SurveyMonkey Logo
讓 SurveyMonkey 滿足您的好奇心
  • SurveyMonkey

    使用領先全球的線上調查問卷軟體,建立並寄送調查問卷

  • 檢視所有產品新增整合功能與外掛程式
    利用群眾數據推動企業成長
  • 客戶

    透過客戶提供的數據,贏得更多商業機會

  • 員工

    透過員工提供的數據,打造強大的工作團隊

  • 按照需求選擇
  • 客戶滿意度
  • 客戶忠誠度
  • 活動問卷調查
  • 員工參與度
  • 工作滿意度
  • 人力資源問卷調查
  • 市場研究
  • 民意調查
  • 概念測試
  • 檢視更多
    尋找您需要的靈感及專業意見
  • 客戶支援中心

    調查問卷說明及教學

  • 方案與定價
    登入註冊
    • 概覽
    • 使用條款
    • 主要服務合約
    • 服務特定條款
    • 隱私權基本需知
    • 隱私權聲明
    • Cookies
    • 調查問卷頁面的 Cookie 使用情況
    • 合理使用政策
    • 安全性
    • 一般

    您知道嗎?

    63% 的人在使用一家公司的產品或服務之前,會將該公司的隱私和安全紀錄列入考量。

    EU Data Transfer Statement

    LAST UPDATED: OCTOBER 27, 2020

    SurveyMonkey Inc. (together with its affiliates, including without limitation SurveyMonkey Europe UC and Usabilla BV, “SurveyMonkey”) provides this statement to assist you in determining that there is an adequate level of protection for personal data transferred to SurveyMonkey, taking into account the July 16, 2020 judgment of the EU Court of Justice (“CJEU”) in Case C-311/18, Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (“Schrems II”).

    1. Overview

    SurveyMonkey's technical and organization safeguards address the CJEU’s surveillance concerns—As discussed in further detail in Section 2 of this statement, the CJEU’s concerns about transfers of data to the United States were based on the U.S. government’s collection of data under U.S. Executive Order 12333 (“EO 12333”) and under Section 702 of the Foreign Intelligence Surveillance Act (“FISA § 702”), especially “upstream” surveillance under FISA § 702.  The CJEU indicated that Standard Contractual Clauses can be used for transfers of personal data to the United States where the Clauses, together with any other safeguards that may be added, provide adequate protection for the personal data in light of EO 12333 and FISA § 702.  The risks posed by these U.S. legal provisions either do not apply to SurveyMonkey’s processing of personal data or can be sufficiently mitigated by technical and organizational safeguards that SurveyMonkey offers.

    SurveyMonkey will agree to be bound by the Standard Contractual Clauses—The Schrems II judgment indicates that parties may use the Standard Contractual Clauses and (where appropriate) additional safeguards for transfer of personal data from the United Kingdom and the European Economic Area (“European Data”) to the United States.  If you have entered into an agreement with or are otherwise obtaining services from SurveyMonkey that will require SurveyMonkey to process your European Data, SurveyMonkey will agree to be bound by the Standard Contractual Clauses and certain supplemental clauses outlining the organizational and technical measures SurveyMonkey has in place to protect your European Data. For more information about our agreement to be bound by the Standard Contractual Clauses, please see the Terms of Use (for self-serve customers), the Governing Services Agreement (for SurveyMonkey Enterprise or Usabilla customers), or such other agreement you may have negotiated with SurveyMonkey.

    2. SurveyMonkey's Technical And Organizational Safeguards to Address U.S. Surveillance Concerns

    a. SurveyMonkey has not received any directive under FISA § 702, and we are quite unlikely to receive any

    As of the date of this statement, SurveyMonkey has not received any directive under FISA § 702 and has no reason to believe that such a directive would be made to SurveyMonkey.  The personal data SurveyMonkey processes for our customers –feedback data – is highly unlikely to be relevant to the foreign intelligence activities governed by FISA § 702.  Moreover, in the event any such personal data were relevant to such an investigation, the government is more likely to seek such data through other forms of legal process (such as a search warrant approved by a judge) that do satisfy the high standards for government access to data described in the Schrems II decision.  This is because it would be much faster and easier for the government to seek an order or warrant under something other than FISA § 702 than to put in place the mechanisms required for the government to serve directives on SurveyMonkey under FISA § 702.

    b. SurveyMonkey is not eligible to receive “upstream” or bulk surveillance orders under FISA § 702

    SurveyMonkey Inc. acts, in part, as an electronic communications service (“ECS”) and also potentially a remote computing service (“RCS”) (as defined in Sections 2510 and 2711 of Title 18 U.S.C., respectively) in connection with certain services or product features we provide to customers.  SurveyMonkey Inc. thus is among the large group of companies upon which the United States government could serve a targeted directive under FISA § 702.  However, as the U.S. government has interpreted and applied FISA § 702, SurveyMonkey is not eligible to receive the type of order that was of principal concern to the CJEU in the Schrems II decision—i.e., a  FISA § 702 order for “upstream” surveillance.  As the U.S. government has applied FISA § 702, it uses upstream orders only to target traffic flowing through internet backbone providers that carry Internet traffic for third parties (i.e., telecommunications carriers).  For example, see the report of the Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (July 2, 2014), pp. 35-40, available at https://fas.org/irp/offdocs/pclob-702.pdf.  SurveyMonkey does not provide such Internet backbone services, as we only carry traffic involving our own customers.  As a result, we are not eligible to receive the type of order principally addressed in, and deemed problematic by, the Schrems II decision.

    c. SurveyMonkey does not assist — and cannot be ordered to assist — U.S. authorities in their collection of information under Executive Order 12333

    SurveyMonkey does not and will not provide any assistance to U.S. authorities conducting surveillance under EO 12333.  EO 12333 does not provide the U.S. government the ability to compel companies to provide assistance with those activities, and SurveyMonkey will not do so voluntarily.  As a result, SurveyMonkey does not, and cannot be ordered to, take any action to facilitate the type of bulk surveillance under EO 12333 the Schrems II decision deemed problematic.

    d. SurveyMonkey provides Technical and Organizational Safeguards to establish adequate levels of protection

    SurveyMonkey provides a range of technical and organizational measures that further defeat the core deficiencies cited in the Schrems II decision referred to above in Sections (a) and (b) of this Section 2 (bulk surveillance under FISA § 702 and bulk interceptions under EO 12333).  

