Zurvey.io is the product of Neticle Labs Ltd. (seat: 1213 Budapest, Vető utca 10.; Company registration number: Cg.: 01-09-300520). Neticle Labs Ltd. as as data controller respects the personal rights of the data subjects, especially the data protection rights determined by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (’GDPR’) and the Act CXII of 2011 on the Right of Information Self-Determination and Freedom of Information law (’InfoAct’). Data controller undertakes to apply these laws and expresses to be bound by these provisions.
This policy was updated: 26th February, 2020.
Zurvey.io is a professional survey and CX solution that perfectly understands text answers. We are helping our clients to analyze their collected text feedback quickly and easily, even the open-ended questions. (For detailed product features please check: https://zurvey.io/zurvey/en/product/)
The goal of this policy is to describe how we handle personal data and what related preferences are available.
In the following we use the term platform referring to Zurvey.io.
Users (data subjects) are persons who are having access to the platform. We are storing their name, email address and password to the platform.
The platform’s users belong to clients, which are legal entities and responsible for the data they upload to the platform. (In specific cases of individual users when they have been registered to the platform without naming a legal entity (their company) where they belong to then these users are the clients as well and are holding the related responsibility and obligations as well.)
Respondents are persons who are sending answers to the client’s surveys that are shared via the platform. These respondents are usually customers of the clients, potential customers or employees of the client.
Administrators are employees of Zurvey.io platform creator Neticle Labs Ltd. They are developers, account managers or analysts who might help the users in steps, questions or report creation. The administrators are handling all client information and data confidentially and cannot share it with 3rd parties without written permission from the client.
Website refers to Zurvey.io main page and sub-pages on this domain. It does not refer to the platform related pages, that are available on the sub-domain: portal.zurvey.io
Data we manage
With Zurvey.io we are handling 3 types of data:
The platform is acting as data controller and data processor regarding the user data and for the data that our users upload or collect via platform surveys they are acting as data controller and the platform is data processor.
Managing user data
The platform uses standard authentication methods and stores our users’ names, email addresses and passwords for login. No other personal or sensitive data is collected mandatorily. During automated registrations users can provide additional information to help our Administrators to give customized support. This data can be the user’s phone number, industry, position or country.
Users can provide card payment information to use the platform. Credit/debit card data is stored in a secure, encrypted way and the 3rd party payment services only receive the necessary data to manage the payment.
The user data is stored in a secured and encrypted database. We are not trading this data and do not give access to other 3rd parties.
The platform can use the emails of the users to share the latest platform updates with them.
The platform can send email notifications on specific triggers, for example if a data set analysis is ready or a certain amount of survey respondents reached for a project.
Users and card data can be deleted from the platform permanently upon client request or user request.
Uploading data to platform
Users can upload data sets to process and analyze them with the platform. These data sets are usually customer reviews, social media comments, online news, survey answers collected with another survey platform.
The client acts as data controller in such cases and it’s the client’s responsibility to provide the right data privacy and usage notices when collecting the data set outside the platform.
The uploaded data is analyzed, text analyzed and summarized by the platform. The results can be accessed via the platform dashboard or exported into different file formats. The client’s users have access to the uploaded data set.
The data set is stored in secure encrypted format and can be deleted permanently by the users.
We are not sharing the uploaded data sets or analysis results with 3rd parties nor with other clients.
Upon client request our administrators can have access to the data set to help in troubleshooting or platform usage.
Collecting survey data
Users can create surveys with the platform and share them with specific respondents or share the survey link publicly.
The platform collects IP address, browser type, device, operation system data from the respondents automatically. This data collection can be switched off by the user before sharing the survey.
The platform saves the respondent answers only after fully finishing and submitting a survey by default. These settings can be changed by the user, so answers will be saved real-time. In this case the respondents receive a notification automatically when they open the survey link.
The collected survey answers and data is stored in a secure encrypted format and is not shared with 3rd parties or other clients. Users can delete it permanently.
If the client collects personal or sensitive information from the respondents, it’s the client’s responsibility to notify the respondents about their privacy and data management goals.
With the platform clients are able to integrate micro-surveys into mobile applications or web applications. These micro-surveys usually ask a few non-personal questions from the users of the application. For example: please rate this application or share your experience with your own words.
The micro-surveys automatically collect the respondents’ user id, their device type and the triggering event.
The micro-survey question generally does not contain personal data collection though it’s the client’s responsibility to notify the respondents about the goals and details of the data collection.
The collected survey answers and data is stored in a secure encrypted format and is not shared with 3rd parties or other clients. Users can delete it permanently.
Clients can also integrate the platform with their in-house IT solutions and databases. In this case the platform processes and analyzes data is collected by the client via other channels and the client has to notify the respondents or data sources about the data processing with the platform.
Showing analysis results on dashboard
Users can see the result of the data processing and analyzing via web-based dashboard from their browsers. They can see charts and summarizations and also load the original data from which these values calculated.
3rd parties and other clients’ users do not have access to this dashboard.
Exporting the data
Users can export a data set analysis result into different file formats. This file contains the original data set and the calculated data as well.
The exporting functions are only available for users of the client and the administrators of the platform.
Access to personal data during development and support
In special cases administrators of the platform might need to access personal data for testing or troubleshooting purposes. They do not have the right to copy or share personal information.
Storage period and deletion
The collected or uploaded data is stored for an indefinite time period by default. Users can delete every data set of the client permanently and immediately from the platform.
