GDPR Compliance

GDPR Compliance

The General Data Protection Regulation (GDPR) provides consistent data protection to EU citizens. GDPR went into effect on May 25, 2018, and applies to any company that handles personal data from EU citizens and those living in the EU.

As a European company and processor of personal information, Refiner is committed to provide a fully GDPR compliant survey solution to all our customers.

Refiner as a Data Controller

Refiner is the Data Controller for your company information and the personal data of your team. Your company & personal data is stored safely in our EU data centers and handled in accordance with GDPR rules. Our Privacy Policy and Terms of Service describe in detail how your data is handled.

For billing & analytics purposes, Refiner might send your company data to sub-processors. We made sure that all the vendors we use as sub-processors are GDPR compliant. You can find a complete list of our sub-processors in our Privacy Policy.

Refiner as a Data Processor

Refiner acts as a Data Processor for your users’ data, as well as the survey responses that you collect from your users with our survey solution. As a customer of Refiner, you alone decide which personal data gets imported into your Refiner account, making you the Data Controller us the Data Processor.

By default, Refiner does not send your user data, or any survey data that you collect using our survey solution, to sub-processors. As a customer of Refiner, you alone decide when and how your users’ data gets exported to other systems, for example when using one of our cloud integrations. By default, your user data stay within our data centers and won’t leave the European Union.

Data Processing Agreement (DPA)

We can provide you a signed copy of our standard Data Processing Agreement (DPA) on request. If you want us to sign your own DPA, we might need to charge an additional one time fee allowing us to do a quick legal review. In both cases, please don’t hesitate to get in contact with our team.

Data Residency in the EU

The term Data Residency refers to the need that data must be stored in a specific geographical location, usually for regulatory, tax or policy reasons.

Our data centers are located in the European Union within the EU-WEST-1 (Ireland) data center of the AWS cloud.

Refiner might send your company data to sub-processors for analytics & billing purposes. However, Refiner does not send any of your users’ data or their survey responses to any third-party processor without your consent. Without any action from your side - for example when setting up one of our cloud integrations - all your users’ personal data and their survey responses stay on our servers and won’t leave the European Union.

If you are operating in a regulated industry and your organization requires different data residency than the European Union, we can offer that too! Please get in contact to discuss other data residency options.

Data Retention

By default, user data is retained in your account for as long as you maintain an active paid subscription, unless you delete it or configure shorter retention settings in your account.

You can delete individual user records on demand, purge environments, or configure automatic deletion of old user data. More information about these data lifecycle options is available in our documentation.

Refiner is not intended to be used as long-term archival or backup storage. Customers are responsible for exporting and backing up data they need to retain outside the Service.

After a subscription ends, user data may remain available for export for a limited retrieval period of up to 180 calendar days, after which it may be permanently deleted in accordance with our Terms of Service and Data Processing Agreement.

Other contractual agreements

To make it easier for you to comply with GDPR policies, we make our Data Processing Agreement, Terms of Service, and Privacy Policy publicly available for easy access.