Gdpr Compliance: Our Data Processing Agreement Explained

Data Processing Agreement – Enquete.com

This Data Processing Agreement (“Agreement”) governs the processing of personal data between the user of Enquete.com’s services (“Controller”) and Research Link, a company operating the Enquete.com platform (“Processor”). Enquete.com provides users with tools to create, distribute, and analyze online surveys, storing collected data, including potential personal data of respondents, on servers managed by Research Link. In this context, Research Link acts as the Processor, while the user acts as the Controller.

This Agreement is entered into in compliance with Article 28 of Regulation (EU) 2016/679 (GDPR). For further details, see our Privacy Policy.

I. Introductory Provisions

  1. This Agreement supplements the main Terms of Service (“Main Agreement”) entered into between the Controller and Processor for the use of Enquete.com services.

  2. The Processor provides the Controller with a survey platform for data collection and management, where data, including personal data, is stored on Processor-managed infrastructure.

  3. The Processor shall only process personal data within the European Economic Area unless otherwise agreed in compliance with GDPR Article 44 and following.

  4. The Processor affirms implementation of appropriate technical and organizational measures to ensure GDPR-compliant data protection (see Annex I).

  5. Both parties agree to maintain confidentiality and cooperate in good faith regarding data processing and information security.

II. Subject Matter of the Agreement

The Agreement specifies:

  • The Controller’s authorization to the Processor for data processing

  • The scope, purpose, and duration of processing

  • The technical and organizational safeguards

  • The rights and duties of both parties

III. Categories, Scope, Purpose, and Duration of Processing

  1. Data Subjects: Respondents who complete surveys via Enquete.com on behalf of the Controller.

  2. Scope of Data: May include names, email addresses, demographic information, opinions, or any other data entered by the respondent into the survey.

  3. Purpose: Data is processed solely for providing the agreed services—survey hosting, distribution, analytics, and reporting.

  4. Duration: Personal data shall be retained only as long as required to fulfill the Main Agreement or as directed in writing by the Controller. Upon termination, all data will be deleted or returned within 15 days unless retention is legally required.

IV. Obligations of the Processor

The Processor agrees to:

  • Act only on documented instructions from the Controller

  • Protect data with appropriate technical and organizational measures

  • Refrain from engaging sub-processors without prior approval from the Controller

  • Notify the Controller of any personal data breaches without undue delay

  • Assist in fulfilling data subject rights and regulatory obligations

  • Allow audits by the Controller or its designees

  • Maintain confidentiality throughout and beyond the term of this Agreement

V. Joint Obligations

Both parties agree to:

  • Implement security appropriate to the risks

  • Maintain records in line with GDPR Article 30

  • Handle data with confidentiality and integrity

  • Avoid unauthorized disclosures

  • Cooperate on legal and regulatory compliance

VI. Sub-Processors

The Controller grants general authorization for Enquete.com to engage sub-processors. A list of such sub-processors and their jurisdictions is available in our Privacy Policy. Any international data transfer will comply with GDPR Chapter V.

VII. Confidentiality

All information exchanged shall be considered confidential unless:

  • Publicly available through no breach

  • Lawfully obtained from a third party

  • Required to be disclosed by law

  • Previously approved for disclosure in writing

The Processor shall limit access to such information to authorized personnel under confidentiality obligations.

VIII. Data Protection Officer

Data Protection Officer
Research Link
Email: privacy@enquete.com

IX. Term and Termination

  • This Agreement takes effect upon user acceptance (e.g., by checking a box during registration).

  • Either party may terminate the Agreement in case of material breach.

  • Termination of the Main Agreement shall result in termination of this DPA.

X. Governing Law and Dispute Resolution

This Agreement is governed by Dutch law. Parties will seek to resolve disputes amicably; otherwise, jurisdiction lies with the competent court in the Netherlands.

Annex I – Technical & Organizational Measures

The Processor implements the following:

 

  • Secure access controls and user authentication

  • HTTPS encryption for all data transmission

  • Regular data backups and fire protection for data centers

  • Role-based access control

  • Monitoring and audit logs

  • Data retention and deletion policies

  • Employee training and confidentiality agreements

  • ISO/IEC 27001 certification (planned)