When data is uploaded to the platform it reaches the platform via encrypted HTTPS protocol. The platform is hosted in Microsoft Azure Cloud. The storage of the data is encrypted as well and they are physically located in the European Union, mainly in the Netherlands.
Storing and processing data
The owner of the platform, Neticle Labs Ltd (https://neticle.com/) uses the computing capacity of Microsoft Azure Cloud. The related physical security and availability is guaranteed by the provider, while on the software side Neticle Labs Ltd does regular security maintenance, security updates and maintains a professional user permission structure.
Neticle Labs Ltd also does regular updates and internal security audits for each software component and their frameworks.
Sharing analysis output
The output of the analysis is available via a password protected dashboard through a web-browser.
Only authenticated users who have the necessary access rights can export the results via different file formats.
Each project or data set can be deleted permanently by the users. In such cases the original data and the calculated, enriched data is deleted as well. Platform system logs do not contain such data.
We collect data through form on our website, for example via: https://zurvey.io/zurvey/en#get-Zurvey-demo We only collect demo requests and newsletter subscriptions. These contain names and email addresses of the users.
We are acting as data controllers of this data. We only use this data as the regarding form intends: we contact the demo request to start a platform trial and to have a video intro call if possible. We send the newsletter subscribers regular emails about important product updates or new use-cases. We send them such information maximum 2 times a month. We use the personal info (first name, last name, email) to provide personalized content in our newsletter if possible. We store this data in our CRM platform and our email marketing platform, we do not share this data with other 3rd parties.
Administrators (aka. our employees) have access to the personal data. They are obliged to manage it as confidential data.
The data can be deleted permanently and immediately upon request.
When visiting the data controller’s website, the data subject’s browser may store a cookie. Some of the cookies used by us are indispensable for the proper operation of the site, while others collect information related to its use, allowing to upgrade the site to offer more convenient services. Temporary or “session cookies” are erased when the browser is closed while “permanent cookies” stay in your browser for a longer time.
"Session cookies" facilitate browsing our site and using its functions. Among others, they store the actions taken on the site related to a function or service. Without the use of "session cookies" the site’s operation cannot be guaranteed. Their term of authorization is limited to the duration of the visit; "session cookies" expire whenever the Data Subject ends the session or closes the browser.
Performance cookies gather information about how the data subject uses the website in order to be able to improve the website, its functions and services to suit the needs of the visitors to offer them high quality, user-friendly experience.
Advertising cookies are used to select advertisements that the visitors are interested in and enable the data controller to display such advertisements on the websites of third parties to them. They also help measure the performance of our campaigns based on the information gathered with them.
Website related cookies
For our website we use these cookies:
|__cfduid||The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.||1 day|
|_gat_gtag***||Google uses this cookie to distinguish users.||1 minute|
|test_cookie||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.||15 minutes|
|__hstc||This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).||1 year|
|hubspotutk||This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.||1 year|
|__hssrc||This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.|
|__hssc||This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||30 minutes|
|JSESSIONID||Preserves users states across page requests.||session|
|messagesUtk||Stores a unique ID string for each chat-box session. This allows the website-support to see previous issues and reconnect with the previous supporter.||1 year|
|collect||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across|
|devices and marketing channels.||session|
|__hmpl||Collects information on user preferences and/or interaction with web-campaign content - This is used on|
|CRM-campaign -platform used by website owners for promoting events or products.||persistent|
|ptq.gif||Sends data to the marketing platform Hubspot to the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||session|
|embed/v3/counters.gif||Collects information on user preferences and/or interaction with web-campaign content - This is used onCRM campaign -platform used by website owners for promoting events or products.||session|
|HUBLYTICS_EVENTS_53||Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement- This is also allows the website to limit the number of times that the visitor is shown the same advertisement.||persistent|
|i18n-cached-public-locale||Used by Google DoubleClick to register and report the website user's actions after view in Google or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year|
|pagead/1p-user-list/#||Google.com advertisement support||session|
|r/collect||This cookie is used to send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels.||session|
|mailerlite:webform:shown:1324576||Used to remember if somebody is already on the mailing list of Zurvey.io.||persistent|
Platform related cookies
For improving our platform we use the following cookies:
|zurvey_session||Work session for the user, used for logins to the platform.|
|remember_web_****||A cookie used for the remember me function during logins.|
|survey_***||We track if a respondent has already started to fill in a survey or not|
|finished_***||We track if a respondent has finished a survey or not|
|isMenuCollapsed||We track if a user is using the platform’s left menu open or closed.|
You can use your browser settings to manage how you receive, store, process or block cookies.
These links show you how you can do it in the popular web browsers:
Please consider that blocking cookies completely might make the website or platform unusable.
Duration of the data processing
Data controller will use and store the personal data until the purpose is satisfied. In certain, special cases, the data controller may control the personal data after the purpose has been satisfied.
Data controller uses the services as data processing, of the following companies:
Data controller may transfer the personal data of the data subject to the competent authorities based on inquiries in accordance with the relevant statutes.
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Authority of the National Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH) (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; tel: +36-1-391-1400; e-mail: [email protected]; website: www.naih.hu, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
In the event of the breach of the data protection rights the data subject may bring the matter in front of a the court.
No. 14 41 Leonardo da Vinci street 2nd floor
Budapest Hungary H-1082
10 Vető street Budapest Hungary H-1213