Privacy Policy for UX Researchers (GDPR-Compliant User Research)
Last updated February 02, 2026
This policy is written for UX researchers, product teams, and research participants who use Sharewell to run user research in the European Union. It explains what data we process, why we process it, and how we keep research data secure and GDPR compliant.
At Sharewell, privacy is a fundamental part of ethical UX research. We are committed to protecting personal data and ensuring that all research conducted through our platform complies with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.
This Privacy Policy explains how Sharewell collects, uses, stores, and protects personal data when you use our services.
1. GDPR compliance and data protection principles
Sharewell is an EU-based company and processes personal data in accordance with the GDPR, which establishes a uniform and high standard for personal data protection across Europe.
We process personal data lawfully, fairly, and transparently, and only for clearly defined purposes related to the provision of our UX research services. Data protection principles are applied by design and by default in both the planning and implementation of our processing activities. We implement appropriate technical and organisational measures to ensure compliance and to safeguard the rights and freedoms of data subjects.
2. What data we collect
Sharewell primarily collects registration and account data, including name, email address, login credentials, and role within the platform.
If, under a specific agreement, researchers process personal data of research participants through Sharewell, this data is processed solely for the purposes defined by the researcher and in accordance with GDPR requirements. Sharewell does not collect or process personal data beyond what is necessary to operate the platform and provide the agreed services.
3. How we use personal data
Personal data is used exclusively to:
- provide and operate the Sharewell platform,
- enable UX research activities such as usability testing, surveys, and studies,
- communicate important service, security, or account-related information,
- ensure platform security, reliability, and compliance with legal obligations.
All processing activities are lawful, proportionate, and documented.
4. UX research and research participant data
Sharewell is designed to support GDPR-compliant and ethically responsible UX research.
For research participants, personal data is processed only for the specific research purpose, access is limited to authorised researchers, and data may be anonymised or deleted upon request where applicable.
For researchers, Sharewell acts as a data processor, while researchers remain the data controllers for their studies. The platform supports researchers in meeting their GDPR obligations when conducting user research.
5. Data storage and international transfers
Sharewell is an Estonian company and primarily processes data within the European Union.
Where personal data is transferred outside the European Economic Area, such transfers take place only with appropriate safeguards in place, including Standard Contractual Clauses or other mechanisms permitted under applicable data protection law. Personal data is protected in accordance with this Privacy Policy regardless of where it is processed.
6. Security measures
We use commercially reasonable physical, technical, and organisational safeguards to protect personal data. Data is transferred via secure HTTPS/SSL channels, and access to systems is restricted to authorised personnel.
While no system can guarantee absolute security, Sharewell takes all reasonable steps to protect personal data from unauthorised access, disclosure, alteration, or destruction. In the event of a personal data breach that poses a risk to data subjects, we notify the competent supervisory authority without undue delay and, where required, within 72 hours.
7. Your privacy rights
As a data subject, you have the rights provided under the GDPR, including the right to:
- access your personal data,
- request rectification or erasure,
- restrict or object to processing,
- request data portability,
- withdraw consent at any time without affecting prior lawful processing,
- lodge a complaint with a supervisory authority.
Requests can be submitted by email to info@sharewell.eu from the email address associated with your Sharewell account.
8. Email communication and newsletters
We send newsletters only to users who have provided explicit consent. Where required, we use a double opt-in process. Each newsletter includes an unsubscribe option, which allows you to withdraw your consent at any time.
Unsubscribing from newsletters does not delete your account or personal data stored on our servers. To request complete data deletion, please contact info@sharewell.eu.
9. Minors
Sharewell is not intended for use by minors. If we become aware that personal data relating to a minor has been collected, such data will be deleted without delay.
10. Contact information and Data Protection Officer
For questions or requests related to this Privacy Policy or the processing of personal data, please contact:
General inquiries: info@sharewell.eu
EU Representative: sten.kreisberg@sharewell.eu
Data Protection Officer: sten.kreisberg@sharewell.eu
11. Governing law
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Estonia. Any disputes shall be subject to the exclusive jurisdiction of the courts of Tallinn.
12. Changes to this policy
Sharewell may update this Privacy Policy from time to time. Users are encouraged to review it periodically. Continued use of the Sharewell services after changes take effect constitutes acceptance of the updated policy.
Data Processing Addendum
This Data Processing Addendum forms an integral part of the Sharewell Terms of Service. Where Sharewell acts as a processor of personal data on behalf of researchers, processing is carried out strictly in accordance with documented instructions and applicable data protection law.
Learn more about how Sharewell supports ethical and GDPR-compliant UX research on our platform.
