Privacy and Data Protection in Online Surveys
Data protection in the context of online surveys and online research has different facets. In many cases, legal regulations, professional and ethical codes of conduct must be considered.
- Protection of Collected Data
In most cases, project managers and researchers have a legitimate interest in having exclusive rights to the data collected (and, of course, to the questionnaires they develop).
- Guarantee of Anonymity
In employee surveys as well as in many scientific studies, participants are guaranteed anonymity in order to receive honest answers.
- Protection of Personal Data
At the latest when personal data is collected, these data are subject to legal regulations, such as the Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR).
SoSci Survey helps you protect your own interests, collect data in a legally compliant manner and protect the privacy of your respondents. Only through the seamless interaction of several components can a high level of data protection be guaranteed:
- Secure Infrastructure
Encryption, secure software, security updates,...
- Reliable technologie
Certified data center, daily backups, proven software,...
- Data avoidance
Comprehensive data control, anonymisation, no cookies, no IPs in logfiles, ...
- Clear organisational structures
Differentiated access rights, contractual regulations (ADV according to §11 BDSG)
Protection against Unauthorized Access
The technical aspect must ensure that data does not fall into the wrong hands or get lost due to carelessness or technical defects. Among other things, SoSci Survey uses the following technical measures to protect against unauthorized access:
- Continuous SSL encryption (HTTPS) protects the data both when filling in the questionnaire and when retrieving the collected data. A secure SSL configuration (Qualys SSL Labs) ensures that the transmission of data is actually secure. A highly compatible configuration and established certification bodies ensure that even users of older browsers can access the questionnaire correctly. For particularly high demands, our pro server s2survey. net offers an SSL certificate with Extended Validation (EV), which most browsers signal with a green address line.
- A web server requires a number of software products. We provide the actual survey software "SoSci Survey" with proven components - from the operating system (Ubuntu Linux) to the server application (nginx) to the database (MySQL) and the encryption of backup copies (GPG). Security updates for these software packages are updated several times a day.
- The server is located in the certified and secured data center of the provider M-net Telekommunikations GmbH. The server is administered via the proven SSH encryption, which is additionally protected against hacker attacks.
Protection against Technical Failures
Technical defects can never be completely excluded. But the risks and possible consequences can be greatly limited by a number of measures:
- The technical operation of the survey server is carried out by the PartnerGate GmbH, member of the InterNetWire group, and is therefore always up to date.
- The use of virtual machines and current storage technologies allows a certain independence between technical components and the actual operation. Technical defects have no or only short-term effects.
- Encrypted daily backup of questionnaires and collected data protects against data loss due to human mistake and software errors.
Survey projects are very different and it always depends on the individual case what data protection means. Should participation in a study be anonymous or are specifically selected customers being surveyed? Is personal data collected in the questionnaire? Is it necessary to ensure that participants complete the questionnaire only once? Are e-mail addresses or telephone numbers transmitted to send invitation e-mails or SMS?
SoSci Survey offers numerous features to provide optimal data protection for every purpose. The serial mail function, for example, allows tracking whether an addressee has edited the questionnaire (e. g. for a reminder mail/review action) and at the same time ensures that the collected data remains anonymous. Concrete recommendations and explanations can be found in the instructions for SoSci Survey in the chapter on data protection in online surveys.
The SoSci Survey GmbH has its headquarters in Munich (Germany), as well as the computer centre, which houses the survey servers www.soscisurvey.de and s2survey. net.
In an international comparison, Germany offers a very high level of data protection - both with regard to the obligations of companies as well as with regard to governmental/agency access and interference.
In addition, the location makes it much easier for German and European companies to collect and process personal data in a legally compliant manner.
Our General Terms and Conditions (GTC) explicitly state that your data belong to you exclusively. If you collect personal data in your online survey, it may also be necessary to conclude a contract for data processing (ADV) in accordance with §11 BDSG or AVV in accordance with European Privacy lavs (GDPR). Please contact us by email if this becomes necessary. Please note that an AVV is only available for using the pro server s2survey.net. Based on experience, we keep encrypted backups for the server www.soscisurvey.de for a period of 12 months, which is usually not compatible with the GDPR requirements for data deletion.
In the case of employee surveys, we recommend that the works council and the data protection officer be consulted at an early stage. In order for an employee survey to be successful, it requires the support of employees and any concerns must be clarified before the survey can even become an issue in the company. We are happy to help clarify the situation - be it through open and detailed information or in a personal conversation.
Information on data protection when using the www.soscisurvey.de website can be found in Data Protection Information.