Surveys and forms on the website — what really brings answers

Surveys and forms on the website — what really brings answers
Table of contents 10 sections

Where a survey on an SME site actually pays off

A survey or form on the website is first of all a tool with which you learn something you would not otherwise learn. Anyone using it correctly gains insights, leads, or feedback. Anyone using it wrongly gathers data no one evaluates, and annoys their visitors in the process.

The most common misconception: "a short survey in passing cannot hurt". Yes, it can. Every field costs attention, every unclear purpose costs trust, every piece of information gathered without use is a data-protection problem without counterpart. A serious survey has a clear occasion and a clear use — otherwise it does not belong on the page.

Andrea, owner of a 38-room hotel in the Carinthian mountains, had a long feedback form in the middle of her direct-booking process two years ago — fifteen fields, from reason for stay through breakfast choice to newsletter consent. Response rate: barely measurable. Then two changes at once: four fields instead of fifteen — "What was the highlight, what was the worst, would you come back, mail address for reply" — and a better moment, a short mail two days after departure instead of the form in the middle of the booking process. The rate rose to about one in five. The insights from these four fields changed more in one quarter than the fifteen fields had in two years.

Where it does not pay off

An honest negative list before listing use cases.

A survey is no substitute for a personal conversation. Anyone who seriously wants to understand why a customer did not buy or where a candidate got lost gains more insight from a phone call than from twenty completed forms.

A survey is also not market research. Market research demands representative samples, statistical significance, and controlled questioning logic. What you get on your website are voices of people who voluntarily answer — not infrequently disproportionately enthusiastic or disproportionately annoyed, hardly the middle.

A survey is, thirdly, no hidden marketing push. Anyone using a "survey on consulting quality" as a pretext for newsletter signups loses not only the data but also the trust of the people who answered honestly.

If you have understood these three points, you can work with the next sections. If you feel addressed by one of these points, you should review your plan once more before the next survey.

Four use cases that work in practice

From around 60 web-design projects, four form and survey setups crystallise out that regularly bring value to SMEs.

Lead qualification at first contact. Instead of a pure "Name, mail, message" form, ask three additional fields that prepare the conversation: What do you want to do, on what timeline, what budget. Three fields, one hour less phone research per enquiry, considerably more qualified incoming leads.

Feedback after service delivery. Three to five questions after the end of an order, stay, or course. What was good, what not, would you recommend us. Effect: concrete improvement knowledge plus a chance to react in case of a bad result before a review lands online.

Content idea gathering. On a blog or in the newsletter, build in a question: "Which question on topic X interests you right now?" Effect: ideas for the next pieces of content directly from the target group, without a consulting workshop. Prerequisite: a relevant target group with an incentive to give something back.

Career pre-qualification. With job openings, a mini form before the full application process: "What attracts you to this role, do you have professional experience in area Y." Effect: better pre-selection, more seriously meant applications.

All four share one property: they produce information you actually use. What you do not use does not belong in the form.

Short versus long — every field costs conversion

A hard rule of thumb from conversion research: every additional mandatory field in a form costs between 5 and 15 percent of response rate, depending on position and clarity[1]. Two fields more halve the response rate quickly.

The right question is therefore not "what would be nice to know", but "what do I need to react sensibly". Everything else comes in the follow-up conversation.

Three disciplines help reduce forms to the essential.

First, justify each field individually. For each field the question: what happens if I do not have this information — would answering the enquiry then no longer be possible? If yes, the field stays. If no, it goes.

Second, use optional fields sparingly. Optional fields are filled in reality by 5 to 15 percent. If a field is so important that the answers structurally influence you, it has to be mandatory. If it is so unimportant that it can stay optional, it usually does not belong in the form at all.

Third, combine fields. "First name" and "last name" can often become a single "name" field. "Street", "house number", and "postcode" often become a single "address" field. Every combined block reduces perceived complexity.

The most important question types

Six question types occur in practice. They differ not only formally but also in what they actually deliver in terms of insight.

Open text fields. Maximum depth, minimum evaluability. Sensible when you need qualitative stories — not sensible when you want to evaluate in large numbers. Rule of thumb: one open field per survey, no more.

Single choice. One answer from several options. Classic, clearly evaluable, good for multi-choice questions such as "reason for stay" or "industry".

Multiple choice. Several answers from several options. Good for "Which topics interest you" or "Which services do you need". Harder to evaluate because answer combinations scatter widely.

Scale questions. "Rate from 1 to 5." Works if the scale is clearly defined. In many SME surveys often misused because the middle of the scale ("3 out of 5") is hard to place in evaluation.

Yes-no questions. Fastest answer, but little depth. Sensible as a filter ("Were you invited?"), not sensible as a main question.

Net Promoter Score. "How likely would you recommend us, from 0 to 10." Probably the most well-known single question in the customer-satisfaction world. Has its justification — but only if you also follow up on the answer; otherwise it is a ceremony without effect.

GDPR and data minimisation

Every field you gather belongs in your data-protection declaration. Every piece of information you store must have a clear processing purpose. The GDPR demands this not from malice, but because the opposite — arbitrary data collection "for later" — is what historically made data protection problematic.

In practice that means four disciplines.

First, data minimisation. Gather only what you actually use. "Date of birth" on a contact form without clear purpose is data collection on stock — legally vulnerable under the GDPR.

