Privacy Policy

This privacy policy explains how RiskRhino handles your personal information and data.

This privacy policy applies to all the products, services, apps and websites offered by Ba-Professional b.v. registered in the Netherlands (trade name: We refer to those products, services, apps and websites collectively as the “services” in this policy.

1. Data

  • Your survey data is owned by you. Not only that, but RiskRhino treats your surveys as if they were private (except if you have made the surveys available via a public link). We don’t sell them to anyone and we don’t use the survey responses, except in a limited set of circumstances (e.g. if we are compelled by a subpoena, or if you’ve given us permission to do so).
  • Survey data is stored on servers in the Netherlands
  • We don’t sell your responses to third parties. RiskRhino doesn’t sell or share your survey responses with third party advertisers or marketers.

Information we collect directly from you

    • Registration information. You need a RiskRhino account before you can use surveys on RiskRhino. When you register for an account, we collect your username, password and email address.
    • Billing information. If you make a payment to RiskRhino, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
    • Account settings. Dependent on the RiskRhino app you are using you can set various preferences and personal details on pages like your account settings page. For example, your default language, timezone and communication preferences (e.g. opting in or out of receiving marketing emails from RiskRhino).
    • Address book information. We allow you to import email addresses to invite other users of RiskRhino. We can use these email addresses for our own purposes or email these contacts for commercial purposes. We will not sell any email addresses you share with us.
    • Survey data. We store your survey data (questions and responses) for you. We do not use your survey data in any other way other than explicitly described in this Privacy Policy
    • Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or participate in a RiskRhino contest.

Information we collect about you indirectly or passively when you interact with us

    • Usage data. We collect usage data about you whenever you interact with our services. This may include which webpages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps.
    • Device data. We collect data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. We may also infer your geographic location based on your IP address.
    • Referral data. If you arrive at a RiskRhino website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

2. Why and how does RiskRhino use the information we collect?

  • To provide you with our services.
      • This includes providing you with customer support, which requires us to access your information to assist you (such as with survey design and creation or technical troubleshooting).
      • In order to provide you with useful options to use the services or our additional services / other applications or services from the 3rd parties that have created the surveys.
    • To manage our services. We internally use your information, including certain survey data, for the following limited purposes:
      • To monitor maintain, and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, question and response data and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate or devise new features. We may use your information for internal purposes designed to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research and development purposes
      • To enforce our Terms of Use.
      • To prevent potentially illegal activities.
      • To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
    • To create new services, features or content. We may use your survey data and survey metadata for our internal purposes to create and provide new services, features or content. In relation to survey metadata, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a survey and publish interesting observations about these for informational or marketing purposes. When we do this, survey respondents will be identified or identifiable unless we have obtained their permission.
    • To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You can’t opt out of these communications since they are required to provide our services to you.
    • To contact you for marketing purposes. 
    • To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

3. Do we share or disclose your information?

  • We do not sell your survey data
  • We can disclose your survey data to third parties for a limited number of reasons: we can share your data with our service providers (e.g. survey creation partners). We contractually bind these service providers to keep your information confidential and to use it only for the purpose of providing their services. Furthermore we use service providers like payment processors which we provide with the relevant information to allow them to perform their payment services (e.g. credit card processors).

We may disclose:

    • Your information to our service providers. We use service providers who help us to provide you with our services. We give relevant persons working for some of these providers access to your information, but only to the extent necessary for them to perform their services for us. We also implement reasonable contractual and technical protections to ensure the confidentiality of your personal information and data is maintained, used only for the provision of their services to us, and handled in accordance with this privacy policy. Examples of service providers include payment processors, hosting services, email service providers, and web traffic analytics tools.
    • Your account details to your billing contact. If your details (as the account holder) are different to the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request (we also will usually attempt to notify you of such requests). By using our services and agreeing to this privacy policy, you consent to this disclosure.
    • Your email address to your organization. If the email address under which you’ve registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses RiskRhino, and to assist the organization with its enterprise accounts. (Please do not use a work email address for our services unless you are authorized to do so, and are therefore comfortable with this disclosure.)
    • Aggregated or de-identified information to third parties to improve or promote our services. No individuals can reasonably be identified or linked to any part of the information we share with third parties to improve or promote our services.
    • The presence of a cookie to advertise our services. We may ask advertising networks and exchanges to display ads promoting our services on other websites. We may ask them to deliver those ads based on the presence of a cookie, but in doing so will not share any other personal information with the advertiser. Our advertising network partners may use cookies and page tags or web beacons to collect certain non-personal information about your activities on this and other websites to provide you with targeted advertising based upon your interests.
    • Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
    • Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between RiskRhino entities, you expressly consent to RiskRhino transferring your information to the new owner or successor entity so that we can continue providing our services. If required, RiskRhino will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
    • Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)

4. What are your rights to your information?

You can:

    • Update your account details. You can update your registration and other account information on your account page on (dependent on the app you use). Information is updated immediately.
    • Access and correct your personal information. As an account holder, you may access and correct certain personal information that RiskRhino holds about you by visiting your My Account page.  Some account holders and other individuals (including those whose information we receive under the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor) have certain legal rights to obtain information of whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances.  For some information, these rights may be exercised through the My Account page mentioned above, and in all cases, requests to exercise these rights may be directed to our customer support ( team. These rights are subject to some exceptions, such as where giving you access would have an unreasonable impact on the privacy of other individuals. We will respond to your request to exercise these rights within a reasonable time and, where required by law or where we deem it otherwise appropriate and practicable to do so, we will honor your request.
    • Download/backup your survey data. Depending on what subscription plan you have, we provide you with the ability to export, share and publish your surveys and survey data in a variety of formats. This allows you to create your own backups, create your own surveys, distribute surveys etc.
    • Delete your survey data. Deleting survey data will not permanently delete survey data immediately. As long as you maintain an account with us, we may retain your deleted data for a limited time. To the extent permitted by law, we will permanently delete your data if you request to cancel your account.
    • Cancel your account. To cancel and delete your account, please contact customer support. Deleting your account will cause all the survey data in the account to be permanently deleted from our systems within a reasonable time period, as permitted by law, and will disable your access to any other services that require a RiskRhino account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).

5. Security, cookies and other important information

  • Changes to this Privacy Policy. RiskRhino may from time to time modify its privacy policy. We will publish new versions of this privacy policy on our website Please review our website from time to time. If you do not agree with the privacy policy, you can cancel your license / use of the app. If you continue to use the app you implicitly agree with the privacy policy.
  • Security.  We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the Internet. If you have any questions about the security of your personal information, contact customer support.
  • Data locations. Our servers currently are based in the Netherlands, so your personal information will be hosted and processed by us in the Netherlands. Your personal information may also be processed in, or transferred or disclosed to, countries in which RiskRhino subsidiaries and offices are located and in which our service providers are located or have servers.
  • Cookies. We and our partners use cookies and similar technologies on our websites. Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies and similar technologies for several reasons:
    • To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to RiskRhino.
    • For security reasons. We use cookies to authenticate your identity, such as confirming whether you are currently logged into RiskRhino.
    • To provide you with personalized content. We may store user preferences, such as your default language, in cookies to personalize the content you see. We also use cookies to ensure that users can’t retake certain surveys that they have already completed.
    • To improve our services. We use cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our services and optimize the content we display to users.
    • To advertise to you. We, or our service providers and other third parties we work with, may place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we may evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services. If you don’t want to receive ads that are tailored to you based on your anonymous online activity, you may “opt out”. Opting out in this way does not mean you will not receive any ads; it just means that you will not receive ads from such companies that have been tailored to you based on your activities and inferred preferences.
    • Google Analytics. In addition to the above, we can implement on our websites and other services certain Google Analytics features that support Display Advertising, including re-targeting. Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.
  • We know cookies are useful for your user experience, but you can still choose to remove or disable cookies via your browser. Refer to your web browser’s configuration documentation to learn how to do this. Please note that doing this may adversely impact your ability to use our services. Enabling cookies ensures a smoother experience when using our websites. By using our websites and agreeing to this privacy policy, you expressly consent to the use of cookies as described in this policy.
  • Blogs and Forums. Our websites may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these areas of our site. To request removal of your personal information from our blog or community forum, contact customer support. In some cases, we may not be able to fulfill your request and we will let you know why. Commenting systems on our blogs are managed by a third party application that may require you to register to post a comment. Please review that application’s privacy policy to learn how the third party uses your information.
  • Safety of Children and COPPA. Our services are not intended for and may not permissibly be used by individuals under the age of 13. RiskRhino does not knowingly collect personal data from persons under 13 or allow them to register. If it comes to our attention that we have collected personal data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
  • English version controls. If non-English translations of this privacy policy are provided for convenience then in the event of any ambiguity or conflict between translations, the English version is authoritative.

