Security




Meet GDPR Requirements:

Since 2007, Inquisium has been committed to protecting the privacy and security of customer and attendee information, including processes and safeguards relevant to personal data. Click Here to learn more about GDPR compliance and Inquisium.

  1. RIGHT TO BE FORGOTTEN If a data subject makes a request to have his or her personal information removed in accordance with their “right to be forgotten,” authorized members of your account will be able to submit this request to Cvent via an online form. Cvent will then have the data subject’s personal information permanently removed from Cvent data stores and a confirmation that the request has been completed will be sent to the member of your account who submitted the request. Personal Information removal will be accomplished by obfuscating the data subject’s personal information. This includes: Standard contact field data. Custom contact field data. Survey question Answers. The anonymized record will remain. This will allow your account to comply with the data subject’s request to be forgotten while maintaining your legitimate interest in retaining accurate information about your surveys, including for example, respondent counts, response rates, etc.

  2. GENERAL DATA PROTECTION REGULATION UPDATES 2 DATA PORTABILITY/RETRIEVAL If a data subject requests an account of all his or her personal information in a “machinereadable format,” as allowed by GDPR, authorized members of your account will be able to submit this request to Cvent via an online form. Cvent will then retrieve all personal information of the data subject and deliver it to the member of your account who submitted the request in a JSON formatted file. This will generally include the following information: Standard contact field data. Custom contact field data. Survey question answers.

  3. CONSENT Deciding if consent is necessary from survey respondents is ultimately the decision of the Survey Author (i.e., the Data Controller). For example, collecting respondent personal information for the purpose of administering the survey may be considered legitimate interest, in which case, consent may not be required. If obtaining consent is determined to be necessary, Cvent will provide the survey author with configuration options, depending on your needs.

  4. SURVEY CONSENT QUESTION You will be able to create a new type of question to display to survey respondents. These “consent” questions will allow you to enter your own text to which your respondents may agree by ticking a checkbox. You may create one or more consent questions depending on your needs. Like other survey questions, you will be able to display these fields to respondents in your survey, on the identity confirmation page, in the order of your choosing. You will then be able to run reports to see which respondents have consented to each of your consent questions. Any consent given or withdrawn will be tracked at the respondent level and will not apply to other surveys in your account.

  5. REQUIRING CONSENT By default, any consent field or consent question created will be optional during survey response. This means that respondents will be able to proceed whether or not they choose to give consent to that particular option. If consent is given, respondents will be able to withdraw consent by editing their survey response. If you have any stipulations which must be agreed to for survey submission, a consent field or consent question may be marked as required, and respondents will not be able to proceed with survey submission unless consent has been provided. If a consent question is required and a respondent wishes to withdraw consent, he or she will need to contact the survey author so that appropriate measures can be taken (including initiating a right to be forgotten request).

  6. REPORTING Consent audit reports will be offered for both address book-level consent custom fields and respondent-level consent questions. For each instance where consent was collected, you will be able to see: The contact information of the individual The specific text to which they have given consent (at the time consent was given) The date/time at which consent was given.

  7. COOKIES Cvent users will have the option to enable a cookie banner on the web survey. When enabled, a banner will display to visitors when they arrive at the site. The banner will inform the visitor that functional cookies are used so that the site may function properly. The banner will include a link to the Cookies section of the Cvent privacy policy which provides detailed explanations of the cookies used on our sites. The visitor may consent to the use of these cookies by dismissing the banner or continuing to use the site. Cvent users will be able to customize the language of the cookie banner if desired. Cvent web surveys do not use any cookies for profiling or marketing purposes. Additional information about the cookies used on Cvent surveys can be found in our privacy policy.

  8. PRIVACY POLICY By default, the Cvent Privacy Policy is always displayed in the footer of all Cvent web surveys to inform respondents how their data will be stored, processed, and protected by Cvent. In addition, Cvent users will be able to add a link to their organization’s privacy policy in the footer of the web survey. The URL and link text of the privacy policy can be specified in the planner side survey configuration. The link will then be displayed at the bottom of each web survey page so respondents may learn more about how their data will be stored, processed, and protected.

  9. For additional resources and information on GDPR please go to here.

General Security and Infrastructure Overview:

Inquisium’s survey solutions and offerings are part of the Cvent platform and infrastructure and we are proud of Cvent’s significant investment in state-of-theart infrastructure that exceeds customer expectations in performance, reliability and security. Cvent goes beyond the minimal requirement to ensure that data is safe with PCI level one compliance, all while maintaining a historical uptime above 99.99% (Link to level 2 page).

  1. REDUNDANCY All systems are redundant at hardware and software levels, and load-balancers distribute traffic through six geographically separate internet connections, maximizing reliability, performance and capacity.

  2. MONITORING With a high level of visibility into the system, staff can diagnose issues immediately – often before problems occur. Cvent’s Internet Operations team is constantly monitoring over 90,000 alert generating performance variables each hour to insure a consistently high level of service.

  3. AUDITING Application usage and logs are reviewed regularly, allowing Cvent to plan for future infrastructure needs, perform security sweeps, and to analyze infrastructure, security and disaster recovery capability.

  4. MAINTENANCE Cvent is built on Microsoft .Net and Linux platforms with C#, Java, HTML, and Javascript. Service packs and hotfixes are applied during regular maintenance periods, and the scalable distributed infrastructure allows for rapid server deployment. Data store are either replicated in real-time or hot backups are performed hourly. In the case of a disruption, applications will fail over to geographically separate, redundant backups.

  5. PHYSICAL SECURITY Our world-class, SSAE-16 data center is anonymous and uses embassy-grade barricades, biometric access, logged access to data center floors, silent alarms and closed-circuit monitors, all while protected by security personnel 24x7.

  6. NETWORK SECURITY Cvent uses a multi-layered approach based on proven security practices, including intrusion detection, permission-based firewalls, DoS protection, network and port address translation and restricted inter-server communication. Cvent conducts quarterly network level scans conducted by a 3rd party security firm. Data is transmitted through TCP/IP protocols.

  7. CONTROLLED ACCESS Cvent restricts access to your data based on the principal of least privilege. Access to all databases, applications, operating systems and physical media is strictly managed to ensure only individuals with a specified need have access to your data.

  8. APPLICATION SECURITY Our proprietary security model – with weekly host level scans – ensures that only credentialed users gain access to the system and permitted data. Data is transmitted via 256-bit SSL, credentials use PBKDF2 with 20,000 iterations and generates a 512-bit hash, and data at rest is encrypted with AES 256. Data is housed primarily on Microsoft SQL Server.

Invite Only Surveys:

Restrict survey access to only individuals who are invited to complete your survey.


Limit Survey Responses:

Deny survey entry to individuals trying to access the survey from a certain computer or IP addresses.


Password Protected Surveys:

Require a password to grant access to a survey.


Human Verification Process:

Prevent computer generated responses by displaying a an image of 5 characters that the respondent must replicate correctly to enter the survey.


SSL Surveys:

Add an another layer of encryption to your survey website to ensure survey respondents that the information they are inputting is secure.


Single Sign-On:

Control access, authentication, and authorization to your Inquisium account and data by requiring your employees to log in using your organization’s SAML supported authentication process.