Raccomandazione: Enable European data residency to keep client data within regional boundaries. With Qualtrics you can store data solely in european data centers for months, ensuring emails and responses reside in EU infrastructure. This supports your intellectual property protections, meets privacy obligations, and provides a clear resolution for data handling across mobile devices and websites.
Data minimization and consent: capture consent at the point of collection, store only what you need, and set retention to months that fit your risk profile. Over time, adjust retention windows based on audit findings. Ensure your policies are rilevante and reflected in the UI. Use transactions logs to verify access and detect invisible access attempts across mobile and websites.
Security controls: enforce TLS 1.2+ in transit, encryption at rest, and role-based access control. Schedule monthly reviews of access rights and privacy controls for your team. Maintain emails data separation and ensure audit trails cover data exports and potential disclosures in transactions.
Policy updates and rights: when the policy changes, you will receive emails describing what is new. Provide customers with a way to exercise rights and export data. Ensure the changes remain relevant to your processes and update your websites and mobile experiences accordingly.
Implementation checklist: enable EU data residency; set data retention months; enable consent collection; enable encryption and access controls; enable monitoring and alerting for unusual activity; generate monthly reports on data access. By following these steps you reduce risk and build trust across transactions.
What Data Qualtrics Collects and Why
If you wish to limit what Qualtrics collects, customize your data settings now and proceed with targeted controls on the page you interact with.
What data Qualtrics collects
Qualtrics collects the name you provide and the answers you submit, with time stamps for each response. It logs page views, time on page, and related actions, and it records data from devices and cookie data to tailor experiences. Billing information may appear on invoices, and the data form a dataset used to operate your account and generate insights. The system stores this information to support access, reporting, and customer service, with a clear trail of activities tied to your name and page visits.
Why Qualtrics collects data
Qualtrics collects data to learn how people engage with surveys, to operate the service, and to deliver timely responses. There is a process that flags a potential violation and logs related data when anomalies occur. Data are shared with and received by partners who provide analytics, hosting, and support. Transfers may move data to servers in Utah and European facilities to meet regional requirements; access is limited to personnel with a legitimate and reasonable need. The goal is to detect violations, protect user accounts, and keep your data safe, while enabling you to review and manage the data you knowingly provide. If you wish, you can opt out of nonessential processing and still use core features.
To optimize control, customize cookie settings on the page and opt out of nonessential data sharing with partners. For example, remove nonessential data from forms and schedule removal of old entries after a defined time. If you need data removed, submit a request; you can choose to remove specific items or clear datasets, and Qualtrics will confirm when the data are removed.
Where Data Is Stored, Transferred, and Protected
Store data exclusively in regional data centers operated by authorized providers that meet our security framework and applicable laws. Encryption technologies designed to protect data at rest and in transit deploy AES-256 for storage and TLS 1.2+ for network traffic, with keys managed through a dedicated key-management service. Access controls enforce least privilege, and every access is logged and reviewed regularly.
Provided roles determine access to identifiers and personal information; only staff and contractors with a documented need can view data. For students and organizations, this means support teams access de-identified or aggregated datasets and researchers work with anonymized identifiers wherever possible. Please keep to the minimum necessary data and avoid excessive collection; feedback is collected through approved channels and used to improve safeguards, not to target individuals.
Data Residency and Security Controls
Data remains under the jurisdiction of the policy and resides in data centers aligned with the framework. There, visit the official policy portal to see data-location maps and cross-border transfer rules. We require formal reviews of any third-party provider and maintain contractual protections covering confidentiality, breach notification, and data-retention terms.
Cross-Border Transfers, Access, and Dispute Resolution
When data crosses borders, we rely on recognized mechanisms such as standard contractual clauses or equivalent safeguards. Transfers are limited to what is necessary to provide the platform and services, avoiding excessive exposure. Access to data is restricted to targeted teams for defined purposes; identifiers may be replaced with pseudonyms in shared datasets. We monitor attempts of accessing data to identify unusual patterns and maintain audit trails to support review processes. Customization options let you adjust privacy settings across official platforms. We do not sell data; this policy ensures transparency about data usage and provides feedback channels to users.
In case of disputes, parties may seek resolution through the court in the relevant jurisdiction or via agreed arbitration. We respond to lawful access requests promptly and suspend processing when required by law or court order. The dispute process remains accessible through official channels, and updates are posted on the platforms to keep users informed.
Cross-Site Data Sharing: Third-Party and Other Services
Always require the name and an additional data-sharing addendum from any third-party service before transferring data; obtain explicit written consent and limit the scope to what is strictly necessary for your program and customers.
What we share and with whom
We read contracts with named companies to ensure applicable privacy controls. We share minimal data with these companies, only what's needed to support the program and to operate the system. Data may include identifiers, activity logs, and non-sensitive recordings where applicable; we avoid transfer of excessive data and prevent interest-based profiling. We verify the company's design, security measures, and read-only access for our team, and we ensure cookies are used only for legitimate purposes. We require the name of the partner and the program it supports, and we confirm backup procedures. Processing occurs on secured computer systems, and data may travel across the internet to reach processors. For child data, we apply heightened safeguards and only process with parental consent where allowed by law. In utah, we align with state standards when applicable.
