How to create a GDPR compliant form

 
At Tally, we are committed to protecting the privacy of our customers and form respondents. We've taken the necessary actions to be GDPR compliant and we've bundled frequently asked questions about Tally & GDPR here. Make sure to take a look and get informed on your rights and duties as a form creator.
Know that this page does not serve as legal advice. Always make sure to determine together with your legal advisor how GDPR applies to your business.
Know that this page does not serve as legal advice. Always make sure to determine together with your legal advisor how GDPR applies to your business.
 

Creating a GDPR compliant form

There's several to consider when collecting personal information (name, email, phone, etc.) with your form.

Collecting consent

Collecting consent from your respondents is a critical requirement for GDPR compliance. The consent you obtain must be freely given, specific, informed, and unambiguous. You also must make it very clear why you are collecting personal information, how you will use it and if you will be sharing it with third parties. Respondents can not be forced into consent and always need to be aware that they are providing permission to use their data.
notion image
  • Add a checkbox field to your form to collect opt-in consent from your respondent. The checkbox can not be pre-checked. Make sure to add multiple checkboxes (with explanation), if you're planning to use the personal data for multiple actions.
  • Add a text block to explain how you are going to use the information your respondents share with you and link to your privacy policy to give more information about how you're handling their data.
 

Data control and retention

Respondents have the right to access their personal data or to request it to be removed. Inform them. Provide them with a way to do so, this can be as simple as sharing an email address that respondents can send their request to.
You can delete or export every single individual survey response from your account if a respondent asks you to do so. We honour all deletions from an account, and all account data which has been deleted by you is permanently deleted from our back-ups within 90 days.