AceBot and GDPR

Let us start by making the statement that most of you are looking for ie. is GDPR compliant. Which means, you, our customer, have this box “ticked” and can move forward without worrying about one more thing in life!

Now that we have the basic question covered, let us walk through the “how” process and what GDPR means to you, the end consumer who is answering the survey etc.

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a regulation in EU (European Union) law on data protection and privacy of all individuals within the European Union (EU) and European Economic Area (EEA). The GDPR comes into force on May 25, 2018, tightening the rules for businesses on how they collect, store and process EU citizen's personal data. The new regulations will impact organizations worldwide who collect and process personal data of EU citizens. So, if you’re running an employee survey or a consumer survey, you’re likely to be affected. Please refer to this link for details (Wiki GDPR page)

As AceBot is a tool for data collection and surveys (including the equivalent of web-forms), compliance for us is different from the E-commerce and Social sites. Not only do we ensure your privacy is being protected, but we also provide you with checklists and tools to ensure that you’re looking after your customers’ data and GDPR issues as well.

We are dividing GDPR information into 3 different viewpoints:

However, all of them point to the following “principles” that need to be adhered to:

GDPR & AceBot (AceBot’s View)

As AceBot is a tool for data collection and surveys (including the equivalent of web-forms), compliance for us is different from the E-commerce and Social sites. We are publishing a series of info-notes and articles as to how our customers can also comply with GDPR requirements.

We’re reworking our standard NDA documents, contracts with vendors and partners to make sure they are also compliant, and can give us the guarantees on privacy and data protection that we need, such as the EU-US Privacy Shield framework. Our Privacy Policy and Terms of Use have also been updated. In addition, we have detailed out a new “cookie” policy that describes how you can turn off the cookies on your browser.

AceBot Account / Customer View

If you have an AceBot account and are using AceBot for collecting information (via a survey) then the following paragraphs describe how YOU can exercise your GDPR rights.

GDPR is designed to give you more rights and control over your personal data. When AceBot has information from which you can be directly or indirectly identified, you now have rights over what happens to that data. Here’s how to take advantage of them.

What’s ‘personal data’?

‘Personal data’ could be your name, ID number, location data, an online identifier of yours, or even your physical, physiological, mental, economic, cultural or social identity.

OK, so how do I find out about this data?

When you create an account in AceBot, we ask for certain information and store them. As an AceBot user, you will be collecting certain information from your users, employees or general public. You are responsible for ensuring that you are GDPR compliant with the data so collected. Here is a checklist that we have prepared for you. In summary, you are responsible for and need to provide a mechanism for your users to exercise theirs. The rights included in GDPR are:

There have also been questions specifically asked about where the data should be stored / kept. Here is an FAQ that answers these questions related to GDPR:

Acebot, by default provides you all of these rights. If in doubt, please contact our support email address. You can mail us at

GDPR Rights For Respondents

If you’ve completed a SURVEY or answered questions / have had a conversation with the AceBot chat process and want to exercise your GDPR rights, then the following are applicable:

The customer / organization that is asking you to fill the survey / answer the question is responsible for looking after the data that you provide.

This article tells you everything you need to know about your data rights as an AceBot respondent.

As our privacy policy explicitly states if you’ve submitted your personal data through an AceBot chat conversation, then the creator of that AceBot is responsible for this data. AceBot only processes this data on the creator’s behalf. This means that if you want to exercise any of your GDPR rights, you should contact the person or organization that created the AceBot. If this isn’t possible, we’ll do our best to put you in touch with the creator of the form. While the first thing you should do if you want to exercise your rights is contact the creator of the AceBot, this doesn’t mean that we won’t help you!

If you’ve sent your personal data through a AceBot survey, you can reach out to us, give us authorization to provide your contact information to the creator of the AceBot. We’ll then forward your request to them. All you need to share is the AceBot URL, or the name of the creator, so we can identify the creator / creating organisation. If you have a AceBot account and you’ve sent your personal data through someone else’s AceBot chat conversation, you should also follow this process. We can’t guarantee that the creator of the AceBot will accommodate your requests, but we’ll do as much as we can. You can mail us at