;

CONFIDENTIALITY AGREEMENT


The open comments and unrestricted pivot table contain detailed survey responses. Client universities choose to receive either identified survey responses (including Student IDs) or de-identified survey responses (where responses are anonymous).

Identified Survey Responses

This includes Personal Data under the General Data Protection Regulation (Regulation 2016/679) ("GDPR"). Personal Data is defined in the Regulation as data which relates to a living individual who can be identified from the data (or a combination of the data and any other information you have available).

De-Identified Survey Responses

This is not Personal Data under the General Data Protection Regulation (Regulation 2016/679) ("GDPR"). Personal Data is defined in the Regulation as data which relates to a living individual who can be identified from the data (or a combination of the data and any other information you have available).
However, we cannot absolutely guarantee that the open comments and pivot table do not contain data or a combination of data which could, potentially, be used in an attempt to infer the identity of an individual. Such instances are unlikely, but it is possible, for example, that a respondent may include a comment which could be used to infer their identity

In both cases (identified or de-identified survey responses), both Etio and the client need to ensure that they are fully compliant with data protection regulations. Before we, (Etio), provide the open comments and unrestricted pivot tables we would draw your attention to the following which summarises key points from the T&C’s:

  1. When distributing findings within the institution, care must be taken to avoid identification of students. This would necessitate removal of all personally identifiable information including certain demographic and educational background variables from the dataset before distribution. If an individual can be identified in the open comments, pivot table or other survey data file, such information must be treated as confidential. In addition, the institution shall not process the information to (a) support measures or decisions with respect to individuals or (b) in such a way that damage or distress is, or is likely to be, caused to any individual.
  2. At all times you must comply with the General Data Protection Regulation (Regulation 2016/679) ("GDPR") and keep Personal Data secure and only use such data in accordance with the data protection principles as set out in the Regulations.
  3. The Data supplied shall be processed only for the purposes of further analysis on the survey results.
  4. It is your responsibility to ensure that you take such technical and organisational security measures against unauthorised and unlawful processing of, accidental loss of, destruction of or damage to Personal Data as may be required, and have regard to the state of technological development and the cost of any measures, to ensure a level of security appropriate to the harm that might result from such processing, loss, destruction or damage and the nature of the data to be protected.
  5. It is your responsibility to ensure that all employees and any other persons authorised to view the Survey Results abide by the terms of this Agreement and the General Data Protection Regulation (Regulation 2016/679) ("GDPR"). Under no circumstances should the open comments and pivot table be made available in a publicly accessible area, this includes your external website, intranet or any shared network area.