Tips for complying with the GDPR
When creating forms and surveys you may use the tips below to help you comply with the GDPR policy.
GDPR rights | What can be done | Instructions |
Lawful basis of processing | You can insert external links in your forms/surveys that direct individuals to documents describing your lawful basis for processing under the GDPR. | External Links may be added to a form's introduction, questions, answers, header/footer, etc. For example, to add a link to a Section Header question, go to its Edit page, click the Insert/Edit Link button on the WYSIWYG panel and paste your link into the URL field. If you want the link to open in another tab, specify Target→ New Window. Alternatively, you may turn the WYSIWYG editor off and use the following HTML code: <a href="https://website.com " target="_blank">Hyperlinked text </a>. |
Consent | You can insert external links in your forms/surveys that direct individuals to your privacy policy in order to comply with guidelines on data subject consent. You may also add a consent statement to your form and ask a respondent to agree to it. | A consent statement may be added with the help of a Pick One or Other question. For example: Question text: Do you consent to your personal data being processed as described in our Privacy Policy (link to the file)? You must click Yes to proceed. Answer options: Yes/No. You may also add Branch Logic to this question. If respondent clicks Yes, they will go to the next question. If they click No, you may send them to the end of the form or redirect to another link with a message. Redirecting can be done with the help of the Logical Redirect Plugin. |
Child consent | FORM does not target its website to children, and we will never knowingly collect personal information from children. To make sure that children are not filling out your forms and surveys, you may ask your respondents to confirm that they are above the age of 16. | A consent statement may be added with the help of a Pick One or Other question. For example: Question text: Before filling out this form, please confirm and warrant that you are at least 16 years of age. Answer options: Yes/No. You may also add Branch Logic to this question. If respondent clicks Yes, they will go to the next question. If they click No, you may send them to the end of the form or redirect to another link with a message. Redirecting can be done with the help of the Logical Redirect Plugin. |
Right of access | You can fulfill requests for access by retrieving the individual’s personal data from your account. | If a respondent requests their personal data which is stored in your account, you may find their response on the Manage Responses page, export it to PDF and provide it. If a respondent is also a Contact in one of your Contact managers, you may click the View button to see the list of forms/surveys in which they have participated. Then you may export their responses and provide them to that respondent. |
Right to rectification | You can update an individual’s data within your account at any time. | To update individual's data, find their response on the Manage Responses page and click the Edit button to make the necessary adjustments. Do not forget to click the Submit button at the end to resubmit this response. |
Right to erasure | You can securely dispose of an individual’s personal data whenever you need to, such as when it is no longer required or when an individual asks you to erase it. | You may delete responses individually or in bulk. For instructions, see Delete Responses. If an individual's personal data is stored in a Contact Manager or Data Model, you may find this record, select the checkbox next to it, and click the Delete Selected button. When you delete data from a Contact Manager or Data Model, this data gets wiped out and cannot be restored. So please take extra caution when deleting records. |
Right to object | You can stop processing an individual’s data within your account if the individual requests it. | If you distribute your forms and surveys by Sending email invitation with individual Form links, you may insert the [REMOVE] tag into the Email Invitation, which will allow your respondents to unsubscribe from receiving invitations or reminder messages to take the same form/survey in future. All variations of the Remove tag are described here (Tags for adding the Unsubscribe option). |
Right to data portability | You can comply with requests to move, copy, or transfer an individual’s data from the FORM digital environment. Our application allows you to provide the data in a readable and structured format. | You may find an individual response and click the Convert to PDF button to export it in that format. Alternatively, you may filter the Summary Report to include responses you need to export, and then you may use one of the Export options described on the Report Publishing page. If an individual's personal data is stored in a Contact Manager or Data Model, use the Search Contacts/ Search Objects field to find their record, then click the Export button. You may export records to Excel or CSV. |
Data Protection by Design and by Default | You can inform your respondents about the security measures FORM features to comply with the control of data processing required by the GDPR. | Here is a list of security measures which you may share:
|
Data Protection Officer | We appointed a Data Protection Officer to ensure compliance with data protection legislation, including GDPR. You can insert contact information for your own Data Protection Officer in forms/surveys, so that individuals can submit data requests. | The contact information of your organization's Data Protection Officer can be added using a Section Header question type. It can also be presented in a Form's introduction, Header/Footer, Thank you Page, etc. |