As we say in German "If you shower you'll get wet".
So whenever you pass data from outside to a survey, there is some kind of possibility to breach total annonymity.
So if you add data to the survey link, you could always pass an ID that can identify the respondent. So the respondent has to trust you, that you don't do this. You are basically using individualized links, just like you would do with tokens.
Same for the token based approach. It is important to analyze data anonymously. As professional market researchers, Joffm and I have done "anonymous" surveys for years. However, we often need to be able to know who has participated (e.g. for paying incentives, include them into a prize draw, recontact them for an additional phase, quality control, etc.).
Yet, as we adhere to the ESOMAR code of conduct, we do NOT connect personal data with response data. We seperate those for analysis. So while we COULD connect them, we don't do it for the analysis.
Now, that being said, token based surveys have an anonymous mode, where the token is not included into the response table. There is a huge discussion going on, because in point of few the anonymous mode isn't that anonymous, because it allows to pass variables from the token table to the response table, just like you would pass this information on via the URL.
On the other hand, you really need to consider how anonymous a survey can be, where you know the the region and the professional role. Because depending on your database size this can already be enough to know to be able to find out who the respondent is. E.g. if you only have a few respondents from the same region and the roles are different, etc. But we can't help you there, as we do not know your sample.
In any way, I think "ethical" anonymity is probably overall stronger than "technical" anonymity, because later generally has flaws in one or the other way, while if your team is commited to the ethics of anonymity, even if technically you COULD breach anonymity, in practice you won't do it.
Read a bit about Survey participants in the manual. I don't really know those help pages and how useful they are. I always refer to the manual.
www.limesurvey.org/manual/Survey_participants
www.limesurvey.org/manual/manual/Partici...Anonymized_responses
So you can see that the data from the participant table is disconnected from the response table. But there is a loophole (which I harshly critize because it makes the anonymous mode not so anonymous), but in your case can be helpful.
You cann pass data from the token table to your survey and store it there with something like {TOKEN:ATTRIBUTE_1} saved to a hidden question.
Here you can read about the discussion of this "feature":
bugs.limesurvey.org/view.php?id=18253