Controls, standards, and customer rights
We maintain a standard policy across all vendors. Each program must implement strong access control, audit logs, and clear data-handling responsibilities. We monitor data flows to prevent excessive exposure and ensure that their handling remains within the defined scope. Customers can read, export, delete, or restrict their data and opt out of cross-site data sharing. Our backup copies are encrypted and stored under our control, whether in the cloud or on-premises, with retention aligned to applicable requirements. We handle government requests through formal channels and document every demand. Also, we provide a simple interface to disable cross-site cookies and manage consents. We identify every company by name in the data processing agreement, and we keep records of processing activities for customers to read.
| Vendor | Data Shared | Purpose | Retention | Controls |
|---|---|---|---|---|
| Vendor A (name) | Identifiers, activity logs, cookies | Service operation and reliability | 12 mesi | Access controls, DPA |
| Vendor B (name) | Recordings (where applicable), backup copies | Support and analytics | 6–24 months | Encryption at rest, audit trails |
User Rights: Access, Correction, and Deletion Requests
Engage by submitting an Access request via the secure privacy portal or by contacting our privacy team. To speed processing, include your full name, the email associated with your account, and a concise description of the data you want to review, such as session history, identifiers, or analytics records.
We maintain a live inventory of personal data and processing activities to support your rights; after submission, we report on each item linked to your identity and the processing steps we operate.
Access: we provide a portable copy of the data we maintain that relates to your account, including identifiers, contact details, and data logs, using session data. Data is delivered in CSV or JSON format; we redact elements necessary to protect others' privacy or security.
Correction: if you find inaccuracies, submit a Correction request with the exact field and value; we verify against internal sources, apply changes in the primary store, and issue a revised copy along with a short summary of adjustments.
Deletion: you may request removal of personal data from active processing; we assess legal obligations and business needs. If deletion is feasible, we remove from primary systems and anonymize backups; if not, we provide a clear rationale and offer de-identification or restriction where possible.
Timeline and response expectations: we acknowledge requests within a few days and provide a final decision within 15 days for straightforward cases; for complex records, we extend once by up to 15 days with a documented reason. You will receive a report detailing actions taken.
Security and accountability: we operate with secure transmission and role-based access; internal audits log actions to manage risk. If you have concerns or suspect a violation, contact us immediately and we will engage with you to address the issue. We welcome questions and feedback throughout the process to improve safeguards.
Utilizzo dei dati per la ricerca e il miglioramento: i dati possono essere utilizzati per migliorare prodotti e servizi sotto stretti controlli; i dati personali non vengono condivisi con gruppi esterni senza consenso. Puoi richiedere informazioni sull'elaborazione relativa alla ricerca nell'ambito dei tuoi diritti, e il tuo feedback aiuta a perfezionare la gestione dei rischi e le pratiche sulla privacy.
Notifica di violazione: tempistiche e rimedi per i clienti
Inizia con un piano d'azione concreto: entro 24 ore dalla scoperta di una violazione che influisce sui dati personali, attiva il team di risposta agli incidenti e proteggi i sistemi interessati per conto dell'azienda. In Minnesota, segui le leggi statali sulla notifica delle violazioni; informa gli individui senza indebito ritardo. Prepara le comunicazioni utilizzando un modello pronto e imposta una linea di supporto e un'email dedicata per le domande dei clienti. Assicurati che il linguaggio sia chiaro, che gli elementi di dati coinvolti siano descritti e che i passaggi che i clienti devono intraprendere per proteggersi siano al centro dell'attenzione. Allinea questo sia con le impostazioni interne che con gli obblighi dei fornitori, inclusi i processori di terze parti.
Timelines
- Scoperta e contenimento: entro 24 ore isolare i sistemi interessati e preservare le fonti correlate; documentare cosa è successo e quali dati sono stati interessati.
- Valutazione del rischio e bozza di notifica: entro 24-48 ore determinare i tipi di dati, i destinatari e il livello di rischio; preparare le comunicazioni ai clienti e agli organi di regolamentazione utilizzando il modello.
- Notifica al cliente: entro 72 ore per violazioni ad alto rischio; altrimenti, notificare quanto prima, ma non oltre il termine legalmente previsto; includere cosa è successo, categorie di dati, azioni per i clienti e opzioni di contatto.
- Coordinamento governo e fornitori: notificare alle autorità governative quando richiesto da atti o leggi; coordinarsi con fornitori di terze parti e affiliati internazionali se i dati hanno attraversato i confini.
- Aggiornamenti post-avviso: fornire aggiornamenti continui se emergono nuove informazioni o se l'ambito della violazione si estende.
Rimedi per il Cliente
- Monitoraggio del credito e protezione dell'identità: offrire 12 mesi di monitoraggio gratuito, avvisi di frode e servizi di ripristino dell'identità per gli individui colpiti.
- Supporto costi: rimborsare le spese ragionevoli relative alla violazione, come il blocco del credito o la protezione dell'identità specializzata, e fornire una documentazione chiara per le richieste.
- Accesso a indicazioni e fasi di protezione: fornire un elenco di controllo per l'aggiornamento delle impostazioni di sicurezza e un canale di supporto diretto per domande; includere fasi per reimpostare le password e abilitare l'autenticazione a due fattori.
- Notifiche in più canali: utilizza email, SMS e un portale sicuro in modo che i clienti possano esaminare i dettagli e agire rapidamente; fornisci un punto di contatto per domande.
- Gestione transfrontaliera e dei fornitori: per le violazioni che coinvolgono la gestione internazionale dei dati, coordinarsi con le entità correlate pertinenti e garantire che i fornitori di terze parti soddisfino gli stessi standard di notifica; condividere fonti e buone pratiche con gli stakeholder.
- Rimedi per i rischi cross-vendor: se i dati sono stati elaborati da fornitori come google o altri servizi cloud, conferma le azioni di remediation e aggiorna le impostazioni e le preferenze di gestione dei dati.
- Trasparenza e formazione: pubblicare un riepilogo conciso degli incidenti e fornire l'accesso a ricerche o indicazioni provenienti da fonti indipendenti, e offrire un aggiornamento mensile sulla privacy ai clienti interessati.
