Last updated: May 20, 2015
Key Privacy Points
European Safe Harbors. SurveyMonkey Inc. complies with the US-EU and US-Swiss Safe Harbor Frameworks developed by the U.S. Department of Commerce regarding the collection, use and retention of personal information from EU member countries and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. View our certification on the U.S. Department of Commerce’s Safe Harbor website.
1. What information does SurveyMonkey collect?
When you use the Apps, we collect information relating to you and your use of the Apps and your mobile device from a variety of sources. These are listed below. The sections afterwards describe what we do with this information.
Information we collect directly from you
- Registration information. If an App requires you to register for an account, we may collect account details such as your username, password, and email address.
- Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you participate in a SurveyMonkey promotion, you may choose to provide us with your contact information so that we can contact you about that promotion.
Information we collect about you indirectly or passively when you interact with us
- Encrypted Data. Data you send through our VPN which is encrypted independently of our VPN (such as through an SSL/TLS connection) will remain encrypted. We do not decrypt that encrypted data.
- Types of Data. Because of the nature of VPN Data, the data transmitted through the VPN includes ALL outbound traffic from your mobile device and may include:
- the type of mobile device you use;
- the identity of your mobile carrier or network;
- your device’s IP address and other device identifiers;
- your online activities;
- the amount of data you transmit;
- the websites you visit and the content of your interactions with those websites;
- the amount and manner in which you interact with other apps on your device;
- the contents of your communications;
- the identity of individuals who communicate with you;
- your location, if, for example, you access location-based services; and
- other personally identifying information about you or other individuals contained in the VPN Data.
- Usage data. We collect usage data about you whenever you interact with the Apps. This may include what features you use, what you click on, when you performed those actions, and so on. Additionally, like many other services available today, our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
- Device data. We may collect data from and about the device you use to access our services, such as your IP address, browser type, app usage information, bookmarks, browsing history, and push notifications (we call this “Device Data“). We may also infer your geographic location based on your IP address.
- Information from third parties. We may combine information collected through the Apps with information about you that we receive from third parties for business, analytics, and service improvement purposes. If an App permits you to register by using a third party account (such as a Google or Facebook account), then the authentication of your logon details will be facilitated by that third party. We may also collect information about or from your third party account that you agree to share with us at the time you give permission for your App account to be linked to that third party account.
How do I stop VPN Data from being collected? You may stop VPN Data from being collected from your mobile device by deactivating the VPN. Refer to our VPN deactivation instructions for details on how to do this. Please note that Apps that require the VPN to be enabled will cease to function properly if you disable VPN usage on your device. Please also note that uninstalling Apps from your mobile device will not cause the VPN to be deactivated – you must follow the VPN deactivation instructions to achieve that.
2. How does SurveyMonkey use the information we collect?
Generally, we use the information we collect from you in connection with providing the Apps and other services to you, enhancing our products and offerings, and creating data analytics for our internal use and for third parties. (However, when it comes to your personal information, we don’t sell, give, disclose, or share it with third parties, other than in the limited ways we describe in Section 3.) We use your information:
- To provide you with our services and the Apps.
- For example, our VPN service encrypts your data traffic and the Contribute Plug-in uses your personal information to send you new surveys you can complete and to provide you with promotional offers and rewards.
- This also includes providing you with user support, which requires us to access your information to assist you (such as with technical troubleshooting).
- To manage our services. We internally use your information for the following limited purposes:
- To monitor and maintain our services. We analyze information we collect to troubleshoot, test, and improve our services. For example, we may use your information for internal purposes designed to keep our services secure and operational.
- To improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, Device Data, VPN Data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, to understand how people use mobile devices, to understand how people use mobile apps, for marketing, for research and development purposes, and to help us evaluate or devise new features.
- To enforce our Terms of Service.
- To prevent potentially illegal activities.
- To screen for and prevent undesirable or abusive activity. For example, we may use automated systems with certain Apps that screen usage patterns for fraudulent activity.
- To create new services, features, or content. We may use VPN Data to create and provide new services, features or content. In analyzing VPN Data, we may combine it with any other information you provide us about yourself, including Device Data, to analyze your app usage, web browsing activities, communications, and other mobile device activities on an aggregate basis to publish interesting observations about these for informational, commercial, marketing, or advertising purposes. When we do this, we will not provide any personal information to third parties unless we have your permission.
- To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, changes to our services or policies, a welcome email when you first register). You can’t opt out of these communications since they are required to provide our services to you.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
3. With whom do we share or disclose your information?
We may disclose:
- Aggregated or de-identified information to third parties to improve our services, promote our services, or for market analytics. For example, we may aggregate VPN Data and analyze that data in combination with other data to determine various consumer behavior metrics and trends, such as the average time typical consumers spend on gaming apps. No individuals can reasonably be identified or linked to any part of the analysis, or to the aggregated or de-identified information, that we share with third parties for these purposes.
- Your email address to your organization. If the email address under which you’ve registered your App account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses the Apps. (Please do not use a work email address to register for an App account unless you are authorized to do so, and are therefore comfortable with this disclosure.)
- Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our, your or third parties’ rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
- Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (such as a merger or consolidation) or any other action or transfer between SurveyMonkey entities, you expressly consent to SurveyMonkey transferring your information to the new owner or successor entity so that we can continue providing our services. If required, SurveyMonkey will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
- Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you may need to contact that third party directly.)
4. What are your rights to your information?
- Update your App account details. Some Apps allow you to update your registration and other account information associated with that App (such as your email address) through the account management section of that App. Information updated in this way is normally updated immediately.
- Access and correct your personal information. You may access and correct the personal information that SurveyMonkey holds about you. This right may be exercised by visiting the account management section of the relevant App (if available) or by contacting user support. This right is subject to some exceptions, such as where giving you access would have an unreasonable impact on the privacy of other individuals. We will respond to your request for access or correction within a reasonable time and, where reasonable and practicable to do so, we will provide access to your personal information in the manner requested by you.
- Delete your VPN Data. You can request deletion of all VPN Data held by SurveyMonkey that has been collected from your mobile device in connection with your use of an App. However, we may continue to retain and use any analytical data that has been derived from your VPN Data (such as information about consumer behavior metrics and trends). Analytical data will not contain any VPN Data that has not been aggregated or de-identified, and analytical data cannot reasonably be linked to you. We may charge you a reasonable fee to cover the costs we incur to process your VPN Data deletion request.
- Cancel your App account. To cancel and delete your account associated with an App, please contact user support. Deleting your account will cause all the VPN Data held by SurveyMonkey that has been collected from your mobile device in connection with your use of the deleted App to be permanently deleted from our systems within a reasonable time period, as permitted by law. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal information unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law). Though you can cancel and delete your account, we may continue to use aggregated or de-identified data that cannot reasonably be linked to you.
For how long do we retain your data? In relation to data associated with an App, we retain that data for as long as your account for that App is open, though we reserve the right to delete all or some of the data at our discretion. Please note that uninstalling or deleting an App from your mobile device will not result in the cancellation of your App account (if you re-install the App, you will be able to re-use your App account). See above for information on how to cancel your App account.
5. Security, cookies and other important information
- Security. We are committed to handling your personal information and data with integrity and care. We store your data on infrastructure in facilities that are secured 24×7 by electronic surveillance and security guards. Access to those facilities are authorized strictly on a least privileged basis. We conduct periodic security reviews on our Apps and the infrastructure on which they run, and train our employees to handle your data in a secure manner. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal information may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet.
- Data locations. Our servers are based in the United States, so your personal information will be hosted and processed by us in the United States. Your personal information may also be processed in, or transferred and disclosed to, countries in which SurveyMonkey subsidiaries and offices are located, and in which our services providers are located or have servers. You can view where our officers are located on the Office Locations page.
- To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to the App.
- To provide you with personalized content. We may store user preferences, such as your default language, in cookies to personalize the content you see.
- To advertise to you. We, or our service providers and other third parties we work with, may place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we may evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services. If you don’t want to receive ads that are tailored to you based on your anonymous online activity, you may “opt out” of many of the companies that are involved in such tailoring by going to http://www.aboutads.info. Opting out in this way does not mean you will not receive any ads; it just means that you will not receive ads from such companies that have been tailored to you based on your activities and inferred preferences.
- Google Analytics. In addition to the above, we have implemented on our websites and other services certain Google Analytics features that support Display Advertising, including re-targeting. Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.
- Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in an App-specific privacy statement).
- Safety of Children and COPPA. Our services are not intended for and may not permissibly be used by individuals under the age of 13. SurveyMonkey does not knowingly collect personal information from persons under 13 or allow them to register. If it comes to our attention that we have collected personal information from such a person, we may delete that information without notice. If you have reason to believe that this has occurred, please contact user support.
- California Privacy Rights. California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. As noted above, SurveyMonkey does not share personal information with third parties for their own marketing purposes.
6. Additional information for European Union users
SurveyMonkey provides the Apps to users in the EU through SurveyMonkey Europe, located at 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland.
- “Personal data”. For users located in the EU, references to “personal information” in this policy are equivalent to what is commonly referred to as “personal data” in the EU.
- Data controller. SurveyMonkey Europe, whose contact information is listed above, is the data controller for registration, other account information, and VPN Data that we collect from users in the EU.
- Accessing and correcting your personal data. You have the right to access and correct the personal information that SurveyMonkey holds about you. This right may be exercised by visiting the account management section of the relevant App (if available) or by contacting user support.
- Our servers are based in the United States, so your personal data will be primarily processed by us in the United States. You consent to the transfer and processing of your personal data in the United States by SurveyMonkey Inc. and in the other data locations identified in Section 3 by our various affiliates and service providers.
- You consent and agree that we may transfer your data to data processors located in countries, including the United States, which do not have data protection laws that provide the same level of protection that exists in countries in the European Economic Area. Your consent is voluntary, and you may revoke your consent by opting out at any time. Please note that if you opt-out, we may no longer be able to provide you our services.
- You consent to us sharing your personal data with relevant persons working for service providers who assist us to provide our services.
7. Additional information for Brazilian users
8. Additional information for Australian users
- If you are dissatisfied with our handling of your complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) by contacting the OAIC using the methods listed on their website at http://www.oaic.gov.au. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.