal invitations, face-to-face fieldwork or specific project logistics.

3. How We Collect Data

We collect data directly from you when you join the panel, fill in forms, answer surveys, redeem points or communicate with us.

We collect data automatically through websites, cookies, logs, security systems and survey systems.

We may receive data from clients or partners when they provide a lawful sample, project material or survey status information.

We may also receive data from processors and technical service providers involved in operating PollPlaz.

3.1 How We Reach Respondents

To reach survey participants, we may use different contact sources and recruitment methods. These are not fixed or identical for every survey. They depend on the survey purpose, target group, method, client brief, legal basis, contact channel and the need to create an appropriate and justified sample.

Contact data or source data leading to a contact attempt may come from client-provided sources, public sources, previously publicly available sources, lawfully used registers or datasets, or sources that allow possible contacts to be formed, checked, enriched or validated.

In some cases, a possible contact is not taken from one ready-made list. It may be formed through statistical, combinational, model-based, random or synthetic generation, including at phone or email contact level.

When these methods are used, part of the processing may be automated. This means we may use algorithms, software tools, search methods, technical filters, statistical methods and artificial intelligence or large language model technologies to form, identify, assess, check, clean, enrich or validate contacts. The exact method depends on the nature of the survey and what is appropriate for the sample or contact attempt.

This means that contacts do not always come from one central permanent database or one single register. Different surveys may use different contact bases, contact creation methods, contact validation logic and channels.

3.2 Contact Attempts, Refusals And Suppression Lists

Contact data may be used to make a contact attempt, build a sample, choose a survey channel, check contact information and make sure the survey process is methodologically and operationally manageable.

Using contact data for a contact attempt or sample process does not by itself mean that a person has joined the panel or that their data remains in active permanent use.

If a person refuses to participate in a specific survey, we generally treat this as a refusal for that survey and do not contact them again for the same survey.

Depending on the sample, survey type and contact source, the same person may later appear in the sample of another survey and be contacted in a different context.

If a person asks not to be contacted again, we may keep a suppression record or no-contact record in a separate suppression list. The purpose of this record is not further marketing or survey use, but the opposite: to respect the person's request and avoid using the same contact for future invitations.

We may keep suppression and permanent refusal records long-term or indefinitely for the purpose of respecting the person's clear request not to be contacted again.

4. Why We Use Data

We use personal data to operate websites, answer requests and manage communication.

We use data to create and manage panel accounts, send survey invitations by email or phone, match members with surveys and show relevant survey information.

We use data to prepare surveys, build samples, carry out surveys, check quality and prevent duplicate answers, automated spam, fraud, abuse or other misuse.

We use survey answers to analyse results and prepare anonymized, pseudonymized, aggregated or otherwise prepared research outputs.

We use data to manage points, rewards, gift cards, accounting and other legal obligations.

We use data to keep services secure, reliable and technically supported.

We may use data to develop services, automate work, process text input and improve workflows, including through AI services where appropriate.

5. Legal Bases For Processing

Depending on the situation, we process data based on consent, performance of a contract, legitimate interest or a legal obligation.

For surveys, the legal basis may depend on the specific survey, client, survey purpose and categories of data.

If a specific survey or data transfer requires clear separate consent, we ask for it in the relevant process.

6. Who We Disclose Data To

We use processors and technical partners to provide PollPlaz services. These may support hosting, communication channels, storage, security, analytics, panel technology, survey systems, reward fulfilment, workflow tools and other technical operations.

A broader list of processors and service provider families is available on the processors and service providers page.

6.1 Client-Provided Contact Data And Source Data

If a client provides contact data, sample data or other source data for a survey, the client is responsible for the original use and transfer of that data to us.

In such cases, we generally process that data as a processor on behalf of the client and in good faith, based on the assumption that the client has the necessary legal basis for using the data and instructing us to process it.

We use client-provided or client-mediated data only to carry out the agreed survey, contact attempt, sample process, fieldwork or related work stage to the extent needed for that project.

We generally do not have an independent practical ability or obligation to review the lawfulness of every client data source in substance after the fact. We rely on the client's role and confirmations in that respect.

