Post-show Surveys and GDPR
What are the post-show surveys?
The automated post show surveys are to measure customer satisfaction. They are based on a standard set of questions in order that responses can be aggregated and benchmarked for your organisation and across the sector as a whole. Areas of feedback include:
- Pricing & value for money
- Enjoyment of the event
- Customer Experience at the venue
- Motivations for attendance
- Marketing Influences
- Demographics
- Qualitative comments
NOTE: From 2019, clients can create their own questions and share these with the rest of the survey users.
Do I need to obtain consent to send out surveys?
Customer satisfaction surveys are considered reasonable under the legal basis of ‘Legitimate Interests’. Unlike direct marketing or market research communications, they do not require consent under GDPR. However, you may wish to include in your privacy policy that you periodically seek customer satisfaction feedback and that you do this using 3rd parties.
If you are creating your own questions or email invitations, you must ensure they do not fundamentally change the nature of the research survey to become a marketing tool to remain GDPR compliant.
What customer data is involved?
In order that we can send survey links to your customers, the data held on your ticketing system is securely transferred to our servers overnight, every night. Your organisation has its own database, accessible only by you, nominated members of your team and Purple Seven staff. Information collected includes customer names, contact details and ticketing history. Within this data is the email address of the ticket buyer to which the survey invitation will be sent. For this data you remain the Data Controller and Purple Seven is the data processor.
When a customer chooses to complete a survey, the survey responses and metadata including IP address, device on which the survey was accessed and browser information is collected.
Within the survey itself some questions come under the new ‘Special Category Data’ definition of the GDPR which includes ‘Race’ and ‘Ethnic Origin.’
All ‘Special Category Data’ that is collected is used at an aggregated level for monitoring industry trends and, like other data included in the survey responses, is used only for statistical purposes and not for targeting or identifying an individual.
How is the data used and who can see what?
For all clients, survey response data is made available to better understand if your customers are happy with the products and services you provide and how you might improve.
Clients access this data through their REPORTING tab where they can run insight reports on responses gathered by event. All users have unique login credentials to access to their account. The administrator at your organisation can control which of your team has access at any point.
Customer PII is available to view in this platform but is not directly associated with the survey responses unless a customer gives permission for this to happen when they complete the questions.
Purple Seven also aggregates survey responses to create an industry benchmark for customer satisfaction across the measures being asked. All PII is masked before the creation of this benchmark.
Purple Seven staff also have access to your account to provide customer support.
How long is the data retained?
As Data Controller, you have full control over when your customer data is deleted. Under GDPR you will have specified in your privacy policy the period for which you retain customer data and this can be reflected in your account.
We have introduced new functionality in response to GDPR so your company retention policy will be adhered to, automatically anonymising customer data held in your database with us once it meets those criterion. Tell Us Your Retention Period
Data that has been included in an anonymised form at aggregate level falls outside the GDPR.
Can my customer opt out from being surveyed?
Yes. Just like other email marketing communications the survey invitation has an ‘unsubscribe’ link. If a customer clicks this link, their email address will not be used for any future event surveys sent from your organisation.
Is the data processed in the EU?
Yes, our data infrastructure is provided by Millennia Cloud Services. Millennia only uses data centres in the UK so you are assured that your data will not be held globally. All data centres are accredited to ISO9001:2008 and ISO27001:2013 and all have redundant 10Gbit/s fibre connections.
Is Purple Seven registered with the ICO?
Yes, our registration number is Z769796X
Our Privacy policy relating to Surveys
Under GDPR Purple Seven becomes a data controller of the responses given by customers to the survey questions. For this reason, we have created a separate privacy policy dedicated to this product and data processed as a consequence of this product.