Processing of personal data in Webropol queries

This describes the principles related to the collection of personal data through Webropol. For instance, personal data may be collected in research materials or in registrations for events. Care is the starting point for the processing of personal data. All new queries are created with Webropol 3.0.

Minimising the processing personal data

In designing the survey, it is important to minimise the processing of personal data:

• Only the data required shall be collected
• Access to the survey shall only be granted to persons requiring access
• The life cycle of the data collected shall be planned by means of the query: Secure methods and tools shall be selected for the collection, recording, storage and destruction of personal data. It is recommended that a data management plan is created for the research material (e.g. DMPTuuli)

Informing the data subject

One part of planning the collection of personal data consists of informing the data subject. The General Data Protection Regulation specifies the information that the data subject shall receive when the data is collected. This must always be done when collecting personal data, unless the data subject has been informed previously. The data subject shall be informed as follows:

• Complete the data protection notice if it has not been created yet. Data protection notices are available at https://www.hamk.fi/privacy-policy/?lang=en
• The template contains all the information required by the General Data Protection Regulation. The templates are available on the intranet: research and RDI activities and other than research and RDI activities
• The data protection notice shall be stored so that it is available to the data subject.
• A link to the privacy notice will be placed on the Webropol form so that the respondent may check how the personal data they provide is processed. The Webropol form may also be used to include the most relevant information (for example, why data is collected, how long it is stored and what it is used for) of the data protection notice in order for the data subject to receive the most important information without having to open the data protection notice.
• At the end of the survey, a mandatory approval point (selection question) is added, e.g. ‘I accept that my data is collected for the use described above’ and the respondent then clicks the ‘I agree/Submit’ button. You can modify the query-specific buttons in ‘Appearance -> Query button appearance’ during the query creation process.

Anonymisation and pseudonymisation

Anonymisation may be performed at various stages of the study. For instance, it may be done as follows:

• The material is originally collected anonymously
• The material may be anonymised before processing
• Anonymisation may be carried out during reporting
• Anonymisation of the material may occur before publishing/opening the material

If possible, it is recommended that the initial survey is performed anonymously. However, it should be remembered that respondents may also be identified based on survey responses. This should also be taken into account when writing a report. For instance, if a report is classified as ‘HUS, 26 years, male, physician’, anonymity may be threatened because the number of people meeting the criteria may be quite small in the organisation. Anonymization can also be performed on existing answers, and more information about this can be obtained from the main user.

The material may also be pseudonymised for analysis. Pseudonymisation means the replacement of personally identifiable material with artificial identifiers. More information about anonymisation and pseudonymisation is available for instance here. Anonymisation or pseudonymisation is used whenever possible.

Survey name

When using Webropol, you should pay attention to the survey name. For instance, surveys should avoid using a survey name indicating a health condition because the survey name may reveal the individual’s health issues. Practical example: for instance, no questionnaire called ‘cancer patient’s experience of becoming ill’ shall be sent to cancer patients. This is particularly problematic if the survey is sent with a personal link, as in this case, the information of a person’s health condition is recorded in the system before the survey is responded.

Anonymised personal survey link

Webropol can also implement the survey with a personal link so that the respondent’s e-mail address cannot be linked to the responses. This is done in the survey settings under ‘anonymity’.

Deleting survey responses

Webropol is not intended as an archiving location for the collected material. It is particularly important to remember this when collecting material containing personal data. If the survey author’s employment relationship with HAMK ends, the surveys must be removed from Webropol, or rights shall be granted to another person.

Expired and unused queries must be completely removed from Webropol. This also improves and speeds up the programme’s availability. Each Webropol user should go through the surveys under their own IDs regularly and delete any surveys/responses that are no longer needed.

Further information

For more information about using Webropol, contact the main user (Elina Rantala). You can also ask the data protection officer (Kari Kataja) about the processing of personal data.