GDPR Compliance

Last Modified: May 2018


What is GDPR?

If you’re reading this, you probably know, but just like the seatbelt instructions in a Virgin America (RIP) safety video, we have to put this here: The General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law in the European Union (“EU”) that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. The GDPR is effective as of May 25, 2018.


Ethnio GDPR Compliance Summary

Ethnio is fully committed to GDPR compliance, and enabling our customers to comply with GDPR. Ethnio maintains a robust privacy and security program that we continually improve to meet the needs of our customers, and to maintain industry standard data protection among research tool companies. We have consistently reinforced our commitment to privacy and security through our compliance with the EU-US Privacy Shield Framework, and the most recent GDPR compliance changes to our policies and functionality, including breach notification policies, new data expiration controls in your account, and the right to be forgotten for any customer or respondent.

How does GDPR impact Ethnio and its customers?

For both our customers and their respondents as part of using the Ethnio services, the GDPR regulates the “processing” of personal data of any EU resident (who is referred to as a “data subject”). “Processing” includes the collection, storage, transfer, or use, of personal data. This means that any company that processes the personal data of any data subject, regardless of where the company is based, is subject to the rules of the GDPR. Additionally, the GDPR defines personal data very broadly, and includes name, email, demographic information, real-time location, online activity, and health information, to name a few.

Ethnio receives millions of data points from all over the world, including data that contains personal data from respondents or your site visitors, app users, or any other platform you use Ethnio Services. This means that both Ethnio and our customers sending us data will need to comply with the requirements of the GDPR.

Ethnio Data Collection

As between Ethnio and our customers, Ethnio is the “data processor” and the customer is the “data controller”, as such terms are defined under the GDPR. The data controller can use Ethnio to collect data from our data subjects (i.e., a customer’s end users) and says how and why personal data is processed. The data processor receives the data from the data controller and acts upon instruction from the data controller.

Data Protection Officer (DPO)

Identifying and appointing a Data Protection Officer (DPO), Data Controller, and Data Processor, is all part of GDPR. Ethnio has identified these roles internally, and has measures in place to understand the responsibilities of each of these roles.

Company-wide Awareness and Training of Data Protection

All staff at Ethnio, which as a small company means pretty much everyone is in HR, Marketing, Research Recruitment, and IT, should complete appropriate training in-line with the requirements of the regulation.

Enhanced Data Deletion and Export Features

The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data. Today, we already provide screener and incentive data export functionality and the ability to delete customer data. However, to further build on these features for GDPR, we will be making it easier for customers to request data deletion and export.

Comprehensive review of vendors

We know we have an important responsibility when it comes to scrutinizing the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR; you can be confident that our vendors have undergone a thorough privacy and security review by Ethnio’s legal and security teams. We’ve also ensured your data is stored with an industry leader with a robust security program and appropriate security certifications.

Updated Data Protection Terms

We are committed to the protection of all of our customers’ data and the lawful use and processing of that data. In addition to our Privacy Shield certification, Ethnio has historically offered a Data Processing Addendum (“DPA”) to provide additional legal commitments for our customers transferring personal data from Europe to our data centers in the United States. With the arrival of the GDPR, we have further updated our DPA to ensure compliance with all GDPR-specific requirements and now offer our enhanced DPA to all Ethnio customers. The revised DPA supplements our Terms of Use and provides contractual safeguards to our customers for the processing of the personal data sent through Ethnio, enabling these customers to be compliant with the GDPR.

Data Processing Agreement (“DPA”)

Ethnio now offers a Data Processing Addendum (“DPA”) , and an executable version.

Publicly Available Security Information

Ethnio’s security information is detailed in PDFs and help center information. This is a good starting place:

More GDPR Info

If you would like more information or have follow-up questions please reach out to us at or visit

GDPR Data Requirements

There doesn’t seem to be a requirement in the GDPR that personal data must stay in the EU as long as there is a legal framework in place to validate the data transfer; the GDPR recognizes several frameworks including the Privacy Shield. Ethnio has self-certified under the EU-US Privacy Shield Framework and will maintain our certification under the Privacy Shield Framework or any replacement framework that may come into force.

Get started with Ethnio in Minutes

Let's Start with The Basics

It’s GDPR Time!

As part of our commitment to privacy and security, we’ve updated our terms. Read more here

Free for 14 days. Choose a Plan and Change Anytime.

You'll be able to use any plan fully during the trial. Cancel within seconds if you'd like.

You've Selected The Little Plan

Good choice. Go to Account >> Plan & Usage to change or cancel anytime.
Before continue to use Ethnio, you have to read and acknowledge our privacy and consent policies, in accordance with general consent in GDPR EU.
Monthly BillingYearly Billing

$79Per Month



500 Responses / month

1 Seat

100k Pageviews / month

$179Per Month



1,000 Responses / month

3 Seats

500k Pageviews / month

$249Per Month



2,000 Responses / month

5 Seats

1M Pageviews / month

Lets TalkFor like 10min


Let's Talk

2k + Responses / month

5 + Seats

1M + Pageviews / month

Your billing Address
Total for 14 day trial:
Then $79 per month after the trial expires on 29 Jun 2019