Check out the LimeSurvey source code on GitHub!

Privacy issues in LimeSurvey

5 years 8 months ago #60410 by pgs
Hello there,

I've got a few questions regarding LimeSurvey and privacy. In Germany, privacy is relatively restrictive by law. As I'm currently setting up a LimeSurvey server, my supervisory authority (and therefore me) have some questions which I can not answer by consulting the docs.
So I hope that this is the right place to ask for some advice.

When activating the option for participants to buffer answers to continue survey at a later time in a non-anonymous survey, the documentation says that token data and answer data are stored in two seperate tables, lime_tokens_12345 and lime_survey_12345. Now since the survey is not anonymous, the token is carried over in the answer data table.

My question: After a participant has completed a survey, is the token data in both tables being automatically deleted?

Thanks in advance and kind regards, pgs

Please Log in to join the conversation.

5 years 8 months ago #60412 by holch
I think you go too far. As far as I know, the data protection laws in Germany require to have personal data and survey data separated as soon as possible. Because sometimes you just can't separate them because of the survey design or because you have to send incentives, etc.

I don't think the tokens are automatically deleted, because this would be counter productive for some of the above sceneries.

Data protection is not just a tool or a function in a tool, but a process in your organization. Even if there is the possibility to analyze the data together with personal data you wouldn't, if you are wanting to comply with data protection.

Once you are sure that you don't need the personal data anymore, you will delete them. Additionally, in a survey you usually obtain the personal data because the participant has given them to you.

I am not a data protection expert, but with this procedure you should be fine. What I am usually doing (though not in Germany) is to avoid personal data as much as possible. In case personal data is necessary, then we try to collect only the necessary and inform participants for what we need it. Once we don't need the connection of personal data and results anymore (e.g. for additional surveys, a prize draw, incentives, etc.) we disconnect the information and delete it, if possible.

However, this is just my opinion and the hardcore dataprotectors would have a different opinion. Often for yourself you don't find it so problematic, because you know how you treat the data and that you wouldn't do anything wrong with it, even having the possibility, but of course others don't know you and would think differently.

Would be nice if we could get some discussion going here.

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form