Second, clear purpose. Each field must have a recognisable function that you explain transparently to the visitor. "Phone number for callback" is legitimate; "Phone number in case we want to call sometime" is not.

Third, consent with options. Anyone who also wants to be signed up for the newsletter must actively tick a box. The box must not be pre-checked — that has been unambiguously clarified since the 2019 cookie ruling.

Fourth, retention periods. How long you keep the data. A completed enquiry does not have to remain in your system forever — deleting data after closure is not just friendly but mandatory.

Anyone with a data-protection declaration in which the fields of their forms do not appear individually has an immediate need for reworking — usually with the responsible external data-protection officer or via a GDPR generator.

Built-in forms versus external survey tools

Two classes with different profiles.

The built-in form functions of your site. WordPress with Contact Form 7 or WPForms, kit-builder providers with their standard elements, custom programming. Advantage: everything stays on your domain, uniform look, no additional providers. Disadvantage: evaluation is usually basic, more complex surveys demand plugin effort, statistical depth often not possible.

External survey tools. Typeform, Tally, LimeSurvey, SurveyMonkey, Google Forms. Advantage: specialised tools, professional evaluation, better features such as branching logic ("if answer A, then ask B"). Disadvantage: third-country processing in many cases (GDPR-relevant), additional costs from a certain size, separate data-protection texts needed.

Which class fits depends on three questions. Do you need branching logic. Do you have more complex evaluation needs. How many answers do you expect.

For most SME surveys with fewer than 200 answers per month and at most six questions, the built-in forms suffice. Anyone planning a larger survey or wanting to evaluate regularly with differentiation goes to an external tool — with clear GDPR setup and transparent data-protection information.

LimeSurvey as a European open-source provider is a variant for sites with high GDPR sensitivity — public authorities, consultancy, healthcare. Tally has established itself as a cheaper alternative to Typeform, with clearer data-protection configuration.

Spam, bots, and form protection

Every public form is found within weeks of publication by automated bots and filled in. Anyone using no protective measures has a spam problem within one to two months that obscures real enquiries.

Three protection layers that work together.

Honeypot fields. A hidden form field only bots fill in. If the field contains content after sending, the input is discarded. Effort: minimal. Effect: in most cases filters 80 to 95 percent of automated enquiries.

Captcha or invisible bot detection. Cloudflare Turnstile and hCaptcha are the more GDPR-friendly alternatives to the classic reCAPTCHA from Google. Both work largely invisibly — visitors do not notice a check is running.

Rate limits. If too many form sendings come from one IP address in a short time, further submissions are temporarily blocked. Helps against brute-force bots and against mass spam.

These three layers together are enough in most setups. More protection only becomes necessary at very large or targeted sites — and is then a separate project belonging in the broader security context.

What you actually do with the answers

The most common mistake with surveys: they are set up, they run, the data accumulates — and no one looks at it. Three disciplines prevent that.

First, a fixed evaluation date. If the survey is running, the calendar gets a regular review — weekly, monthly, depending on volume. If that does not happen, you have a data dump.

Second, a reaction obligation for negative answers. If someone ticked "would not recommend", a personal reaction should come within a week. Not standardised, but real — "Sorry it was like that, may I briefly call you". The rate at which a negative feedback turns into a positive relationship is surprisingly high.

Third, a learning output. Per quarter a short summary "what have we learned from the answers, what do we change". If that does not take place, the survey is theatre without consequences.

Frequently Asked Questions

How many fields should a contact form have at maximum?

Three to five mandatory fields is the ideal range for first contacts. Every additional mandatory field costs 5 to 15 percent of response rate. On average only 5 to 15 percent of optional fields are filled, so define important data as mandatory and leave unimportant data out.

Which survey tool is GDPR-compliant?

LimeSurvey as a European open-source platform has the clearest GDPR profile. Tally and Typeform are usable, but require careful data-protection configuration and corresponding notices in the data-protection declaration. Google Forms is GDPR-problematic because the data processing takes place in the US.

When should I use built-in forms and when external tools?

Built-in forms for simple contact forms with three to six fields, fewer than 200 answers per month. External tools for more complex surveys with branching logic, larger samples, or professional evaluation needs. The decision depends not on price but on evaluation requirement.

How high is a good response rate for a website survey?

It mostly depends on the timing. A short, well-timed survey with three to five questions — for instance a mail shortly after completion or stay — realistically reaches 10 to 20 percent, with an incentive somewhat more. A survey in the middle of the process or with ten or more questions quickly drops into the low single-digit percent range. Anyone permanently under 5 percent usually has not a tool but a concept problem: too long, wrong timing, or no recognisable reason to answer.

How do I protect forms from spam and bots?

Three layers suffice in most cases: a honeypot field (hidden for humans, a bot entry is discarded), a captcha or invisible bot detection (Cloudflare Turnstile or hCaptcha as GDPR-friendly variants), and a rate limit for multiple submissions from the same IP address.

Do I have to mention every form in the data-protection declaration?

Yes, with the fields gathered, the processing purpose, and the retention period. Anyone with several forms on the site — contact, newsletter, application, survey — needs a separate section for each. Blanket formulations such as "we process your data in accordance with GDPR" are not sufficient.

What you can check today

Open your own site and count the fields in your contact form. If there are more than six, a reduction is the quickest lever for more and more qualified enquiries. Which spam and protection mechanisms should not be missing alongside is set out in the broader security overview for SME websites, where form protection sits as part of the same canon, not as a separate topic.

What is the next step?