All Collections
Digital Organizing - Creating Actions, Forms and Petitions
Petition
Privacy Policy and Collection of Personal Data via Online Forms
Privacy Policy and Collection of Personal Data via Online Forms
When collecting personal data, you’re legally required to make a privacy policy available to those from whom you’ve collected data.
Helen Sabatine avatar
Written by Helen Sabatine
Updated over a week ago

A sample privacy policy is available for completion at the end of this document.

It is worth noting at the outset of this article that the meaning of ‘online form’ within this context includes an online survey, online petition or online questionnaire.


Summary:

1) What is a Privacy Policy?

A privacy policy is a document or contract that sets out a organization's commitments regarding the processing of users' personal data (while using a service, a website, etc.). This policy should explain in detail how personal data is collected, processed, published and deleted, and for what purpose this data is utilized. The information in the privacy policy must be clear, concise and transparent.

A privacy policy should enable users to :

  • know why their personal information is being collected (and how it is being used);

  • know how their personal data is being processed;

  • ensure that their data is protected;

  • learn about their privacy rights and how to exercise them;

The privacy policy therefore helps to build trust between the user and the organization that collects and processes his/her personal data. By being transparent and clear, the organization can assure its users that their data is secure and protected.

2) Who is required to draft a Privacy Policy?

Every organization that collects, directly or indirectly, personal data from users, volunteers or citizens, is obliged to establish a privacy policy. In concrete terms, if you use online forms (petition, questionnaires, surveys, forms) with Qomon, you must have a privacy policy in place.

3) What information should be communicated in a Privacy Policy, and by what means?

To be compliant with the GDPR, a privacy policy must include:

  • The identity and contact details of the organization;

  • The purpose of the data collection (what the data will be used for, on the understanding that the data collection must be justified by the service provided by the client);

  • The legal basis for processing this data (the GDPR provides for 6 bases: the consent of the data subjects, legal obligation, contractual obligation, public interest task, safeguarding vital interests and legitimate interest);

  • The compulsory or optional nature of the data collection, and the consequences if the data subject does not consent to providing his/her personal data;

  • The recipients of the data collected;

  • The duration of the data storage;

  • The rights of users (right of access to their data, right of rectification, right of erasure and right to data limitation);

  • The contact details of the organization’s data protection officer, if any, or the contact person for all questions relating to this subject;

  • A reminder of the user’s right to lodge a complaint with the authorities.

In the case of indirect data collection, additional information should be included in the privacy policy, namely

  • the category of data collected;

  • the source of the data collected.

4) How can I add my Privacy Policy to my Qomon Space?


To publish a form online, you must add a link to your privacy policy. This can be a link to your website or to an online file.

In your space settings, General > Privacy Policy, you must insert the link to your privacy policy.

A single privacy policy is required for all online forms. It is your responsibility to ensure that this document meets all regulatory requirements.

5) I already have my privacy policy - you must include Qomon as a subcontractor

Qomon (Dolphins Sas) acts as a subcontractor in the case of Petitions, Forms, and Online Questionnaire services. Therefore, you must add Qomon (Dolphins SAS) to your list of subcontractors if you have your own privacy policy. The data is hosted in the European Economic Area.

You can access:

6) What if I don’t have a Privacy Policy yet?

If you do not already have a privacy policy, you must create one. The absence of a privacy policy will block the publication of an online form.

There are several ways to create a privacy policy:

  • Contact a specialist lawyer to assist you in drafting the document

  • Use a privacy policy generator (available through search engines)

  • Use the template proposed by Qomon (see below)

7) Using the Qomon Privacy Policy Template

Qomon provides you with a model of a “GDPR type" information notice to be completed. This is provided as a support tool or guide, purely to operate as a template, the User being responsible for completing and modifying it as he/she deems appropriate in accordance with the regulations applicable to him/her.


Did this answer your question?