webropol privacy policy

Privacy Policy

Webropol Oy client and user register: Privacy statement

This privacy statement describes how Webropol processes personal data, as required under the EU General Data Protection Regulation and other personal data legislation. This statement applies to all Webropol software users and anyone with data stored in the Webropol client register.

Data controller

Webropol Oy
VAT ID: FI-17739602
Huovitie 3, 00400 Helsinki, Finland
+358 20 155 2150 |

Contact for questions related to the register
Webropol Oy
Huovitie 3, 00400 Helsinki, Finland
+358 20 155 2150 |

Register name

Webropol Oy client and user register

Purpose of processing personal data

Personal data is processed on the grounds of the customer relationship between Webropol and the client, on the grounds of the client giving consent or on the grounds of purposes of the legitimate interests pursued by Webropol Oy. The collected data is used for customer relationship management and for contacting clients in matters necessary to providing the service. Webropol may also use the data for marketing purposes, for example, to contact people by phone or e-mail.

Register content

Regulatory data sources

The data is acquired from users of Webropol software with their consent or from Webropol admins of the client organisation. Any contact information provided is not transferred to third parties. Personal data may be updated with data received from authorities and other companies that provide personal data related services.

Data retention and erasure: Time periods

Following the end of the customer relationship, backups of all client environment data (including user information) are kept for 1 month. After this, the data is erased. When the client erases an individual user or survey from the system, the deleted data is stored in a backup for 1 month. For the purposes of the Webropol’s legitimite interests (e.g. prospecting and marketing), client information can be kept after the end of customer relationship. Deletion of the client data may also differ from the abovementioned user data deletion. Webropol will always erase personal data immediately upon client request if technically possible within a reasonable time.

Transfer of data to third countries

Webropol does not under any circumstance transfer or process personal data outside the EU or the EEA.

Technical and organisational security measures

Personal data in electronic form is secured with commonly accepted and reasonable technical measures, such as firewalls and passwords. Any non-electronic materials containing personal data in the register are stored in a locked facility with no access provided to non-authorised persons. Only assigned Webropol customer support, tech staff and research services personnel have access to personal data. All such assigned persons have signed a valid and binding non-disclosure agreement and have their own personal ID and password. Users may not disclose any information under the non-disclosure agreement. In addition to Webropol, specific Webropol’s contractors may also perform processing activities on behalf of the data controller. These contractors are required to comply with the same requirements as Webropol.

The right to review data, the right to rectify incorrect data, and the right to be forgotten

According to the EU’s General Data Protection regulation , the data subject has the right to review data stored in the register and to request incorrect data to be rectified and/or erased. The data subject may at any time refuse the use of his or her personal data for marketing purposes. If the data subject no longer wishes his or her data to be processed, he or she has the right to request all data to be erased. Any data-related requests must be sent in writing by e-mail or by post to Webropol Oy.

Webropol Oy
Huovitie 3, 00400 Helsinki, Finland