Skip to main content
All CollectionsData Privacy & Security
Opinion Stage GDPR Compliance
Opinion Stage GDPR Compliance
Sharon Luria avatar
Written by Sharon Luria
Updated over a week ago

The EU GDPR (General Data Protection Regulation) regulation became a reality on 25 May 2018 so you should be sure to be compliant with it when using Opinion Stage.

What is the GDPR?

The General Data Protection Regulation (GDPR) was introduced to unify all EU member states' approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU. It will protect EU citizens from organizations using their data irresponsibly and puts them in charge of what information is shared, where, and how it is shared.

Is the GDPR regulation relevant to me?

The GDPR regulation is relevant to you if you have an audience in the EU and are collecting personal data from users, regardless of whether you are based inside or outside the EU.

So if you are sure you don't have an EU audience, you can stop reading here (note that to be on the safe side you might even want to block European IP addresses).

However, if you do have an EU audience, it is important you continue reading to verify you are GDPR covered.

What is defined as personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person is defined as personal data in the GDPR regulation. It can be anything from a name, an email address, an identification number, or location data.

In what cases does Opinion Stage collect the personal data of users?

There are 3 cases in which you may be collecting personal information from your audience using the Opinion Stage tools:

  1. Personal data collected in forms - Opinion Stage offers standalone forms and forms that are integrated into different item types (e.g. polls, quizzes) that you can use for collecting data from your users. You may be using these tools to collect personal data (e.g. email, phone number, etc).

  2. Social profiles collected in polls - this personal data is only collected if you use the "Require a social profile for voting" feature with the poll format (by default the feature is set off).

  3. IP tracking in polls - IPs are tracked only in polls and only if you configure to block repeat voting using IPs (by default the feature is set off). 

To stay compliant with the GDPR, you can use Opinion Stage in 2 modes:

Mode #1 - personal data IS NOT collected by Opinion Stage tools

To be sure you are not collecting data that is classified as personal based on the GDPR regulation, verify the following:

  1. Don't use the "Require a social profile for voting" feature in polls.

  2. Don't use the block repeat voting using the IP blocking feature in polls.

  3. Don't gather personal data (e.g. email, phone, etc) using Opinion Stage forms.

If you comply with the above 3 restrictions, you are not collecting any personal data with Opinion Stage tools and therefore do not need to be concerned about the GDPR regulation.

Mode #2 - personal data IS collected by Opinion Stage tools

If you have an EU audience and still want Opinion Stage to store the personal information you can do that.

To stay compliant with the GDPR rules, it is required in this case to notify your audience what you will be doing with their personal data and that it will be stored on the Opinion Stage servers.

So for example, if you are using a form that collects personal data (e.g. emails), you are required to have a checkbox that is unset by default, and specifies what you plan to do with their emails and notify them where they will be stored.

The right to have personal data erased

The GDPR introduces a right for individuals to have their personal data erased upon request. We offer any individual to contact us via our chat support or email and request to get their personal data erased. We will get it erased as a top priority.

Where does Opinion Stage store data?

Opinion Stage stores data on secure AWS Amazon servers located in the US. The data is encrypted both in transit and at rest. For information on how Amazon AWS complies with GDPR, please read here: https://aws.amazon.com/compliance/gdpr-center/

Summary

We believe the GDPR regulations are a good step forward in protecting the personal data of users and a step forward for a better and safer internet, and therefore happily embrace it. If you have an audience in the EU do not neglect this regulation and verify you are using Opinion Stage in a way that complies with it.
​ 
For more information, please refer to our Privacy Policy & Terms of Service.

Did this answer your question?