Privacy Policy
This Privacy Policy explains how MedSTATA EI ("we", "us", "our") collects, uses, and protects personal data when you use SurveySTATA (the "Platform"), a web-based survey platform for multi-site data collection.
We are committed to protecting your privacy and processing your personal data in accordance with Regulation (EU) 2016/679 (GDPR), the French Data Protection Act (loi Informatique et Libertés), and applicable national law.
1. Who We Are (Data Controller)
MedSTATA EI
Contact email: contact@surveystata.com
Where we process personal data on behalf of a Client who has engaged the Platform, that Client is the data controller and we act as data processor. A Data Processing Agreement (Art. 28 GDPR) is required to govern that relationship and is made available to Clients on request prior to processing.
2. What Personal Data We Collect and Why
2a. Platform account holders (Admins, Coordinators, Monitors, Analysts, Auditors)
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email address | Account creation, login, team management | Contract (Art. 6(1)(b)) |
| Argon2 password hash | Authentication (plaintext password is never stored) | Contract (Art. 6(1)(b)) |
| IP address, user-agent | Security: rate limiting, audit trail, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Session token (server-side only) | Keeping you authenticated; expires after 8 hours of inactivity | Contract (Art. 6(1)(b)) |
| Audit log entries | Accountability and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
2b. Survey response data entered by platform users
Users enter the following data on behalf of the Client (controller).
| Data | Purpose | Lawful basis |
|---|---|---|
| Subject/respondent identifier (e.g. site-prefix + sequential code) | Link responses to a pseudonymous respondent without storing direct identifiers | Legitimate interest (Art. 6(1)(f)) / as determined by the Client controller |
| Survey answers and structured responses | Data collection for the Client's purposes | Determined by the Client (controller) |
| Signer name and role (where electronic attestation is used) | Attestation of the person who submitted the data, stored encrypted at rest | Determined by the Client (controller) |
| IP address (at time of submission) | Audit trail integrity, stored in an append-only log | Legitimate interest (Art. 6(1)(f)) |
3. How We Protect Your Data
- Encryption at rest: Subject codes, signer names, and signer roles are encrypted using AES-256-GCM before storage.
- Encryption in transit: All data is transmitted over TLS 1.2 or higher (HTTPS enforced in production).
- Role-based access control: Each user sees only the data relevant to their assigned role and study site.
- Append-only audit log: All significant actions are recorded in an audit log. Access controls and row-level security prevent unauthorised modification; the log is designed to be append-only at the application level.
- Tamper-evident submissions: A SHA-256 checksum is computed over submitted answers at the time of signing.
- EEA data residency: All data is stored exclusively on servers within the European Economic Area. No data is transferred outside the EEA.
4. Data Retention
We retain personal data for as long as necessary for the purposes described in this Policy, or as required by the Client's configuration. Login attempt logs and IP rate-limit records are purged automatically after 30 days.
On termination of the service agreement, all data is exported and/or deleted within 30 days of written request, except audit log records required for ongoing compliance.
5. Sharing Your Data
We do not sell or share personal data with third parties for marketing purposes. We share data only with:
- Cloud infrastructure providers within the EEA, for hosting, storage, and related services. All sub-processors are listed in our Sub-Processor Register available on request.
- The Client, who is the data controller for study response data and with whom a Data Processing Agreement is in place.
- Supervisory or judicial authorities, if legally required.
6. Your Rights (Data Subjects)
Under GDPR, you have the following rights in relation to your personal data:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Request correction of inaccurate data. Contact us at contact@surveystata.com.
- Erasure (Art. 17): Request deletion of your data. Contact us at contact@surveystata.com.
- Portability (Art. 20): Receive your data in a structured machine-readable format on request.
- Objection (Art. 21): Object to processing based on legitimate interest. Contact us at contact@surveystata.com.
- Restriction (Art. 18): Request restriction of processing in certain circumstances.
Where processing is carried out under the instructions of a Client (controller), we will forward your request to that Client and assist them in responding within the required timeframe.
To exercise any right: contact@surveystata.com. We will respond within 30 days.
7. Cookies
The Platform uses a single server-side session cookie to keep you authenticated. This cookie is:
- Strictly necessary: the Platform cannot function without it.
- Not used for advertising, tracking, or analytics.
- Set to expire after 8 hours of inactivity.
- Marked
HttpOnlyandSecurein production environments.
No third-party analytics, advertising, or tracking cookies are used on the Platform.
8. Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the competent data protection supervisory authority. For France:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr
9. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Material changes will be communicated to registered account holders by email at least 30 days before taking effect.