DAI COLLECT DATA PRIVACY POLICY

Please use this link to view DAI’s general privacy policy.

In effect from June 01, 2020 for all users

This data privacy policy applies to the DAI-hosted instance of KoboToolbox available through DAI (collect.dai.com) and herein referred to as “DAI Collect”. KoBoToolbox software is licensed for use under the GNU license available here . DAI Collect is a forked version of the open-source KoboToolbox under the GNU License.

The policy below is intended to supplement, not replace, DAI’s corporate privacy policy. Please use this link to view DAI’s general privacy policy.

WHAT TYPE OF DATA DO WE CONTROL AND PROCESS?

This data privacy policy distinguishes between data that is controlled by DAI and data that is processed by DAI.

DAI Collect is:

• A data controller of very limited data about site visitors and account holders (i.e. we determine the purposes, conditions and means of the processing of personal data). DAI may at times collect webpage analytics from unregistered and registered users of its webpage using Google Analytics – pages visited, clicks, browser used, language choice, country of origin and so on. For registered users, DAI collects e-mail addresses, organizational affiliation, sector, country, and gender as part of the registration process and stores users’ preference in their profile (e.g. language).
• A data processor of data collected by account holders (i.e. processes data on behalf of a data controller). Once a registered user creates a project, DAI stores the information related to the survey (e.g. form) and data collected by the account holder (i.e. submissions). This includes data submitted by participants completing forms designed by registered users and can include personal information.

HOW and WHY DO WE USE YOUR DATA?

DAI takes very seriously the privacy, confidentiality and security of personal information and any data collected or stored by DAI within DAI Collect. .

• Data that we control :
  Personal information from registered users is used to provide survey and data collection services to registered users and communicate with registered users about our services. Registered users can view, edit, and delete their personal information stored in their profile, unregister from communication emails, or delete their account. Personal information of registered users is never sold to third parties.
• Data that we process :
• “ Processing” means any operation performed on personal data such as collection, storage, transfer, dissemination, or erasure. DAI processes data on behalf of registered users and DAI projects who have created a project and collected data within DAI Collect. DAI fully owns their application data but DAI does not sell or share that information unless under specific contractual obligation to do so by the DAI Project’s primary donor/client. Metadata about projects may be used in aggregated ways to analyze usage with the permission of the account holder. This metadata does not include personal information. All reasonable attempts to anonymize data during aggregation will be made.

Registered users are the data controllers of the data they collect using DAI Collect (the DAI-hosted version of KoBoToolbox) and are responsible for the safe management of personal information, including compliance with the General Data Protection Regulation (GDPR). DAI Collect allows users to share application data publicly or with explicitly selected users. Information shared publicly is visible to anyone and can be indexed by search engines. By default, submission data is not publicly accessible. DAI is not responsible for how registered users handle survey participants’ personal information. We may assist individual respondents in contacting registered users with regards to GDPR requests.

Retention of personal information

It is our intent to not keep personal information for longer than reasonably required. The retention duration depends on the nature of the personal data and the purposes for which it was received. DAI’s business entities maintain a data retention policy informed by:

• Legal or regulatory requirements of the location of the data processing;
• The completion of a contract or employment engagement with you or work you supported with our clients;
• If your personal data is held for reasons other than legal requirement or contractual engagement (i.e. – newsletter, recruitment database), we will maintain that data until you request its removal or correction.

your rights regarding your personal data

The EU’s GDPR details an individual’s rights regarding their personal data. DAI respects and supports these rights and applies them to personal data held generally. These rights include:

• Right to Access – Subject to certain conditions, you are entitled to have access to your personal data. You may contact DAI to request a copy of your personal data held by us.
• Right to Data Portability – Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
• Right to Correction – You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
• Right to Object to or Restrict Processing – Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
• Right of Erasure – Subject to certain conditions, you are entitled to have your personal data erased (e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful).
• Right to Withdraw Consent – As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you withdraw your consent, this will only take effect for future processing and is subject to certain conditions based on DAI’s legal obligations.

To act on any of the above rights, DAI may need to request additional information regarding the specifics of the request as well as confirm your identity. We will respond to these requests in accordance with regulatory requirements once we confirm the validity of the request. Requests regarding these rights can be submitted to DAI by following the instructions in the “Contact for Requests and Complaints” section below.

HOW DO WE PROTECT YOUR DATA?

DAI is committed to protecting the data you entrust to us. We employ industry standard best practices (both technical and administrative) to protect against unauthorized access of your data. We cannot guarantee, however, its absolute security. To protect from loss of data, we do frequent system and incremental backups which are stored encrypted. To further protect your data, we encourage you to never to share your login information and to change your passwords regularly. If you have any questions regarding our security and backup procedures, please contact us.

CHANGES TO THE PRIVACY POLICY

We may need to modify this privacy statement from time to time, especially in response to changing norms and legislations, so please review it frequently. If we make material changes to this policy, we will notify you here or by means of a notice on our homepage so that you are aware of any changes with relation to what information we collect, how we use it, and under what circumstances, if any, we disclose it.

CONTACT US

If you are uncertain about our data privacy policy or have requests with regards to general compliance, including GDPR rights, please contact us . We respond to requests within 30 days.