# Data Protection Impact Assessment (DPIA)
## For Online Survey Research via Istražimo Platform

**Pre-populated template for researchers to present to ethics committees.**

---

### 1. Description of Processing

| Field | Details |
|---|---|
| **Research tool** | Istražimo (istrazimo.rs) — online academic research platform |
| **Type of processing** | Collection, storage, and statistical analysis of survey responses |
| **Data controller** | [YOUR NAME / INSTITUTION] |
| **Data processor** | Istražimo (The Absurd Solutions), Novi Sad, Serbia |
| **Data location** | AWS eu-central-1 (Frankfurt, Germany) — within EU |
| **Processing duration** | For the duration of the study, plus retention period as configured |

### 2. Categories of Data Collected

**From survey respondents:**
- Survey responses (as defined by the researcher's instrument)
- Minimal metadata: timestamp, completion status, time spent per question
- **NOT collected:** IP addresses (anonymized by default), tracking cookies, device fingerprints

**From researchers:**
- Account data (email address, name)
- Survey content and configuration
- Usage data (features used, login frequency)

### 3. Legal Basis for Processing

| Basis | Applicable when |
|---|---|
| **Consent (Art. 6(1)(a))** | Respondent provides informed consent before completing the survey. The platform includes a built-in informed consent builder. |
| **Legitimate interest (Art. 6(1)(f))** | For anonymous surveys where respondents cannot be identified. |
| **Public interest (Art. 6(1)(e))** | For research conducted by public institutions in the public interest. |

### 4. Necessity and Proportionality Assessment

| Criterion | Assessment |
|---|---|
| **Purpose limitation** | Data is collected solely for the specified research purpose. |
| **Data minimization** | Platform collects only survey responses and minimal metadata. No IP addresses, no cookies, no unnecessary personal data. |
| **Storage limitation** | Researcher controls retention period. Automatic deletion via TTL is available. |
| **Accuracy** | Respondents can review answers before submission. |
| **Integrity and confidentiality** | AES-256 encryption at rest, TLS 1.3 in transit (see Section 6). |

### 5. Risk Assessment

#### 5.1 Anonymous surveys (LOW RISK)
If the survey does not collect identifiable data:
- **Risk level:** LOW
- **Likelihood of harm:** Very low — respondents cannot be identified
- **Severity:** Minimal — anonymous responses have no personal impact

#### 5.2 Surveys with personal data (MEDIUM RISK)
If the survey collects names, emails, or other identifiers:
- **Risk level:** MEDIUM
- **Likelihood of harm:** Low — data encrypted, access controlled
- **Severity:** Moderate — personal data could cause distress if exposed

#### 5.3 Sensitive data surveys (HIGHER RISK)
If the survey collects health data, political opinions, sexual orientation, etc.:
- **Risk level:** MEDIUM-HIGH
- **Likelihood of harm:** Low — strong technical measures in place
- **Severity:** High — sensitive data requires additional safeguards
- **Additional measures:** Consider pseudonymization, shorter retention, restricted access

### 6. Risk Mitigation Measures

| Measure | Implementation |
|---|---|
| **Encryption at rest** | AES-256 (AWS managed keys) |
| **Encryption in transit** | TLS 1.3 |
| **IP anonymization** | Enabled by default — no IP addresses stored |
| **No tracking cookies** | Platform uses only session authentication cookies |
| **Access control** | Role-based (owner, admin, researcher, viewer) |
| **Data export** | Available at any time in CSV, SPSS, Excel, R formats |
| **Data deletion** | Immediate and irreversible deletion available at any time |
| **Automatic deletion (TTL)** | Configurable automatic data expiry |
| **Informed consent** | Built-in consent builder with configurable checkboxes and digital signature |
| **Right to withdraw** | Built-in withdrawal mechanism — respondents can withdraw at any time |
| **Backup** | Daily encrypted backups, 30-day retention |
| **Monitoring** | CloudWatch alarms, access logging |
| **Breach notification** | Processor notifies controller within 72 hours |

### 7. AI Processing (If Applicable)

**If you plan to use AI features (thematic coding, sentiment analysis, AI insights):**

| Field | Details |
|---|---|
| **AI provider** | Amazon Bedrock (Anthropic Claude), EU region |
| **Data sent** | Text of open-ended responses only |
| **Data retention by AI** | None — data is not retained after processing |
| **Opt-in** | AI features must be explicitly enabled per study |
| **Alternative** | All non-AI features are fully functional without AI |

**Risk assessment for AI processing:**
- **Risk:** Open-ended response text is transmitted to a third-party AI service
- **Mitigation:** Processing occurs in EU region, no data retention, researcher explicitly opts in
- **Recommendation:** If your ethics committee prohibits sending data to AI services, disable AI features — all other platform functionality remains available

### 8. Data Subject Rights

The platform supports the following GDPR rights:

| Right | How it's supported |
|---|---|
| **Right to information** | Informed consent presented before survey completion |
| **Right to access** | Researcher can export all data at any time |
| **Right to rectification** | Researcher can modify study data |
| **Right to erasure** | Immediate, irreversible deletion available |
| **Right to portability** | Export in CSV, SPSS (.sav), Excel, R format |
| **Right to withdraw** | Built-in withdrawal mechanism for respondents |
| **Right to restrict processing** | Study can be paused at any time |

### 9. Sub-processors

| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure and storage | Frankfurt, Germany (eu-central-1) |
| Amazon Bedrock (Anthropic) | AI analysis (optional) | EU region |
| Stripe | Payment processing | EU/US |

### 10. Conclusion

Based on the above assessment:

- The processing is **necessary** for the legitimate purpose of academic research.
- The processing is **proportional** — only necessary data is collected, with minimal metadata.
- **Technical and organizational measures** are adequate to protect data subjects' rights and freedoms.
- The platform is **GDPR compliant** and provides tools for researchers to meet their own compliance obligations.
- **AI processing** is optional and can be disabled if required by the ethics committee.

**Researcher signature:** ___________________________

**Date:** ___________________________

**Ethics committee reference:** ___________________________

---

*This template was generated by Istražimo (istrazimo.rs). For questions: legal@istrazimo.rs*

*Last updated: 2026-03-28*