Survey Consent & Privacy Notice

Please read this notice carefully before proceeding with the survey. This notice explains who is collecting your personal data, why it is being collected, how it will be used and retained, and the rights available to you under applicable data protection and privacy laws across multiple jurisdictions.

This notice is designed to comply with the following laws:

Your participation is entirely voluntary. By selecting ‘I Consent’ at the first question of this survey, you confirm that

1. Who We Are

Milestone Technologies Inc. (“we”, “us”, or “Milestone”) is the Data Controller/Data Fiduciary responsible for the personal data collected through this survey. This consent notice explains how we collect, use, store, and protect your personal data in connection with our customer satisfaction and Net Promoter Score (NPS) survey programme, delivered via SurveySparrow.

2. Survey Platform - Third-Party Data Processor / Service Provider

This survey is administered via SurveySparrow, a third-party software platform. The role of SurveySparrow under each applicable law is as follows:

SurveySparrow is contractually bound to:

SurveySparrow’s Privacy Policy: www.surveysparrow.com/privacy-policy

3. Categories of Personal Data / Personal Information Collected

3.1 Data You Provide Directly

3.2 Data Collected Automatically by SurveySparrow

3.3 CCPA / CPRA - Categories of Personal Information

For California residents, the above data maps to the following CCPA/CPRA statutory categories:

Sensitive Personal Data / Information

This survey is not designed to collect sensitive personal data (special category data under EU/UK GDPR), sensitive personal data under DPDPA, or sensitive personal information (SPI) under CPRA.

Please do not include health information, financial details, religious beliefs, biometric data, racial or ethnic origin, sexual orientation, or similar sensitive information in any free-text responses.

Philippines DPA note: We do not intentionally collect privileged information as defined under Sec. 3(l) of the Philippines DPA.

4. Purposes of Processing & Legal Basis

We process your personal data for the following specific, explicit, and legitimate purposes:

5. Data Retention - Indefinite Retention for Historical Data Mapping

Important: Indefinite Retention Policy

Milestone retains all survey response data INDEFINITELY. This is a deliberate and explicitly disclosed practice to enable longitudinal (historical) mapping of client satisfaction trends over time. Your responses will be preserved in their original identifiable form as part of a continuous dataset that tracks how individual client sentiment, product performance, and service quality evolve across months and years. You are being explicitly informed of this at the point of collection as required under all applicable laws listed in this notice.

5.1 Justification for Indefinite Retention

5.2 Jurisdiction-Specific Retention Disclosures

5.3 Ongoing Security Safeguards for Retained Data

6. Data Sharing & Disclosure

Milestone does not sell, rent, or trade your personal data to any third party. Your personal data may be shared only in the following limited and specific circumstances:

CCPA / CPRA - Right to Know About Disclosures

California residents have the right to know the categories of third parties to whom their personal information is disclosed. The only third party to whom Milestone discloses personal information is SurveySparrow, acting as a contracted Service Provider. This does not constitute a ‘sale’ or ‘sharing’ under CPRA.

7. International / Cross-Border Data Transfers

SurveySparrow is a US-based platform. Your data may be transferred to, stored in, and processed in countries outside your jurisdiction of residence, including the United States. The following safeguards apply:

8. Your Privacy Rights

Your rights depend on your jurisdiction of residence. To exercise any right, use the contact details in Section 10. We will respond within the timeframes required by applicable law.

8.1 EU / UK GDPR Rights (EEA & UK Residents)

8.2 India DPDPA 2023 Rights (India Residents)

8.3 Singapore PDPA Rights (Singapore Residents)

8.4 Philippines DPA Rights (Philippines Residents)

8.5 CCPA / CPRA Rights (California Residents)

California Privacy Rights - Mandatory Disclosure

California residents have specific rights under the CCPA (effective 2020) and CPRA (effective 2023). Milestone does not discriminate against you for exercising any of these rights.

8.6 Response Timeframes by Jurisdiction

8.7 Right to Erasure & Indefinite Retention

How Deletion Works Given Our Indefinite Retention Policy

If you exercise your Right to Erasure (EU/UK GDPR Art. 17), Right to Deletion (CCPA §1798.105), Right to Correction/Erasure (DPDPA §12), or equivalent right under PDPA or Philippines DPA, Milestone will permanently delete all personal data associated with your survey responses.

This includes all historical records across all survey cycles, stored in all systems including active databases, archival stores, and backups; within 30 days of your verified request.

Because Milestone does not anonymise data, there is no residual dataset that will remain after deletion. Your complete response history will be fully removed.

Please note: Exercising your right to erasure will remove your data from our longitudinal dataset, which may affect the completeness of historical analysis for your account.

9. Data Security

Milestone and SurveySparrow implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

9.1 Breach Notification Obligations by Jurisdiction

10. Contact Details, DPOs & Grievance Redressal

To exercise any right, withdraw consent, raise a concern, or submit a grievance, please contact us on privacy@milestone.tech

11. Children's Privacy

This survey is intended for business professionals and is not directed at individuals under the age of 18 (or such higher age as required by applicable law in your jurisdiction). Milestone does not knowingly collect personal data from minors.

If you believe a minor has submitted responses through this survey without parental consent, please contact us immediately at privacy@milestonetech.com so we can delete the relevant data.

12. Changes to This Notice

Milestone reserves the right to update or amend this notice to reflect changes in applicable law, regulatory guidance, or our data practices. Where material changes are made, we will notify you via the survey platform or by email (where contact details are held) with at least 14 days’ prior notice before the changes take effect. The version number and effective date at the top of this notice will always reflect the current version. Continued participation in surveys after notice of changes constitutes acceptance.

Skip to content