The General Data Protection Regulation (GDPR) provides consistent data protection to EU citizens. GDPR went into effect on May 25, 2018, and applies to any company that handles personal data from EU citizens and those living in the EU.
As a European company and processor of personal information, Refiner is committed to provide a fully GDPR compliant survey solution to all our customers.
Refiner as a Data Controller
Refiner is the Data Controller for your company information and the personal data of your team. Your company & personal data is stored safely in our EU data centers and handled in accordance with GDPR rules. Our Privacy Policy and Terms of Service describe in detail how your data is handled.
For billing & analytics purposes, Refiner might send your company data to sub-processors. We made sure that all the vendors we use as sub-processors are GDPR compliant. You can find a complete list of our sub-processors in our Data Processing Agreement (DPA).
Refiner as a Data Processor
Refiner acts as a Data Processor for your users' data, as well as the survey responses that you collect from your users with our survey solution. As a customer of Refiner, you alone decide which personal data gets imported into your Refiner account, making you the Data Controller us the Data Processor.
Refiner does not send your users' personal data, or any survey data that you collect using our survey solution, to sub-processors. As a customer of Refiner, you alone decide when and how your users' data gets exported to other systems, for example when using one of our cloud integrations. By default, your users' personal data and their survey responses stay within our data centers and won't leave the European Union at any moment.
Data Residency in the EU
The term Data Residency refers to the need that data must be stored in a specific geographical location, usually for regulatory, tax or policy reasons.
Our data centers are located in the European Union within the EU-WEST-1 (Ireland) data center of the AWS cloud.
Refiner might send your company data to sub-processors for analytics & billing purposes. However, Refiner does not send any of your users' data or their survey responses to any third-party processor without your consent. Without any action from your side - for example when setting up one of our cloud integrations - all your users' personal data and their survey responses stay on our servers and won't leave the European Union.
If you are operating in a regulated industry and your organization requires different data residency than the European Union, we can offer that too! Please get in contact to discuss other data residency options.
Data Retention
By default, your user data is kept in your account until you cancel your subscription with us.
We provide various methods to delete individual user records on demand, or to remove old user data automatically from our system. You can find more information about our data lifecycle options in our documentation.
Data Processing Agreement (DPA)
We can provide you a signed copy of our standard Data Processing Agreement (DPA) on request. If you want us to sign your own DPA, we might need to charge an additional one time fee allowing us to do a quick legal review. In both cases, please don't hesitate to get in contact with our team.
Other contractual agreements
To make it easier for you to comply with GDPR policies, we make our Data Processing Agreement, Terms of Service, and Privacy Policy publicly available for easy access.