Following are some common questions we are asked about how we handle your data.
Is the data we collect from participants stored on the cloud in addition to being stored on the servers in the data centre in Montreal?
All data is stored on dedicated infrastructure in Montreal. Encrypted backups are stored in separate NAS backup appliances also located in the Montreal region.
Who there has access to the data that I collect from participants? Can anyone working there view it?
We have two senior technicians who have access our data infrastructure. Otherwise, staff cannot access your survey account and data unless you expressly provide them with login credentials to your account in order for them to provide you with extended support.
How long do you keep the data that I collect from participants? Is it ever destroyed, and if so, after how long?
We store data only as long as you're a subscriber of our service. As soon as you terminate your account, and all data including backups is irrevocably destroyed (see Section 9.1 of our Terms of Service)
Is the data that I collect from participants ever released to third parties under any circumstances? Who is the data we collect from participants shared with? Do you need our consent to share the data we have collected from participants?
Your data is never shared with any 3rd parties (see Section 3.1 of our Terms of Service). Data you collect from your participants is not shared with anyone. The only except would be if we were required by law enforcing agencies or a court order.
Do you ever use or disclose the data that we collect from participants?
We never use or disclose the data that you collect from your participants. See Section 3.1 of our Terms of Service.
What securities are in place when participants complete the actual survey (e.g., to prevent others on the Internet from viewing their responses)? Is the Internet connection secure?
We offer an optional add-on of end-to-end encryption on all our accounts. This is the same encryption used by banks to secure data in transit over the internet. This has a fee of $19.99/month, and can be added to an account at any time.
I read that we can use secure, encrypted internet connections (encrypted SSL connections). Do participants need a password to log into the survey if we use this option?
No, participants do not require a password to access a survey as it pertains to SSL connections. See the previous paragraph for information about SSL. You can run your survey as a “closed survey”, and if you do this, then your participants must have a token (aka key/password) to access your survey and their response.
Is there a way to password protect the actual survey?
The preferred method is to run a closed survey and use participant management to invite participants. Participant management creates a token (aka key/password) per participant – without the token, the participant cannot access the survey.
What securities are in place while the participant moves from the SONA system to the survey (so their SONA info is protected)?
The only information SONA (or any other participant panel) passes to our platform is a unique participant key, which has in and of itself no personally identifying information associated with it. SONA uses SSL, and as long as you have SSL on your survey account, the key is passed security from SONA to our platform. It is up to you whether you choose to save the SONA key as part of your survey (you can just “pass through” the SONA key and return it back to SONA without permanently storing the value with your survey).
Since nothing other than the SONA key is passed to our platform, any other requirement to protect SONA data would lie with SONA themselves.
What does it mean when “data is at rest”? I read that there is “data at rest encryption”.
Data Encryption at Rest means that the database itself is encrypted. This is helpful in the case where a physical disk is removed from a server – the data “at rest” (meaning sitting on the hard drive) is encrypted, and thus cannot be accessed or read).
Are there any security measures in place when I export my data from your website?
As long as you have SSL, the data from your survey account will be encrypted during transit over the internet. Once you have downloaded the data to your work computer or other device, the data is human-readable and it is now in your hands and we cannot protect it for you -- you must take all requirement steps to protect the data. You may want to research options to encrypt the data while at rest on your own devices (for example, you could use the OpenSource tool VeraCrypt for Windows)
I want to clarify this statement – “Customers should note that as part of the PHIPA compliancy, information stored and user consent is given to the data provider (i.e you) that obtains and maintains the data, not the hosting provider “ Does this mean that the data we collect from participants is given to us/you don’t keep the data, and that if you want to use the data we need to give you our consent?
This means that if you obtain consent and collect personal data from participants and it falls under PHIPA, by collecting that information, permission and consent has been granted to you directly – it does not imply that Hosted in Canada Surveys has requested and been provided permission to collect this information.
And thus, data you collect is yours, not ours (as already previously stated in our Terms of Service referred to abo ve), and thus if we wanted to use the data you collect, you need to give us consent.