6. Additional information for European Union users

RiskRhino provides its services to users in the EU.

    • Personal data”. For users located in the EU, references to “personal information” in this policy are equivalent to what is commonly referred to as “personal data” in the EU.
    • About IP addresses. Our servers record the incoming IP addresses of visitors to our websites (whether or not the visitor has a RiskRhino account) and store the IP addresses in log files. We use these log files for purposes such as system administration and maintenance, record keeping, tracking referring web sites, inferring your location, and security purposes (e.g. controlling abuse, spam and DDOS attacks). We also store IP addresses along with certain actions you take on our system. By agreeing to this privacy policy, you expressly consent to RiskRhino using your IP address for the foregoing purposes. If you wish to opt out from the foregoing consent to use your IP address, you must cancel your account (if you have one).
    • Data controller. RiskRhino is the data controller for registration, billing and other account information that we collect from users in the EU. However, the data controller for survey data is the survey owner. The survey owner determines how their survey questions and responses are used and disclosed. RiskRhino only processes such survey data in accordance with the instructions and permissions (including those given under this privacy policy) selected by the survey creator when they create and administer their survey.
    • Accessing and correcting your personal data. You have the right to access and correct the personal information that RiskRhino holds about you. This right may be exercised by visiting your account via or by contacting customer support (
    • Your responsibilities. By using our services, you agree to comply with applicable data protection requirements when collecting and using your survey data, such as requirements to inform respondents about the specific uses and disclosures of their data.

By clicking ‘I agree’ or any other button indicating your acceptance of this privacy policy, you express consent to:

  • The collection, use, disclosure and processing of your personal data and survey data as described in this privacy policy including the use of cookies, IP addresses and log files as described.
  • That we may transfer your data to data processors located in countries (including the United States) that do not have data protection laws that provide the same level of protection that exists in countries in the European Economic Area.
  • Allow us to share your (personal) data with relevant persons that work for service providers who assist us to provide our services.

7. Additional information for Canadian users

  • The U.S. Patriot Act can affect the personal information of Canadian users.

8. Additional information for Japanese users

  • You agree that you are responsible for notifying the respondents of surveys that you create using our services about how RiskRhino may use the respondents’ survey responses and personal data as described in this privacy policy and obtaining prior consent from respondents to disclose their personal data to RiskRhino.

9. Additional information for Brazilian users

  • The personal information collected, stored, used and/or processed by RiskRhino, as described in this privacy policy, are collected, stored, used and/or processed in accordance with Brazilian Law No. 12,965/2014. By clicking “I Agree” or any other button indicating your acceptance of this privacy policy, you expressly consent to the collection, use, storage and processing of your personal information by RiskRhino as described.

10. Additional information for Australian users

  • If you are dissatisfied with our handling of your complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) by contacting the OAIC using the methods listed on their website at Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.