Privacy Policy

This privacy policy statement explains how Grapevine handles personal data collected by it, how data are processed by it and how it keeps the data secure.

Grapevine™ is a registered trademark of Grapevine Analytics Inc., a Canadian incorporated company. You can contact us at dataprotection@grapevineevaluations.com or by telephone at 1-888-668-6162.

Grapevine is an online software as a service (SAAS) provider. Grapevine provides online survey solutions to individuals, companies, associations and institutions to enable them to conduct evaluations and surveys. All of Grapevine’s software tools are provided on a self-service basis to its customers to enable them to collect and manage data. Grapevine’s customers determine what data they collect, who they collect it from and how the data which they collect is used. 

Grapevine stores all customer data collected on its own servers located at a secure data center located in Canada. To learn more about our environment and how we protect data please view our Security Statement.

The General Data Protection Regulation (GDPR) is a new set of EU privacy regulations which are effective May 25th, 2018 and require numerous changes to the way in which EU personal data is collected and managed. Grapevine commits to cooperate with EU data protection authorities and comply with advice given by them concerning human resources data transferred from the EU in the context of an employment relationship.

If you collect and manage EU data please review our GDPR Annex. This Annex appends the terms of our existing Terms of Use to satisfy the requirement of the GDPR Article 28, Section 3, that governs the processing of EU personal data.

Data collected by Grapevine falls into two main categories:

Grapevine collects and analyses information relating to visitors to its web site. This information includes the visitor’s domain name, IP address, and details relating to browsing history and behaviour. When you visit Grapevine by clicking on a link outside of Grapevine, we collect data about where you came from. 

Grapevine aggregates and analyses the data collected to improve its website and services and to tailor the website pages for individual customers. Cookies may be used by Grapevine and by third parties to deliver customized content to web site visitors. “Cookies” are small text files which can be used to identify repeat users.

No personal data are collected when browsing our web site. You can opt out of targeted messages or advertisements at http://preferences-mgr.truste.com. You can also clear the cookies from your web browser at any time.

A visitor to our web site may voluntarily provide individual information relating to itself and its interests in Grapevine’s services and products. As an example, as a visitor you may voluntarily provide information about yourself or your company, such as your name, the name of your company, your contact telephone number and email address and your perceived needs for Grapevine’s products and services. 

This information may be provided when you register on the Grapevine web site or it may be provided to us by email. If you do email us we may retain the email message and your email address and we may respond to you with marketing communications. Your inquiry is stored and processed as an email which is hosted by Google. We do not use the information you provide to use to make any automated decisions that may affect you. You have the right to opt out of receiving marketing messages or advertisements from Grapevine. 

Grapevine does not sell, or share, or make available personal data about its customers except as required by law. User information which is collected by Grapevine is used only for internal purposes such as technical support, marketing activities and to notify customers of changes to services.

End users who have an account with Grapevine are “customers”. 

Customers own and control all information collected or created using Grapevine software and may further process data outside the control of Grapevine. Users should refer to the customers own privacy statements for information related to how their data may be further processed. Grapevine makes available the software tools to collect and manage the data and the customer determines what services it uses. 

The customer may use the software to collect information which includes personal information. The customer must ensure that it follows applicable law when distributing surveys and when collecting personal information, preventing unsolicited emails from being sent and deleting personal information when no longer required. For example, in Europe you are required to adhere to the General Data Protection Regulation (GDPR). 

Grapevine enables customers to be compliant with various privacy regulations and laws by including features within its products which may be used to modify and delete data and create anonymous surveys. 

The customer manages all data collected as well as the users who create, manage, distribute or report the data.

Customers who wish to make a request related to exercising personal data protection rights can contact dataprotection@grapevineevaluations.com. In the case of Individual respondents seeking the same, Grapevine will contact the associated customer (“data controller”) with the individual’s request. 

In order to minimize any potential harm, Grapevine will undertake strict measures to verify the identity of the requester prior to processing data protection rights requests and may indeed request additional information prior to, or in the course of servicing said request.

All data is protected using best practices to keep all personal data secure. Our Security Statement covers this in more detail.

Regardless of the security measures taken, there is always a risk of your personal data being accessed by unauthorized third parties. In the unlikely event of a security breach Grapevine will make all reasonable efforts to contact you within 24 hours of identifying the breach and confirming that your data is at risk and will provide continued updates as the breach is addressed and resolved.

Grapevine will provide a full written report that details the root causes behind the breach, the steps Grapevine has taken to address it, and the steps Grapevine will take to prevent a similar breach from occurring.

The customer can delete the survey and respondent data at any time using features available online. The customer can also request its entire account be deleted. Grapevine reserves the right to retain customer details if required to do so by law. 

Your data will initially be deleted from our database but it will continue to exist in our backup systems for approximately 104 days. After that time your data will then be permanently deleted.

Grapevine’s servers are hosted with Rogers Tier III data center located in Canada. This data center is a secure facility equipped to handle the high-power density, bandwidth, and low latency required by our business. It is a fully certified Soc 2 Type II and PCI DSS compliant facility.

Grapevine will not share your personal data with any third party for marketing purposes or for any other purpose not detailed in this policy.

• The customer owns the data and any customizations it makes to Grapevine’s survey forms. 
• The customer is the “data controller” for personal data it collects and the customer has responsibilities for protecting this data. 
• The customer must ensure that it follows all applicable laws when distributing surveys and when collecting personal information.
• Grapevine follows industry best practices to keep all personal data secure. Our Security Statement covers this in more detail. 

Grapevine has a dedicated team of employees that may access and process your personal data. We have direct contracts and confidentiality agreements in place with all employees and contractors to provide adequate protection for your data in line with our Privacy Policy and Terms of Use. 

You can contact the Grapevine team with any questions you have at dataprotection@grapevineevaluations.com.