Survease privacy policy

Survease OÜ, registry code 12935476, location Varese tn 10a-36, Tallinn, 13424, Estonia (hereinafter "Us") operates the Survease Platform at https://app.survease.io, through which customer survey software is made available to users, which allows to collect customer feedback and thereby make changes in the company.

This Privacy Policy governs, on the one hand, Our activities as the controller of Your personal data and, on the other hand, Our activities as the authorized processor within the meaning of the General Data Protection Regulation 2016/679. The Privacy Policy shall be deemed, insofar as it regulates Our activities as an authorized processor, a data transfer agreement concluded between the user of the Platform and Us within the meaning of Article 28 of the General Data Protection Regulation.

We confirm that we comply with the requirements of the General Data Protection Regulation 2016/679 when processing all data.

The following terms are used in this Privacy Policy with the following meanings:

  • "You" means a legal or natural person who uses Our Platform and has agreed to the terms and conditions of the Platform and the Service provided there.
  • "Data Subject" means an identified or directly or indirectly identifiable natural person whose personal data You transmit or process when using the software on the Platform.
  • "Personal data" means any information about the Data Subject or You that You publish on the Platform.
  • "Processing" means any automated or non-automated act or set of acts performed on Personal Data or sets thereof, such as collecting, documenting, organizing, structuring, storing, adapting and modifying, querying, reading, using, transmitting, disseminating, or otherwise making available, reconciling or merging, restricting, deleting or destroying.
  • "Personal Data Violation" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Personal Data that is transmitted, stored, or otherwise processed.
  • "Service" is a customer survey service offered to You via the Survease Platform.
  • "Terms" means the general terms of the Survease Service that govern Your use of the Survease Platform, software, and Service.

Our activities as the controller of personal data

Personal information collected about you

We collect and process Personal Information about You that You have voluntarily disclosed to us on the Platform. You understand that the disclosure of Personal Information to Us is voluntary, but if it is not disclosed, You will not be able to use the Survease Platform, and the Service offered there.

In order for You to use the Service, we collect and process the following personal data about You: name, e-mail address, data on the represented legal entity and its activities (company name, registry code, country of location, data on invoicing contacts, country-specific tax number), other data, which You decide to publish on the Platform about yourself or a company related to You.

Purpose and legal basis of the collection of personal data

We only process your Personal Data for the purposes set out in law or in this Privacy Policy, including the following: To create a personal user account for You, to identify and contact You, to provide platform services, to provide support services, to send personalized marketing messages, to conduct a customer satisfaction survey and also to fulfill the obligations arising from the law.

We process Your Personal Data on the following basis: on a contractual basis in order to provide You with a platform service, including in order to create access to the Platform; for the detection and investigation of violations committed on the Platform, including fraud and for the transmission of personal marketing messages committed on the basis of our or a third party's legitimate interest; with Your consent to Us, to fulfill the relevant legal obligation.

Among other things, if You do not wish to receive personalized marketing messages from Us, you may prohibit Us from using Your Personal Data for any prior purpose by notifying Us in writing at [email protected].

Transmission and storage of personal data

We may transfer your Personal Information to third parties, such as an auditor, a legal aid provider, or any other person who provides a service to Us. We may also transfer Your information to other companies in our group. We have made every effort to ensure that the aforementioned third parties ensure the confidentiality and security of Personal Data.

Third parties to whom We transfer Your Personal Data may be located outside the European Economic Area, where other personal data protection regulations have been established and for which the European Commission has not taken a decision on the adequacy of protection. In these countries, the security of personal data (including protection against misuse, unauthorized access, disclosure, alteration or destruction) may not be at the same level as in the European Union due to the lack of an adequate level of data protection. When transferring personal data outside the European Economic Area, we undertake to ensure that appropriate security measures are in place. If You would like to receive information about the applicable security measures, please let Us know.

When transferring personal data to the United States, we ensure that the third party receiving the data is certified under the terms and conditions set forth in the EU-US Data Exchange Agreement between the US Department of Commerce and the European Union. For more information on the EU-US Data Exchange Agreement program, visit the US Department of Commerce's website at www.privacyshield.gov.

We implement the necessary organizational, physical, and IT security measures to ensure that the Personal Data published on the Platform is protected against any misuse, unauthorized access, disclosure, alteration, or destruction. Platform servers and systems are protected from unauthorized access by firewalls, passwords, other technical means, and organizational means. Access to personal data shall only be granted if it is necessary for the processing of the data. All processors of personal data are bound by a confidentiality agreement. Our employees' access to personal data is based on a role-based user management process, where each employee is given only access related to his or her tasks and work.