6.2 Results Provided To Clients

As a general rule, clients receive aggregated, statistical, anonymized or otherwise prepared results whose normal use does not require direct identification of a respondent.

Identifiable respondent data is not provided to a client without the respondent's clear, specific consent for that transfer or another valid legal basis.

6.3 Technical Service Providers

We use technical service providers and processors that help with hosting, communication, data storage, security, analytics, workflows and technical delivery.

These providers may process personal data only as needed to provide their services to us and according to agreed instructions.

6.4 Authorities And Legal Requirements

We may disclose data to competent authorities or otherwise where this is needed to comply with law, protect rights or resolve disputes.

7. International Data Processing

Data is processed mainly in the European Economic Area.

Some service providers may process data outside the European Economic Area or use group or contractual resources outside the European Economic Area.

In such cases, we rely on the provider's GDPR compliance commitments and appropriate safeguards, such as contractual safeguards, technical safeguards, access restrictions and other suitable organizational measures.

8. Data Retention

8.1 Contact Requests

Requests sent through contact channels are forwarded to our email or support systems. We keep them as long as they are operationally needed or until they are deleted as part of normal mailbox or support system management.

8.2 Panel Accounts And Rewards

We generally keep core panel account data until the member leaves the panel.

Data related to accounting, gift cards, payments, points, rewards or other financial operations is kept for the period required by law.

8.3 Identifying Survey Data

Personal data needed to carry out a survey, manage a sample or check quality is generally kept during the survey and shortly after it.

Depending on the survey, client requirements or audit needs, we may keep such data for up to 3 years after the end of the survey.

8.4 Anonymized Survey Data

When survey questionnaire data has been anonymized during post-processing, retention of that anonymized data is not tied to a fixed personal-data retention period.

8.5 Pseudonymization, Background Information And Analysis

Survey data is generally processed in pseudonymized form. This means that answers, sample data and contact data are not normally kept in one single analysis dataset, but are managed in separate systems, applications or databases according to the needs of fieldwork, quality control, sample management and analysis.

At the start of analysis or during post-processing, we may enrich survey data with background information from the sample dataset, client-provided source data or other lawfully used sources. This is done so the dataset is analytically meaningful, methodologically usable and sufficient to answer the research question.

This does not mean that the analysis dataset is turned into an identified dataset or that answers are analysed together with direct identifiers.

For quality control, auditing, fieldwork checks or ensuring the reliability of a survey, it may be possible in limited cases to connect answers and the sample dataset in a controlled way. This possibility is limited, purpose-based and temporary, and is used only to the extent needed for proper survey delivery or control.

In the analysis and reporting phase, we generally use survey results in anonymized, pseudonymized or identifier-separated form. Results provided to clients are generally aggregated, anonymized or otherwise prepared so that direct identification of a respondent is not possible in normal use.

If identifiable data must be transferred in an exceptional case, this is done only on the basis of clear, specific consent for that transfer or another valid legal basis.

9. Cookies And Similar Technologies

We may use cookies, local storage, tracking pixels and similar technologies for several purposes, including:

• technical operation of the website and session management;
• security, abuse prevention and bot-traffic detection;
• prevention of duplicate answers, survey misuse or repeated questionnaire submissions;
• remembering preferences and improving usability;
• analytics, measurement, understanding usage patterns and service development;
• measuring campaigns, evaluating conversions, advertising or retargeting where applicable;
• enabling embedded services, third-party integrations or content modules.

10. Minors

In some surveys, we may process data about minors.

As a general principle, we treat respondents aged 15 and older as able to decide on survey participation themselves.

For respondents under 15, consent from a legal representative is required, or the survey is ended if such consent is not available.

If a survey is directed at children, we use suitable checks and consent mechanisms according to applicable law.

11. Security And Confidentiality

We use reasonable technical and organizational measures to protect personal data against unauthorized access, destruction, alteration, leakage, accidental loss or misuse.

Measures may include access restrictions, logging, separation of data during analysis phases, service provider selection, security filters, backups and other reliability measures.

Although we take reasonable steps to protect data, no technical environment can be completely risk-free.

12. Contact

If you have questions about personal data processing, please write to privacy@srvey.eu.

Last updated: 15 January 2024