This guidance was updated on November 9, 2021.
What is GDPR?
GDPR (General Data Protection Regulation) is a set of rules designed to give EU citizens control over their personal data. It aims to simplify the regulatory environment for business and applies in every EU member state.
What is LinkedIn's POV on GDPR?
LinkedIn takes a global approach to privacy and data protection, applying GDPR as its standard for data privacy compliance around the world. LinkedIn's contractual document, the Data Processing Agreement (DPA), addresses how LinkedIn's SaaS offerings can be used by our customers in compliance with the data protection laws of the countries and territories where our services are used.
Glint, a part of LinkedIn, adheres to LinkedIn’s GDPR and DPA policies. In Glint’s role as data processor, we support our customers, who are the controllers for the data processed in Glint, as well as the individual right to privacy of each of their employees.
How does Glint help our organization comply with the GDPR?
Our products are designed to be used in compliance with GDPR. Please note two areas in particular:
1 - Confidentiality Notice
A Confidentiality Notice is presented to survey respondents at the beginning of each survey. This statement refers to our Data Protection Summary (see also Data Protection Summary below), which covers Glint's services and users of the Glint service.
For survey customers who run an aggregated survey program (with confidentiality thresholds of at least 5 respondents for questions using scaled responses and 10 for comments), the standard confidentiality notice reads: "Your responses are confidential and reported to managers and [clientName] in aggregate groups. For more information view the Data Protection Summary. Take care not to identify yourself in the comments."
This statement:
- Has been translated into all Glint-supported languages.
- Must be altered if Glint will be processing Sensitive Data for you. Given heightened restrictions on this data outside of the US, and the GDPR’s heightened requirements for processing special categories of personal data (e.g., race and sexual orientation), such as obtaining explicit consent from data subjects, we have restricted this type of data processing outside of the US, absent exceptional circumstances. Contact support@glintinc.com for assistance.
- Must be altered if you intend to conduct an identifiable survey. Contact support@glintinc.com for assistance.
2 - Data Protection Summary
The Data Protection Summary (DPS) is referenced in all confidentiality notices. The DPS is drafted in compliance with GDPR and intended to cover all Glint services and users of our services.
GDPR also mandates that certain details regarding data subject rights be available in all supported languages, enabling these rights to be presented in all languages in which you deploy Glint surveys.
Can we customize the Confidentiality Notice and/or Data Protection Summary for our organization?
- The Confidentiality Notice is a critical, required element of the survey process that was carefully designed to adhere to our requirements and is already translated into all survey languages. As such, configuration is not supported via self-serve and is highly discouraged for all customers.
- For both legal and business compliance reasons, the DPS document cannot be customized.
How does Glint ensure that personal data is separated from survey results?
Survey responses are stored within the Glint database in tables that are separate from user tables, where employee attributes are stored. Each table contains a unique identifier.
The unique identifier stored with survey responses is not the external User ID provided by the customer but is an internal user identifier created randomly by the Glint system. This randomly generated, unique identifier enables Glint’s technology to analyze survey responses against the attributes provided by the customer. The randomly assigned identifier in the survey results table will be associated by the system with a customer-assigned external User ID that is stored in the separate user table. The association between the internal and external User IDs are not visible to any customer users.
Additional Resources
Glint’s stance on Sensitive Data
Covid/Vaccine Related Questions
Questions to glint-privacy@linkedin.com