We will retain Your Personal Data for as long as required or permitted by law, but no longer than is reasonably necessary for Us to achieve the purposes for which the Personal Data was collected or processed, including the retention of Personal Data until the expiration of any claims.

We take reasonable steps to ensure that Personal Data is reliable and accurate.

Your rights when collecting personal data

In connection with the collection of Personal Data, you have the right to:

request access to the Personal Data collected about you and request a copy of the Personal Data;

request the correction, updating or removal of your Personal Data;

demand restrictions on the processing, collection and use of personal data in cases provided by legislation;

to turn to the Data Protection Inspectorate in case of violation of your rights.

Cookies

We use cookies and other similar technologies on the Platform in order to increase the functionality of our Platform and the quality of services provided there.

A cookie is essentially a text file that is stored on your computer, smartphone or other device. A cookie is a small text file placed on your device to store useful information and to remember You.

We use temporary or session-based cookies on the Platform, which disappear when you leave the Platform or close your browser. We use session-based cookies to provide certain features of the Platform (e.g., for login).

You can block, restrict or remove cookies from your browser at any time. Please note that as cookies are necessary for the full and smooth operation of Our Platform, restricting the use of cookies may affect the usability or operation of the Platform.

For more information on the use of cookies and instructions on how to disable cookies, visit www.allaboutcookies.org.

Our activities as an authorized processor of personal data

In order to provide You with the Service, we may need to process the Personal Data of Data Subjects on Your behalf, but only to the extent and in the manner necessary to perform the tasks assigned to You. The Service provided by Us to You is described in more detail in the Terms and Conditions of Our Service.

With regard to this Privacy Policy, we determine the terms and conditions of the processing of Personal Data of Data Subjects in order to ensure that the processing of Personal Data complies with the conditions set out in data protection legislation and that the rights of Data Subjects are protected.

Processing operations

We confirm that We will not process the Personal Data of the Data Subjects transferred to Us for any purpose (including both business and personal purposes) other than to provide the Service to You.

Under these Terms and Conditions, we undertake to ensure that all Our employees or third parties we use to provide the Service to You comply with the requirements set out in data protection legislation, including the obligation of professional secrecy. We will notify You immediately if We are unable to ensure such compliance for any reason.

In addition, we will notify You immediately of the following:

Legally binding requests by law enforcement authorities for the disclosure of personal data, except in the case of a prohibition on the disclosure of requests arising from, for example, criminal law and intended to protect the confidentiality of a law enforcement investigation;

Cases of accidental or unauthorized access;

Requests submitted by the data subject.

Transmission of personal data

By agreeing to the Privacy Policy, you authorize Us to transfer the Personal Data of the Data Subject in accordance with the provisions of this Privacy Policy.

The inclusion of new recipients of Personal Data is possible only with Your prior consent. When transferring personal data to a third party, We enter into an agreement with a third party with a similar content in order to ensure the correct processing of Personal Data. If a third party who processes Personal Data does not comply with the requirements set out in data protection legislation or does not comply with the Agreement entered into with Us, we will be liable to You for compliance with the requirements and obligations set out in data protection legislation.

Applicable security measures

We confirm that we have put in place all appropriate technical and organizational measures to ensure that the processing complies with the requirements of data protection law and that the rights of data subjects are protected. We make every effort to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to data. To ensure the above, we have applied the measures set out in this Privacy Policy.

Upon your request, we will make available to You within a reasonable time all the information necessary to demonstrate the implementation of the relevant technical and organizational measures. Among other things, we enable You to carry out the audits necessary to verify the implementation of these measures. The costs of performing the above obligations, including the costs related to the organization of the audit, shall be borne by You, and We have the right to demand reimbursement of direct and indirect costs incurred by You in performing these obligations.

Personal data breach

In the event of a personal data breach, we undertake to notify You without undue delay and to cooperate fully with You. Among other things, we undertake to report a personal data breach as follows:

We describe the nature of the personal data breach and, if possible, the approximate number of Data Subjects and the types and approximate number of relevant personal data records;

We will provide the name and contact details of the contact person providing additional information;

We describe the possible consequences of the personal data breach;

We describe the measures we have taken or plan to take to resolve the personal data breach, including, where appropriate, mitigating the potential adverse effects of the breach;

We describe the possible measures we can take to mitigate the possible negative effects of a personal data breach.

Liability

We will not be liable for any damage caused to You by Your wrongful conduct in processing the Personal Data in compliance with the Terms and Conditions.

Other terms and conditions

The data transfer agreement terminates automatically at the moment when the Agreement concluded between You and Us for the provision of the Service expires. The parties agree that upon the termination of the Agreement, we will return to you all Personal Data provided by him/her and copies thereof.

If you have any questions regarding the processing of personal data, please contact Us at [email protected]