Data Request Policy

1. The Basics

1. We at SurveySparrow may receive requests from government agencies, users and other third parties to disclose data other than in the ordinary operation and provision of the services. 
2. This policy sets out the procedure for responding to such requests to disclose personal information processed by SurveySparrow (hereinafter referred to as “Data Disclosure Request”). 

2. Requests for customer data by individuals

1. Customer owns the Customer Data and generally gets to decide what to do with all Customer Data put into the SurveySparrow platform. Therefore, individuals who want access to Customer Data or want Customer Data to be removed should contact the customer regarding such requests.
2. While SurveySparrow does defer to the customer for most decisions regarding the removal of Customer Data, SurveySparrow reserves the right to remove Customer Data that violates its policies or applicable law. “Customer Data” means any information or data that is made available or provided by the customer or its users, survey respondents  to SurveySparrow  or its representatives, including but not limited to survey responses, data, feedback, and other information and data related to the Services.

3. Requests for customer data by legal authority

1. SurveySparrow will only disclose Customer Data in response to valid legal process and to the extent permitted by law. Upon such request we shall reasonably cooperate in challenging or restricting the scope of such required disclosure.
2. All requests by courts, government agencies, or parties involved in litigation for Customer Data disclosures should be sent to [email protected]  and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Customer Data being requested, including the relevant customer’s name and relevant authorized User’s name (if applicable). Requests should be prepared and served in accordance with applicable law. 
3. If legally permitted, the customer will be responsible for any costs arising from SurveySparrow’s response to such requests.

4. Handling of data requests

1. Any Data Disclosure Request, however made, must be notified to the data protection officer for review.
2. SurveySparrow’s data protection officer will carefully review every Data Disclosure Request on a case-by-case basis. 
3. The DPO & legal team may liaise with outside counsel as appropriate to deal with the request. 

5. Notices

  a. Notice to the customer

(i) Unless SurveySparrow is legally prohibited from doing so or there is a clear indication of illegal conduct or risk of harm, SurveySparrow will notify the Customer of the request before disclosing any of the customer’s Customer Data so that the customer may seek legal remedies.

(ii) If a request concerns personal information for which a customer is the controller, SurveySparrow will ordinarily ask the relevant authority to make the Data Disclosure Request directly to the relevant customer. If the authority agrees, SurveySparrow will support the Customer in accordance with the terms of its contract to respond to the Data Disclosure Request.

  b. Notice to the competent data protection authorities.

(i) If the requesting authority is in a country that does not provide an adequate level of protection for the personal information in accordance with applicable data protection laws, then SurveySparrow will also put the request on hold to notify and consult with the competent data protection authorities, unless legally prohibited or where an imminent risk of serious harm exists that prohibits prior notification. 

(ii) SurveySparrow will use its best efforts to inform the requesting authority about its obligations under applicable data protection law.

6. Data Request Transparency.

SurveySparrow is committed to maintaining transparency with its customers and users. As of the date of this policy, we have not received any government requests for data disclosure. We will continue to update this information periodically to keep our customers and users informed about any such requests we receive in the future.