GDPR Compliance

Home / GDPR Compliance



Your company’s security is equally important to us which is why we’re committed to protecting your data at all times. Psyft is GDPR compliant and we continue to further improve our systems and processes in this regard.


Surveys/Assessment Related

• Enable explicit consent, consent management and withdrawal
• Access controls and rights
• Privacy by design and default principles to ensure new projects and processes are in alignment with our commitment to data privacy and securit

Right to be forgotten: You have the right to have your information permanently deleted from the Psyft databases. Please emailcontact@psyft.com and provide your name, email, and telephone number. You will be removed within 3 business days.


In the context of our GDPR roll-out, here is what we ensure:

• Psyft never uses employees’ personal information other than as approved byclients. Psyft does not use any individual respondent’s data for marketing etc. Scores of our clients (identifying their names) are never revealed.
• All individuals taking a survey/assessment that we administer will now be given the opportunity to either consent to the survey/assessment and the processing of their data, or they may refuse to take the survey/assessment without penalty of any kind. A refusal to participate will not be recorded or provided to their employer.
• For visitors to our website, we do not use any cookies for marketing purposes (alldata we collect is never sold or given to any other person).
• We have trained our employees on how to deal with GDPR issues in order to ensure that our team is familiar with the GDPR and understand our commitment to data privacy, security, and protection.
• We have upgraded our security infrastructure to be more robust in its abilities to protect and secure our client’s data, and we continue to train our people on data protection/security best practices.

The following are some key GDPR principles we follow-
Individual Rights - Individuals are granted the following rights under the GDPR:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure

Collection and use of personal data

Psyft collects Personal Data from Respondents and Employers when they administer a survey/assessment on behalf of an Employer. As a general matter, Psyft collects the following all or few types of Personal Data from Data Subjects: contact information, including, a contact person’s name, work email address, work telephone number, designation, and company name. We also collect responses to other survey/assessment questions that are submitted by the Respondents. We do not collect any information on IP address and browser type.
Psyft is a service provider to Employers. In our capacity as a service provider, we will receive, store, and/or process Personal Data owned and/or controlled by Data Subjects, including information about the Employer’s employees, agents, or other individuals. In such cases, we will process the Personal Data on behalf of and under the direction of each Employer pursuant to a written contract with the Employer. The information that we collect from Employers in this capacity is used for preparing reports, managing transactions, invoicing, renewals, and other operations related to providing services to the Employer, and as otherwise requested by the Employer.
Psyft uses Personal Data that it collects directly from Data Subjects and Employers in its role as a service provider for the following business purposes, without limitation:
(1) to gather and process survey/assessment responses from Respondents (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to a Customer);
(2) satisfying governmental reporting, tax, and other requirements (e.g., import/export);
(3) storing and processing data, including Personal Data, in computer databases and servers located in India;
(4) verifying identity (e.g., for online access to accounts);
(5) as requested by the Data Subject; and
(6) as otherwise required by law.
Psyft may be forced to disclose an individual’s personal information when compelled by a request made by a recognized public authority or where required to meet national security and or law enforcement requirements.


Sensitive data

Psyft may ask a question on a survey/assessment that might be considered Sensitive Data. Any person taking a survey/assessment may refuse to answer any or all questions. By answering a question, a Respondent is agreeing to the use of the data being provided as a response to the question.


Data integrity and security

Psyft uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Psyft has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to Psyft's electronic information systems requires user authentication via password or similar means. Psyft also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data.Despite these precautions, no data security safeguards guarantee 100% security all of the time.


Accessing personal data

Psyft personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized. Anonymous aggregated survey/assessment responses are used for Psyft's ongoing research, analysis, benchmarking, and trending purposes, and such information may be retained indefinitely (“Benchmarking Information”). Information that would identify a participant within the Benchmarking Information is not retained, identified, and is never disclosed to anyone.
Psyft will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.