Respondent Privacy Policy

Last updated: 26 May 2026

GUIDELINES ON PERSONAL DATA PROCESSING OF THE SUBJECTS OF SURVEYS AND ANALYSES

Introduction

Personal data processing by our company is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or "GDPR"), as well as applicable Czech data protection laws.

Our company Engage Hill s.r.o., Ident. No.: 271 60 246, with its registered office at Francouzská 175/14, Vinohrady, 120 00 Praha 2, Czech Republic, listed in the commercial register maintained by the Municipal Court in Prague under file number C 100881 ("Engage Hill"), acts as your data controller and treats your data with the utmost care and security. The safety of your data is of paramount importance to us.

These guidelines represent a hyper-focused excerpt concerning specifically the processing of personal data of subjects participating in our surveys, evaluations, diagnostics, and analyses across our data collection interfaces. The full version of Engage Hill’s comprehensive guidelines on personal data processing is always available at www.engagehill.com/legal/respondent-privacy.

In these guidelines ("Guidelines"), you will find a summary of what personal data we process during your participation, for what purposes, to whom and for what reasons it may be disclosed, and what legal rights you possess as a data subject.

These Guidelines are updated periodically to ensure continuous compliance with legal frameworks and evolving regulatory standards.

Processing of Personal Data

Which personal data are being processed and how do we obtain them?

Engage Hill processes data provided directly and voluntarily by you within our data collection interfaces and diagnostic tools. We primarily process the following categories:

  • Survey & Diagnostic Metrics: Data provided by you during the evaluation process (e.g., age interval, gender, name of profile/team, specific test or questionnaire responses, and your selected colors for individual objects).
  • Technical Ingestion Metadata: Temporary connection metadata and privacy preferences processed to ensure the security, integrity, and valid recording of your participation.

This enumeration does not imply that every data subject is subject to all categories of data processing listed above.

Why do we process personal data?

Engage Hill processes your data based on the following clear legal grounds and purposes:

  1. Legitimate Interests: If you are a subject participating in the surveys and analyses of Engage Hill, your data is processed on the basis of our legitimate interest in conducting specialized research, evaluating attitudes, and providing high-quality analytical and diagnostic data to our business clients who have commissioned the evaluation and invited you to participate.
  2. Technical Excellence & Security: We process technical metadata to protect our systems, prevent duplicate entries, ensure data consistency, and defend our legal rights if necessary.

Important Note on Anonymity & Identification: The personal data collected directly by Engage Hill within standard evaluations does not allow Engage Hill to directly identify your physical identity. While final analytical outputs are delivered to the corporate customer who ordered the survey, they do not contain your direct identifiers (such as your name). However, because the client possesses its own internal datasets, employee lists, or organizational charts, it cannot be entirely excluded that the client might infer individual responses in exceptional or rare circumstances using data completely external to Engage Hill.

For how long do we process personal data?

Engage Hill retains your analytical and response data only for the period strictly necessary to complete the diagnostic objectives, generate the requested analyses for our clients, or fulfill the operational scope of our services. The exact period may also be defined or limited by applicable legal regulations.

Is providing personal data mandatory?

Your participation in Engage Hill surveys, research, and analyses across all platforms is completely voluntary. You are under no contractual or legal obligation to participate or provide any personal data to Engage Hill.

Who has access to personal data?

Access to raw response datasets is strictly limited to authorized internal personnel of Engage Hill who require access to perform data compilation, analytical modeling, and technical system maintenance.

Can we share personal data with third parties?

Personal data may be shared with trusted third parties only under the following conditions:

  • If it is necessary for providing our analytical services or operating our underlying digital infrastructure.
  • If you have given us explicit consent.
  • If we are required or permitted to do so by law.

Categories of third-party processors involved include:

  • Consent Management Platforms: To securely collect and document your privacy choices on our data collection interfaces, we utilize ArtaConsent (provided by Artatol, running on the artatol.net ecosystem). This service processes and stores temporary connection metadata and your explicit cookie preferences solely to maintain a legally required audit trail of user consents.
  • Technical providers of secure server hosting, data storage, database administration, and IT cloud infrastructure.
  • International Data Transfers: If data is transferred outside the European Economic Area (EEA), such as to secure cloud infrastructure providers in the United States, we ensure your data receives a level of protection equivalent to the GDPR. This is achieved by partnering exclusively with entities certified under the EU-U.S. Data Privacy Framework or by utilizing Standard Contractual Clauses (SCCs) approved by the European Commission.

Your Rights Under the GDPR

As a data subject, the GDPR grants you clear legal rights regarding your personal data. You can exercise these rights directly against Engage Hill:

  • The Right of Access (Art. 15 GDPR): You have the right to request confirmation as to whether we process your personal data and to obtain a copy of that data. To protect user privacy, we will strictly verify your identity before disclosing detailed records.
  • The Right to Rectification (Art. 16 GDPR): You have the right to request that we correct inaccurate personal data or complete incomplete records concerning you.
  • The Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): You have the right to obtain the erasure of your personal data if the data is no longer necessary for its original purpose, or if there are no overriding legitimate grounds for the continued processing.
  • The Right to Restriction of Processing (Art. 18 GDPR): You have the right to restrict our processing of your data under specific conditions (e.g., if you contest the accuracy of the data, pending verification).
  • The Right to Data Portability (Art. 20 GDPR): Where processing is automated and based on consent or contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • The Right to Object (Art. 21 GDPR): You have the right to object to data processing based on our legitimate interest at any time on grounds relating to your specific situation. Engage Hill will stop processing the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  • The Right to Lodge a Complaint with a Supervisory Authority: If you believe that our processing of your personal data violates the GDPR or applicable data protection acts, you have the right to lodge an official complaint with a regulatory authority. In the Czech Republic, the competent supervisory authority is:
    • The Office for Personal Data Protection (Úřad pro ochranu osobních údajů - ÚOOÚ)
    • Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
    • Website: www.uoou.cz

Contact Information of the Data Controller

If you have any questions regarding these Guidelines, or if you wish to exercise any of your statutory data protection rights, please contact our designated representative:

Engage Hill s.r.o. Attn: MUDr. Filip Brodan Francouzská 175/14 120 00 Praha 2 - Vinohrady Czech Republic

Email: [email protected]