    SurveyMonkey encrypts all data at rest in our data centres using AES 256 based encryption. Additionally, SurveyMonkey encrypts all data in motion using (i) RSA with 2048 bit key length based certificates generated via a public Certificate Authority, for communications with entities outside SurveyMonkey’s data centres, and (ii) RSA 256 certificates generated via Internal Certificate Authority, for all the data within the data centre.  These encryption efforts prevent the acquisition of European Data in an intelligible form in the event a governmental authority or other third parties gains physical access to the hosting and computing environment or transmission mechanisms (e.g., servers, wires and cables).  They also prevent U.S. law enforcement or intelligence authorities from being able to tamper with or tap into the data transfers between the two end-points that while such data is in transmission or in storage. 

    Some SurveyMonkey customers (for example customers of Usabilla) have their data stored only in the European Union. In those instances the data is not stored in the US and only very minimal access to that data occurs in the United States for very limited purposes (for example, to provide customer support on request or limited engineering access may be required to resolve technical issues/bugs or build out systems).

    SurveyMonkey also maintains strict administrative, technical, and physical procedures to protect information stored on its servers.  Access to personal information is limited through login credentials to those employees who require it to perform their job functions.  In addition, SurveyMonkey uses access controls such as multi-factor authentication, Single Sign On, access on an as-needed basis, strong password controls, and restricted access to administrative accounts.  

    Additionally, as an ECS/RCS, SurveyMonkey is subject the U.S. Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq.  (“ECPA”), which provides protection to SurveyMonkey’s customers.  For example, ECPA prohibits governmental entities from seeking information about customers of services like SurveyMonkey unless such governmental entities first obtain appropriate legal process, including a court order or search warrant for information other than basic subscriber information.  Likewise, both FISA and ECPA provide SurveyMonkey’s customers with redress against the U.S. government (including monetary damages or disciplinary actions against the relevant governmental authorities) if it improperly obtains information about them.  See 18 U.S.C. § 2712.

    Further, SurveyMonkey’s longtime outside legal counsel is experienced in responding to U.S. governmental requests for user data, including U.S. national security requests under FISA § 702.  It is SurveyMonkey’s policy to escalate any such requests to SurveyMonkey’s own internal compliance team and, as necessary, to such outside counsel for review.  Where appropriate, SurveyMonkey intends to use available legal mechanisms to challenge demands for data access using FISA § 702 (including any non-disclosure provisions or orders attached thereto) in the unlikely event SurveyMonkey receives such a demand.  The demand would then receive review by a U.S. tribunal (the FISA Court). 

    SurveyMonkey also recognizes that an order to provide data access under FISA § 702 would require SurveyMonkey to notify our customers that we could no longer comply with the Standard Contractual Clauses, allowing them to terminate their agreement with us and suspend data flows to us.  We have never needed to issue such a notice.

    • 社群:
    • 開發人員
    • Facebook
    • Twitter
    • LinkedIn
    • Instagram
    • YouTube
    • 關於我們:
    • 領導團隊
    • 董事會
    • 投資人關係
    • 應用程式目錄
    • 公司據點
    • 職缺
    • 網站地圖
    • 客戶支援
    • 政策:
    • 使用條款
    • 隱私權聲明
    • 加州隱私法聲明
    • 合理使用政策
    • 安全聲明
    • 通用資料保護法規 (GDPR) 遵循
    • 訂閱電子郵件
    • 無障礙服務
    • Cookie 聲明
    • 使用案例:
    • 線上民意調查
    • Facebook 問卷調查
    • 調查問卷範本
    • 民意調查排程
    • Google 表單 vs SurveyMonkey
    • 員工滿意度問卷調查
    • 免費調查問卷範本
    • 行動問卷調查
    • 如何改善客戶服務
    • A/B 比較檢測顯著性計算器
    • NPS 計算器
    • 調查問卷範本
    • 活動問卷調查
    • 樣本數量計算器
    • 撰寫理想的調查問卷
    • 李克特量表
    • 調查問卷分析
    • 360 度意見回饋
    • 教育類問卷調查
    • 調查問卷問題
    • 計算 NPS
    • 客戶滿意度調查問卷問題
    • 同意/不同意問題
    • 建立調查問卷
    • 線上測驗
    • 定量研究 vs 定性研究
    • 客戶問卷調查
    • 市場研究問卷調查
    • NPS 問卷調查
    • 調查問卷設計最佳典範
    • 誤差範圍計算器
    • 調查問卷
    • 人口統計學問題
    • 培訓問卷調查
    • 離線問卷調查
    • 360 度評估範本
    Copyright © 1999-2021 SurveyMonkey
    BBBOnlineMcAfee SECURE 網站可協助您免受身份盜竊、信用卡詐騙、間諜軟體、垃圾郵件、病毒及網路詐騙等攻擊