This translation is older than the original page and might be outdated. See what has changed.
Translations of this page:

Privacy Protection in the Online Survey

Online surveys are restricted by research ethics and laws. In many countries, violating privacy laws involves the risk of severe penalties. SoSci Survey supports you in creating privacy compliant online surveys. First, SoSci Survey provides features to collect data without violating privacy. Second, the survey servers and provide the infrastructure to run privacy-compliant online studies – especially customer an employee surveys.

Privacy Basic

Contract about Order Processing of Personal Data

If your study works with personal data, it may be necessary to make a contract about the processing of personal data with us. Our contract conforms to the strict German law (ADV contract). Find details under Personal Data.


  • Companies have the ability to save call detail records about its employees, which ultimately allows them to match certain IP addresses and questionnaires, using timestamps, for example. Such data usually already comes with certain rules that regulate its usage.
  • If your questionnaire asks for personal information, such as names, email addresses and phone numbers, the questionnaire obviously looses its anonymity.
  • To prevent third parties to access this data, you should choose a password that is absolutely safe. Please avoid words which already exist and vary the use of capital and small initial letters. Including numbers and choosing a password of at least 7 characters makes it even more safe.
  • While running an online survey it is necessary for the server to be connected to the Internet. Storing the data on a “machine not connected to the Internet” is impossible by design.

Settings in SoSci Survey

No Recording of IP Address

Particularly companies need little work to extrapolate from an IP address to the corresponding person. SoSci Survey will therefore not record IP addresses by default.

The value of IP addresses is mostly negligible, you can usually relinquish it. Should you require the IP address in the data set, please employ a question of type Device and request variables.

Anonymous Panel Studies

If you are conducting studies with a known set of participants or panel studies where participants are to be repeatedly interviewed, SoSci Survey provides a project-internal partcipants administration function. All datasets by the same User will get a unique ID (Serial number). This ID does not allow consolitation with an email-Adress or the identity of the user.

However, on conducting panel studies that requires participants to be interviewed repeatedly, SoSci Survey will store an email/user-ID-assignment in a different database so that users can get an individual link. Upon deleting the email adresses, this assignment will be deleted as well (Send Mailings).

Separate Email Address Collection

You might want to collect email or postal addresses to provide incentives like a raffle or study outcomes. SoSci Survey offers the functionality to store email addresses in a different database with no possibility to consolidate the address with the original questionnaire dataset. In this case, the participant's questionnaire details will remain anonymous (Collect Contact Data Separately).

Disable Timestamps

If collecting very sensitive data, recording of timestamps may be disabled in the project settings. In this case, neither the interview's starting time, nor dwell times will be stored.

This measure further decreases the probability that collected data is de-anonymized by merging with external data (e.g., an Internet provider's connection data).

Please note, that timestamps may still be reconstructed from the server logfiles. If the recording of log files is to be switched off for particularly sensitive surveys (e.g., in the area of crime research), this is possible, but involves additional costs due to the effort involved.

Deletion of Collected Data

Project managers have the ability to delete collected data as well as the entire survey at any time. Even manual filing and archiving of the survey within the user account is possible. By default, any project will be filed if the project manager doesn't log in within 3 months. If this happens, all data of the survey project will be deleted and the questionnaire will be archived as XML-file– in case the user wants go back to it at a later point.

Unrelated to these deletions are backups - we save them on our server on a daily basis to guarantee a stable operation of the server. This way data loss or accidental deletions caused by technical malfunctions can be repaired. These backups are saved for a time period of 1 year ( or 1 month (, respectively, and are deleted afterwards. We don't use any of this data, except for the purpose of recovery. Please note that the recovery of lost data caused by the project manager, such as accidental deletion, is tied to a surcharge of 60 euros.

Secure Server Infrastructure

The is located in Europe, since 2013 in Munich in a certified datacenter operated by the M-net Telekommunikations GmbH. The datacenter is certified according to ISO27001, warranting organizational, constructional, technical, and supply security. The server is secured against unauthorized access according to common standards. Technical operation of the server is provided by the PartnerGate GmbH (Munich, Germany).

The server runs Linux along with the webserver-software Apache and NGINX (since october 2013), which are considered secure. Regular security updates ensure the safe operation and in-time fixes of eventual security holes. Access to the server is SSH-encrypted.

Data backups of the projects and the datasets are created daily to ensure the safety of the data.

SoSci Survey will not pass on any data to third parties. Other parties do not have access to the data. We have concluded agreements with the server host corresponding to §11 BDSG (German data protection law).

SSL Encryption

Unencrypted data transfer theoretically allows for thrid parties to gain access to the transmitted information.

The servers and therefore use SSL encryption with a signed certificate, noticeable at the “HTTPS” preceding the URL. All data is being encrypted by the browser and decoded by the server. This process is considered very secure.

Recording Minimal User Data

Upon opening a webpage, a browser usually submits other data along with the IP-address. Information like browser-ID, operating system or language settings is saved into a logfile, along with the type of request (usually the url) and a timestamp.

The servers and are configured not to store IP addresses in the access logfiles. Therefore, even a combination of timestamps and server logfiles does not allow a reconstruction if IP addresses.

A survey project usually stores the questionnaire access time and the time for completing a questionnaire, into the dataset. Other information is not stored unless activated in the project settings.

No Cookies

On visiting a website, the server can provide a data fragment to the browser (usually an unique user ID), called cookie. Upon visiting the website again, the browser will submit the cookie and the server can identify a specific user. Sosci Survey uses cookies to check on a page reload if survey project admins are logged in.

By default, the questionnaires do not use any cookies. Instead, to identify a user on filling out a questionnaire, the user ID is not being stored permanently on a user's computer but transferred from one questionnaire page to the next.

Cookies do not serve as reliable means to prevent multiple questionnaire submissions. The only way to avoid those is by using personalized questionnaire links using the serial mail or serial number function in Sosci Survey (Send Mailings).

en/general/privacy.txt · Last modified: 30.04.2021 10:08 by sophia.schauer
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Driven by DokuWiki