We greatly appreciate the trust you place in us and in our product. Making Survio secure is our standard. Here's how we do it.
Immediate protection of all data processed in the Survio application has the highest priority, which is why we constantly strive to apply measures leading to maximum security and integrity. At the same time, we provide transparent information regarding all security processes that we follow in these respects. Survio thus fully meets the strictest EU standards, see the Data Processing Agreement.
Survio is accredited according to the ISO 27001 standard. This standard requires a systematic examination of all risks related to information security. We regularly update our information security policies to reduce the risk. The certification verifies that we follow international best practices for information security and that all information about our clients is safe. This proves to our customers that we take the security of their data very seriously.
The processing and handling of stored personal data (including responses) complies with the strict rules imposed by the GDPR and European legislation (regulations and directives of the European Parliament, the EU Commission and the Council of Europe). As part of meeting the conditions of the GDPR directive, we have decided to voluntarily apply the strictest rules that exist throughout the EU, given by the German version. See our Privacy Policy for more information.
Every survey created in Survio is protected by a security certificate. Communication between the user’s device and Survio, creation of a survey, individual answers from respondents - everything is encrypted by an internationally recognized SSL certificate with extended validation, the so-called Organization Validated SSL certificate. This certificate was issued to us by the international authority DigiCert (formerly Symantec), which verifies the identities of certificate owners. It is therefore not possible to fake the certificate and issue it on behalf of Survio without our knowledge. The certificate is of such high quality that DigiCert insures the certificate we use for 1.5 million USD against its breaking.
The exchange of personal data between the European Union, the United States of America and Switzerland is subject to the data security and protection rules that Survio s.r.o. undertook to comply according to the Privacy Shield Framework set of regulations, which replaced the original Safe Harbor Framework. See the Privacy Shield website for more information.
All accounts in Survio are secured against theft or any unwanted manipulation. We strictly verify all requests as to whether they actually come from account holders. Thus, it is not possible to steal an account in Survio if the user observes the basic security rules.
Only the user - the owner of the account - may handle data related to this specific account. A regular employee of Survio s.r.o. does not have access to user accounts or their data. Only authorized developers of Survio s.r.o., who are properly trained in the field of data security and protection and are subject to strict security rules precisely set in the company’s internal processes and who have also signed the NDA, enter the system database. These people never work with user data, but focus exclusively on the functionality of the Survio system.
The created surveys and received answers are stored on the Microsoft Azure Cloud. Microsoft Azure Cloud also owns ISO 27000 certification, as well as SOC1 and SOC2 (US equivalent of ISO 27001). Some data are also stored on our servers located in the Czech Republic. Data is backed up regularly every day. Even during these transmissions, all data is encrypted.
The Sender Policy Framework method used by Survio serves to verify e-mail addresses. It is designed to detect forgery of senders’ addresses during e-mail delivery.
All payments for the use of premium accounts and Survio application services are made on the exclusive representation of our partner cleverbridge AG, which meets the strictest rules of payment transactions. Specifically, these are:
(Payment Card Industry Data Security Standard) - currently the highest standard for securing on-line payments.
(Transport Layer Security) - sales and data transfer security that ensures that all information between your computer and Cleverbridge is encrypted and secured.
Cleverbridge has a security certificate from the internationally known McAfee antivirus program.
Cleverbridge payment system security award by an international authority in the Cloud Data Privacy Program Requirements.
Inspection and tests of operational procedures by a leading independent auditor
Survio s.r.o. meets all the rules under this amended directive, in connection with increased security of customers and non-cash payments made by these customers within the EU.
All on-line transactions are secured by state-of-the-art encryption layers and tests are regularly performed on the effectiveness of mechanisms to protect the confidentiality, authenticity and integrity of payment transaction information. Survio s.r.o. complies with the protection of personal data in the payment system subject to the rules of the GDPR and implements certified procedures for resolving incidents.
For unexpected events, Survio s.r.o. compiled a set of procedures on the basis of which the situation is investigated, the method of solution is determined, notifications are sent to all users in accordance with valid legal regulations, and the functionality of the system is restored.
Survio s.r.o. takes care to keep its users as aware as possible in relation to the protection and security of their accounts.
All other safety information can be found in the following documents:
