This privacy statement describes how Webropol processes personal data, as required under the EU General Data Protection Regulation and other personal data legislation.
This statement applies to all Webropol software users and anyone with data stored in the Webropol client register.
Huovitie 3, 00400 Helsinki, Finland
+358 20 155 2150
Contact for questions related to the register
Huovitie 3, 00400 Helsinki, Finland
Webropol Oy client and user register.
Purpose of processing personal data
Personal data is processed on the grounds of the customer relationship between Webropol and the client, on the grounds of the client giving consent or on the grounds of purposes of the legitimate interests pursued by Webropol Oy .
The collected data is used for customer relationship management and for contacting clients in matters necessary to providing the service. Webropol may also use the data for marketing purposes, for example, to contact people by phone or e-mail.
- First name and last name
- Phone number
- E-mail address
- Company/corporate address (only for admin)
- Company/corporate VAT ID (only for admin)
- Department name
- Purchasing and invoicing information
- Customer relationship start date
- Customer relationship management information
- Service events
Regulatory data sources
The data is acquired from users of Webropol software with their consent or from Webropol admins of the client organisation. Any contact information provided is not transferred to third parties. Personal data may be updated with data received from authorities and other companies that provide personal data related services.
Data retention and erasure: Time periods
Following the end of the customer relationship, backups of all client environment data (including user information) are kept for 1 month. After this, the data is erased. When the client erases an individual user or survey from the system, the deleted data is stored in a backup for 1 month.
For the purposes of the Webropol’s legitimite interests (e.g. prospecting and marketing), client information can be kept after the end of customer relationship. Deletion of the client data may also differ from the above-mentioned user data deletion
Webropol will always erase personal data immediately upon client request if technically possible within a reasonable time.
Transfer of data to third countries
Webropol does not under any circumstance transfer or process personal data outside the EU or the EEA.
Technical and organisational security measures
Personal data in electronic form is secured with commonly accepted and reasonable technical measures, such as firewalls and passwords. Any non-electronic materials containing personal data in the register are stored in a locked facility with no access provided to non-authorised persons.
Only assigned Webropol customer support, tech staff and research services personnel have access to personal data. All such assigned persons have signed a valid and binding non-disclosure agreement and have their own personal ID and password. Users may not disclose any information under the non-disclosure agreement.
In addition to Webropol, specific Webropol’s contractors may also perform processing activities on behalf of the data controller. These contractors are required to comply with the same requirements as Webropol.
The right to review data, the right to rectify incorrect data, and the right to be forgotten
According to the EU’s General Data Protection regulation , the data subject has the right to review data stored in the register and to request incorrect data to be rectified and/or erased. The data subject may at any time refuse the use of his or her personal data for marketing purposes. If the data subject no longer wishes his or her data to be processed, he or she has the right to request all data to be erased.
TAny data-related requests must be sent in writing by e-mail or by post to Webropol Oy.
Webropol Oy Huovitie 3, 00400 Helsinki, Finland