Riddle’s Quiz Maker is fully GDPR-compliant

Do you use quizzes to collect leads? You’ll need a GDPR-compliant quiz maker like Riddle to handle all that personal data.

Quizzes are powerful lead generation tools.

Unless you choose the right online quiz maker, you can be at high risk to the GDPR, the EU’s sweeping privacy regulation, as well as California’s CCPA.

Riddle – meets all privacy protection requirements

Quizzes are powerful data capture tools – you can collect names, emails, and other personal data. GDPR compliance is critical.

Here’s a high level look at how Riddle protects your users’ personal data and complies with the GDPR:

• All data is hosted in Europe on our own servers (main server in Frankfurt/Main, Germany, live backup server in Luxembourg).
  • No cloud-based data storage
• No trackers in the embed code – we don’t even collect IP addresses.
• Only you can view any personal identifiable data you collect with your riddles.
  • Using a CRM? We send personal data to your marketing software without ever being stored on our servers.
• If you choose to store it on our servers, it will be encrypted and cannot be accessed by Riddle staff.

Not convinced yet?

Check out:

• Riddle’s Data Processing Agreement (DPA)
• Our (very short) list of cookies used in our creation tools and our embed

7 reasons why you should choose Riddle as a GDPR compliant quiz maker

The good news is that Riddle is not only a fully GDPR-compliant quiz maker – we also comply with other global privacy regulation like the CCPA.

Update: EU-US ‘Privacy Shield’ not sufficient for GDPR compliance

This is a BIG deal. The EU has ruled that the ‘Privacy Shield’ no longer counts for GDPR-compliance.

How might this impact you?

The Privacy Shield was a way for companies to bulk send consumer information to the US for processing – for things like Amazon Web Services (AWS), Google Analytics, or any number of SaaS providers.

The EU has ruled that this is no longer sufficient – so you should immediately look to review how your business handles data.

What does the death of the Privacy Shield mean for Riddle?

We were proud to be a GDPR-compliant quiz maker. Since we’re 100% based in the EU, we’re hyper-aware of how important this topic is.

At Riddle, we know there will be a lot of fast-moving developments as the implications sink in. We are constantly updating this post as the quiz data privacy space evolves.

Riddle is GDPR compliant because…

• No cloud servers – all our web servers are based in Germany and Luxembourg in a secure, banking-grade data center. We are operating our own server infrastructure and are not running on shared services.
• No trackers – the Riddle embed code (the piece of code you put on your website to run the quiz) does not contain any trackers or cookies other than a necessary session cookie.
• No IP address tracking – we don’t EVER collect your quiz takers’ IP addresses or attach customer-specific cookies.
• Personal info collected by the quiz creator via lead forms only – with each user’s specific opt-in and the form data can be stored encrypted on Riddles servers, where only the quiz creator has access to them.
• Sign our DPA – creators can sign our Data Processing Agreement (DPA) with us in case you need our staff to access any personal information associated with your account.
• No Google Font tracking – we are serving all Google Fonts directly from our own servers. We have removed all Google tracking.
• No more Google Analytics – we removed our Google Analytics and Google Tag manager on Nov 11th, 2017. We use our own self-hosted Matomo analytics solution to keep all data in-house.
• Almost zero cookies – whenever possible, we have removed cookies from Riddle’s online quiz builder and embedded quizzes.
  If we have to use cookies in a Riddle embed, we make sure to never use it to collect and store any personal identifiable data.
  • We use only session cookies in our quizzes – an anonymous, randomly generated value (e.g. 1418359273423).
    No personal info collected… not even IP addresses.
  • You can read more about our cookies here
• No individual tracking of data – all tracking will be EU-based on Riddle’s all-German servers; we only track aggregate data but never individual quiz takers’ information. We cover this more below.

Why choose an GDPR-compliant online quiz maker?

The GDPR has been joined by other privacy regulations worldwide. There’s California’s CCPA, Canada’s PIPEDA, and more coming all the time.

The good news?

If you follow the GDPR, you should generally be compliant with these as well. But of course – check with a lawyer just in case.

Any sites that gather personal information from EU visitors face huge fines of up to 20 million euros ($23M) – whether based in the EU or not. Amazon recently got hit with an $887M fine regarding data misuse; the EU is definitely not messing around about enforcing the GDPR.

The good news? Riddle is a fully GDPR-compliant quiz maker. We power the quizzes for the privacy-conscious BBC, Manchester United, Shopify, and hundreds more.

Riddle collects only aggregate, anonymous data

As a GDPR-compliant quiz maker, we only store aggregate quiz data – with no additional information added, unless you choose to include an opt-in lead form.

For example, imagine 1,000 people take your quiz – 600 fill in your lead form, and 400 opt-out:

• For the 400 quiz takers who do not complete the form: We would store just the total count of quiz answers and overall results (1,000 people answer the quiz in this way). We would not save the specific responses from each user.
• For your 600 leads: We would collect their quiz responses, such as ‘Bob (bob@yoursite.com) answered the questions for Quiz 12345 in this way’.

If you want to collect individual quiz takers’ data, no problem. You easily can do that with our lead generations forms in a GDPR-compliant way, either:

• Store the data with Riddle (GDPR-compliant)
• Use our our webhook to send the data directly to your own GDPR compliant storage solution – never touching our servers.

You can decide how GDPR safe your leadforms are

We suggest that you add an opt-in field to the lead form! Ask permission to store the lead’s quiz data along with the form data (like name, email, etc.). If the user fills in the lead form, but does not give permission, we will still store the lead data for you, but will show all quiz data as ‘withheld’.

Also, make sure to use our built-in double-opt-in feature – where each lead had to click an email confirmation. Only data from confirmed email addresses will be stored that way.

General information about the GDPR

Here’s a quick summary of the GDPR in an easy-to-digest format – with a focus on being a GDPR-compliant online quiz maker.
(One more pesky legal disclaimer… remember, this is not legal advice, and this article on GDPR is for informational purposes only – we are not accountable for what we say here.)

The GDPR applies to any organization that collects or processes personal data of EU residents – no matter where the company is located.
But what is considered personal data?

• Name
• Address
• Photos
• Email address
• Bank details
• Posts on social networks
• Medical information
• Computer’s IP address

Your responsibilities under the GDPR

• You will need to provide your customers with contact information for a data controller and you need to provide a data protection officer.
• EU citizens have the right to request information and ask for the deletion of all data stored about them. You need to make sure that you can comply with these requests.
• You also need to make sure to encrypt or pseudonymize data you store. When you choose a tool to store your lead data outside of Riddle, make sure they are compliant.

Any questions about Riddle – the GDPR-compliant quiz maker?

If you have any questions about our being a GDPR-compliant quiz maker – or would like copies of our data certificates, please drop us an email to hello@riddle.com – or ask us on support chat.

If you don’t have any questions, what are you waiting for? Create your first GDPR-safe quiz within 5 minutes!