This article will help you to understand how you can develop privacy compliant surveys in atingi. Kindly note that these guidelines are only applicable for GIZ projects, however, it is also recommended for other projects and organisations to follow them. In case you are a partner of atingi who is not a GIZ project and you would like to develop a custom survey on atingi, kindly reach out to your account manager for support.
These guidelines are specifically for GIZ projects for conducting privacy and GDPR-compliant surveys in an atingi partner space (i.e. where your courses are hosted). They focus on dedicated surveys which you create and provide to users of your course for completion.
1. Only conduct surveys if anticipated insights are needed
The collection and further processing of personal data are not per se forbidden. However, there must be reasonable grounds for the processing of personal data. Hence, you should only survey users of your course if you have a substantial interest to obtain the insights you anticipate generating with the survey. This could be the case, in particular, where these insights are required for reporting to BMZ or to another public institution that has commissioned your project.
2. Minimize personal data collection
All survey responses constitute personal data, unless where it is technically impossible to assign the response to the respective user. You must only collect those categories of personal data that are needed to gain the desired insights. Data that is just “nice to have” must not be collected.
Note the following in particular:
It is often not necessary to know the identity of the interviewee. In these cases, the interviewee should not be asked to provide their name, email address, place of residence, or other clearly identifying information as part of the survey.
The survey form should not be linkable to the interviewee's user account unless the required insights cannot be obtained without such link.
Master data and demographic data should be collected with as little specificity as possible in view of the purpose of the survey. For example, instead of the date of birth or exact age, only the relevant age range should be collected if feasible (e.g. 16-25 years, 26-35 years, 36-45 years, etc.).
3. Be particularly cautious before collecting sensitive data
Data privacy rules confer particular protection to so called special categories of personal data. Those data categories must only be processed with caution and quite often requires a data protection impact assessment to be prepared together with the VVT notification– for more information please feel free to turn to the Data Helpdesk, using the general project related question tab on GIZ Data Privacy Portal. They include, amongst others, health data, data concerning a person’s sex life or sexual orientation, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership (cf. Article 9(1) GDPR for the complete list of data categories).
If the collection of such data is not strictly necessary for the monitoring purposes specified by BMZ or for comparable purposes, you must refrain from collecting it.
4. Do not unreasonably pressure users to participate in the survey
You can encourage users to take the survey. You may only pressure them or connect participation to a required outcome for the learner, for example by withholding the course certificate, if completion of the survey form is refused, if all of the following conditions are met:
Users are informed before the start of the course that they will be asked to take part in a survey at the end of the course. In this notice, the topic(s) of the survey should be indicated;
In the survey form, no identifying information such as name, e-mail address, year of birth, or place of residence is requested;
Survey responses are not evaluated on an individual level, but only for obtaining statistical insights; and
No sensitive details are collected through the survey, cf. section 3, or only relatively non-specific sensitive details (for example, whether the user belongs to an ethnic minority in the region they live).
5. Be transparent
You should be transparent about why you are conducting the survey and what you are doing with the survey responses. An explanatory text should be displayed when users are asked to complete the survey. This text could be as follows:
[Example, to be adapted as necessary:]
We ask for your feedback to help us improve this course. Your participation in the following survey provides us with important insights into whether this course is helping to achieve our goal to [INDICATE GOAL] and how we can tailor this course even better to users’ needs. Your responses will only be used for statistical purposes and will be anonymized as soon as possible. We will not share your responses with any third party outside of atingi. For further information on how GIZ handles your personal data, please read our privacy notice.
[End of example]
atingi's privacy notice is also linked in the footer of the atingi website or platform. Check out this privacy notice and contact Data Helpdesk if the details provided in this section do not correspond to your anticipated processing activities.
6. Ensure the security of personal data
The following data security rules must be observed:
Use only the Moodle/atingi survey tool (Feedback) or a GIZ approved survey tool for the survey.
Observe general GIZ rules on the storage of personal data. See: Data Privacy Management (sharepoint.com)
In case you have to process identifying details like name, email address, place of residence, or Moodle ID in connection with the survey, store these identifying details separately and not in the same location as the (other) survey responses.
Anonymize the responses as soon as possible, for example, by aggregating them and deleting the completed survey forms.
If you intend to forward raw survey responses, not just aggregated data, to a third party like BMZ or a service provider, contact Data Helpdesk before conducting the survey.
7. Observe (further) GIZ rules
Before conducting the survey, the associated processing of personal data must be reflected in a VVT notification, which must be approved by GIZ’s Datenschutzmanagement (DSM).
atingi is a GIZ product. For this reason, regulations by GIZ take precedence over the present guidance.
If you have any privacy related questions, please contact the Data Helpdesk.