- Your survey data is owned by you. Not only that, but RiskRhino treats your surveys as if they were private (except if you have made the surveys available via a public link). We don’t sell them to anyone and we don’t use the survey responses, except in a limited set of circumstances (e.g. if we are compelled by a subpoena, or if you’ve given us permission to do so).
- Survey data is stored on servers in the Netherlands
- We don’t sell your responses to third parties. RiskRhino doesn’t sell or share your survey responses with third party advertisers or marketers.
Information we collect directly from you
- Registration information. You need a RiskRhino account before you can use surveys on RiskRhino. When you register for an account, we collect your username, password and email address.
- Billing information. If you make a payment to RiskRhino, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
- Account settings. Dependent on the RiskRhino app you are using you can set various preferences and personal details on pages like your account settings page. For example, your default language, timezone and communication preferences (e.g. opting in or out of receiving marketing emails from RiskRhino).
- Address book information. We allow you to import email addresses to invite other users of RiskRhino. We can use these email addresses for our own purposes or email these contacts for commercial purposes. We will not sell any email addresses you share with us.
- Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or participate in a RiskRhino contest.
Information we collect about you indirectly or passively when you interact with us
- Usage data. We collect usage data about you whenever you interact with our services. This may include which webpages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps.
- Device data. We collect data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. We may also infer your geographic location based on your IP address.
- Referral data. If you arrive at a RiskRhino website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
2. Why and how does RiskRhino use the information we collect?
- To provide you with our services.
- This includes providing you with customer support, which requires us to access your information to assist you (such as with survey design and creation or technical troubleshooting).
- In order to provide you with useful options to use the services or our additional services / other applications or services from the 3rd parties that have created the surveys.
- To manage our services. We internally use your information, including certain survey data, for the following limited purposes:
- To monitor maintain, and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, question and response data and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate or devise new features. We may use your information for internal purposes designed to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research and development purposes
- To prevent potentially illegal activities.
- To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- To create new services, features or content. We may use your survey data and survey metadata for our internal purposes to create and provide new services, features or content. In relation to survey metadata, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a survey and publish interesting observations about these for informational or marketing purposes. When we do this, survey respondents will be identified or identifiable unless we have obtained their permission.
- To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You can’t opt out of these communications since they are required to provide our services to you.
- To contact you for marketing purposes.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
3. Do we share or disclose your information?
- We do not sell your survey data
- We can disclose your survey data to third parties for a limited number of reasons: we can share your data with our service providers (e.g. survey creation partners). We contractually bind these service providers to keep your information confidential and to use it only for the purpose of providing their services. Furthermore we use service providers like payment processors which we provide with the relevant information to allow them to perform their payment services (e.g. credit card processors).
We may disclose:
- Your email address to your organization. If the email address under which you’ve registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses RiskRhino, and to assist the organization with its enterprise accounts. (Please do not use a work email address for our services unless you are authorized to do so, and are therefore comfortable with this disclosure.)
- Aggregated or de-identified information to third parties to improve or promote our services. No individuals can reasonably be identified or linked to any part of the information we share with third parties to improve or promote our services.
- Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
- Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between RiskRhino entities, you expressly consent to RiskRhino transferring your information to the new owner or successor entity so that we can continue providing our services. If required, RiskRhino will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
- Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)
4. What are your rights to your information?
- Update your account details. You can update your registration and other account information on your account page on www.riskrhino.com (dependent on the app you use). Information is updated immediately.
- Access and correct your personal information. As an account holder, you may access and correct certain personal information that RiskRhino holds about you by visiting your My Account page. Some account holders and other individuals (including those whose information we receive under the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor) have certain legal rights to obtain information of whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. For some information, these rights may be exercised through the My Account page mentioned above, and in all cases, requests to exercise these rights may be directed to our customer support (email@example.com) team. These rights are subject to some exceptions, such as where giving you access would have an unreasonable impact on the privacy of other individuals. We will respond to your request to exercise these rights within a reasonable time and, where required by law or where we deem it otherwise appropriate and practicable to do so, we will honor your request.
- Download/backup your survey data. Depending on what subscription plan you have, we provide you with the ability to export, share and publish your surveys and survey data in a variety of formats. This allows you to create your own backups, create your own surveys, distribute surveys etc.
- Delete your survey data. Deleting survey data will not permanently delete survey data immediately. As long as you maintain an account with us, we may retain your deleted data for a limited time. To the extent permitted by law, we will permanently delete your data if you request to cancel your account.
- Cancel your account. To cancel and delete your account, please contact customer support. Deleting your account will cause all the survey data in the account to be permanently deleted from our systems within a reasonable time period, as permitted by law, and will disable your access to any other services that require a RiskRhino account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
5. Security, cookies and other important information
- Security. We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the Internet. If you have any questions about the security of your personal information, contact customer support.
- Data locations. Our servers currently are based in the Netherlands, so your personal information will be hosted and processed by us in the Netherlands. Your personal information may also be processed in, or transferred or disclosed to, countries in which RiskRhino subsidiaries and offices are located and in which our service providers are located or have servers.
- To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to RiskRhino.
- To advertise to you. We, or our service providers and other third parties we work with, may place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we may evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services. If you don’t want to receive ads that are tailored to you based on your anonymous online activity, you may “opt out”. Opting out in this way does not mean you will not receive any ads; it just means that you will not receive ads from such companies that have been tailored to you based on your activities and inferred preferences.
- Google Analytics. In addition to the above, we can implement on our websites and other services certain Google Analytics features that support Display Advertising, including re-targeting. Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.
- Safety of Children and COPPA. Our services are not intended for and may not permissibly be used by individuals under the age of 13. RiskRhino does not knowingly collect personal data from persons under 13 or allow them to register. If it comes to our attention that we have collected personal data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
6. Additional information for European Union users
RiskRhino provides its services to users in the EU.
- “Personal data”. For users located in the EU, references to “personal information” in this policy are equivalent to what is commonly referred to as “personal data” in the EU.
- Accessing and correcting your personal data. You have the right to access and correct the personal information that RiskRhino holds about you. This right may be exercised by visiting your account via www.RiskRhino.com or by contacting customer support (firstname.lastname@example.org).
- Your responsibilities. By using our services, you agree to comply with applicable data protection requirements when collecting and using your survey data, such as requirements to inform respondents about the specific uses and disclosures of their data.
- That we may transfer your data to data processors located in countries (including the United States) that do not have data protection laws that provide the same level of protection that exists in countries in the European Economic Area.
- Allow us to share your (personal) data with relevant persons that work for service providers who assist us to provide our services.
7. Additional information for Canadian users
- The U.S. Patriot Act can affect the personal information of Canadian users.
8. Additional information for Japanese users
9. Additional information for Brazilian users
10. Additional information for Australian users
- If you are dissatisfied with our handling of your complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) by contacting the OAIC using the methods listed on their website at http://www.oaic.gov.au. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.