Get Free Access To Professional Plan! Sign Up Now! 📣

GDPR Compliance at Webform

At Webform, protecting the personal data and privacy of our users is a top priority. We are fully compliant with the General Data Protection Regulation (GDPR), ensuring that all data processing activities meet the highest standards of security and transparency. This page explains the steps we take to comply with GDPR and how you can control your personal data.

What is GDPR and Why It Matters?

The General Data Protection Regulation (GDPR) is a legal framework established by the European Union (EU) to protect the personal data of its citizens. GDPR gives individuals control over their personal data, with clear rules on how businesses collect, store, and use that information. At Webform, even if you're not in the EU, we apply these principles universally to maintain high privacy standards.

Our GDPR efforts mean:

  • More control for you over your personal data.
  • Transparency about how we collect, process, and use your information.
  • Accountability on our part for keeping your data secure.

What Personal Data Do We Collect?

We collect personal data only when it’s necessary to provide our services effectively. The data we collect may include:

  • Name, and email address, (for communication and form submissions).
  • Payment information (if you are a paying user or subscriber).
  • IP address and device information (for analytics and troubleshooting purposes).
  • Form responses and user-submitted content (for users interacting with forms).
  • Cookies and usage data (to improve the user experience and for marketing purposes).

How We Use Your Data

Webform collects and processes data for several legitimate purposes, such as:

  • Facilitating form submissions and related communications.
  • Sending service-related notifications and updates.
  • Providing customer support when requested.
  • Processing payments for premium features or services.
  • Conducting analytics and performance monitoring to enhance the platform.
  • Running marketing campaigns (only with explicit consent).
  • We never sell or share personal data for profit and process all data lawfully, fairly, and transparently.

Legal Basis for Data Processing

We rely on different legal grounds to process personal data depending on the nature of the interaction:

  • Consent: When users voluntarily provide data, such as opting into marketing emails or filling out forms.
  • Contractual necessity: For services you request, like subscribing to paid features.
  • Legitimate interests: To improve platform performance or for fraud prevention.
  • Legal obligations: To comply with legal or regulatory requirements.

How Long We Retain Your Data

We retain personal data only for as long as necessary for the purpose it was collected, including:

  • User accounts: Data will be stored until the account is deactivated or deleted.
  • Payment records: Retained for the required financial reporting period.
  • Form responses: Stored until the form owner deletes them or upon request.
  • Cookies: Stored as per the cookie type, with expiration detailed in our Cookie Policy.

When data is no longer needed, we ensure it is securely deleted or anonymized.

Security Measures

We take the security of your personal data seriously and have implemented the following safeguards:

  • Encryption: All data transmissions are encrypted using SSL/TLS protocols.
  • Access control: Only authorized personnel have access to sensitive data.
  • Regular audits and assessments: We conduct periodic audits to detect and fix vulnerabilities.
  • Data minimization: We collect only the data that is necessary and relevant.

International Data Transfers

Webform may process or store data outside the European Union. In such cases, we ensure that the data is transferred securely and in compliance with GDPR by:

  • Using Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Working with GDPR-compliant service providers that offer the necessary safeguards.

Third-Party Processors

We work with trusted third-party service providers to deliver key functionalities, ensuring smooth operations while safeguarding your data. These include:

  • Google Cloud for secure data storage, processing, and hosting.
  • DigitalOcean for scalable cloud infrastructure and application hosting.
  • Zoho for email services used in transactional and marketing communications.
  • Zapier as an integration for automating workflows and connecting different platforms to enhance user experience.
  • Stripe as a payment gateways for secure transactions.
  • Google Analytics 4 for monitoring performance and improving platform efficiency.

Your Rights Under GDPR

You have the right to control how your personal data is collected and used. Specifically, you have the following rights:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct any inaccurate or incomplete information.
  • Right to Erasure: Request the deletion of your personal data ("Right to be Forgotten").
  • Right to Restriction: Limit how your data is processed in certain situations.
  • Right to Data Portability: Receive your data in a structured format that you can transfer to another service.
  • Right to Object: Opt-out of direct marketing or other processing activities.
  • Right to Withdraw Consent: At any time, if you previously gave consent for data processing.

How to Submit a Data Request

If you wish to exercise any of your rights, please reach out to us using the contact details below. We will verify your identity and respond within 30 days in accordance with GDPR guidelines.

Email: hi@webform.io

Cookie Policy

For a detailed explanation of the cookies we use and how you can manage your preferences, please refer to our Cookie Policy. You can also change or withdraw your consent at any time using the cookie settings available on our website.

Handling Data Breaches

In the unlikely event of a data breach, Webform will:

  • Notify affected users immediately and provide recommendations to secure their data.
  • Report the breach to relevant authorities within 72 hours, if required.
  • Take prompt action to fix vulnerabilities and prevent future breaches.

Changes to This GDPR Policy

Webform may update this policy periodically to reflect changes in legal requirements or our data practices. Any significant changes will be communicated through email or notices on our website.

Questions or Concerns?

If you have any questions regarding this GDPR compliance page or your personal data, feel free to contact us.

Email: hi@webform.io

Start Creating Forms for Free

Try our form builder for free. Create and customize forms effortlessly!
Get Started Today