Legal

Terms & Conditions

Important information: Updates to our General Terms of Service (“ToS”)

The new updated version will apply to all new customers from the publishing date on January 15, 2019.

For existing Customers, the changes will become effective on the date as stated in the ToS.

We are also happy to announce that our Data Protection Agreement (DPA), which sets the terms on how Personal Data is processed between Netigate and our Customers, is now a part of the ToS. This is important for the compliance to GDPR for Netigate and for our Customers and provides an effortless way for You to handle commissioned data for processing when using Netigate.

For existing Customers with valid DPA’s, the old DPA’s will still maintain effective, and you will be contacted should any changes or amendments be needed.

Changes include:

• Inclusion of Data Processing Agreement (unless otherwise stated)
• Adjustments for GDPR compliance
• Minor language clarifications
• Minor changes in disposition

Download Netigate General Terms (PDF)

For Customers of Netigate Deutschland GmbH separate Terms of Service apply (DACH, Deutsch).

Für Kunden der Netigate Deutschland GmbH gelten diese Allgemeinen Geschäftsbedingungen.

Download General Terms of Service DACH Deutsch (PDF)

Legal

Through the usage of Netigate both we and our customers contact a large amount of respondents. It is very important that our survey tool users show respect towards the respondents and their integrity. To maintain the highest level of quality in Netigate and security for our customers, we have strict rules and policies that our users must follow. Please contact Netigate to receive your copy of the Netigate General terms and conditions.

How to contact us

Stockholm – Head office
Netigate AB
Drottninggatan 29
111 51 Stockholm
Sweden

Phone: +46 (0)8 411 71 10
Org.nr: 556576-0997

Security in Netigate

Security is a highly prioritized area for us and we continuously work to maintain the highest level of security. Our servers are hosted by one of the leading providers in Sweden. All data is currently backed up and stored in multiple locations. Netigate provide systems that discover any attempts to intrude and immediately notify us if that situation should occur. Access to the service is blocked while the investigation takes place.

Anti-Spam Policy

The general terms and conditions regulate the usage of Netigate. We care about our customers and the respondents that receive surveys through Netigate. Therefore we have a strict policy against spam.

Information about cookies

To be able to give you as a visitor on our web site a smooth and personal experience we use cookies. Learn more about cookies and how we respect and protect your privacy.

General Disclaimer

The information contained in this website (not the survey tool) is for general information purposes only. The information is provided by Netigate AB in Sweden and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you might be able to link to other websites which are not under the control of Netigate AB, Sweden. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, Netigate AB in Sweden, takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Privacy Policy

In the following, we would like to inform you about the processing of personal data in line with the usage of our Internet pages. According to Article 4 of the General Data Protection Regulation (GDPR), “personal data” is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”), which can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The legal basis of data protection can be found in the GDPR.

Data controller and processing of data

Data Controller

The party responsible for this website (“the controller”) is Netigate AB (Swedish Org. ID 556576-0997, below called Netigate, US or WE, Address: Drottninggatan 29, SE-11151, Stockholm, Sweden).

Legal basis of data processing

In order to be able to offer you our website and the associated services, we process personal data on the following legal basis:

• Consent (Article 6 (1) (a) GDPR)
• for the fulfillment of contracts (Article 6 (1) (b) GDPR)
• on the basis of a balance of interests (Article 6 (1) (f) GDPR)
• to fulfill a legal obligation (Article 6 (1) (c) GDPR)

We will refer to the respective terminology in the context of the respective processing, so that you can classify the basis on which we process personal data.

If personal information is processed by you based on your consent, you have the right to revoke your consent to us at any time with future effect.

If we process data based on a legal balance of interests, you, as the person concerned, have the right to object to the processing of your personal data, considering the requirements of Article 21 GDPR.

The purpose of processing personal data

Netigate will generally process personal information transmitted to or collected by us to meet our legal or contractual obligations to our customers, employees and suppliers and to provide our services

This includes the following cases:

• to ensure access to and use of our services (including billing), in particular to publish advertisements and other content of the User, and to measure and improve the quality and success of our services, our services safe and operational hold.;
• to enforce our terms and conditions, this Privacy Policy or other policies.
• We use the personal data to pursue our legitimate interests, provided the interests or fundamental rights and freedoms do not predominate (Article 6 (1) (f) GDPR). We have introduced controls to reconcile our interests with the rights of the Netigate user. On this basis, we use the data as follows:
• to improve our services, e.g. For example, by reviewing information related to blocked or crashed pages so that we can identify and resolve issues and provide a better user experience;
• to verify the quality and success of our email marketing campaigns (e.g. by analysing opening and click rates);
• to monitor and improve the information security of our services.

If you apply through our website, we will process personally identifiable information about you for the purpose of your application for employment, to the extent that this is necessary for the decision to establish an employment relationship with us. The legal basis is § 26 para. 1 in conjunction with para. 8 sent. 2 BDSG.

Furthermore, we may process personal data about you, as far as this is necessary to defend against asserted legal claims from the application process against us. The legal basis is Art. 6 para. 1, letter f DSGVO; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Insofar as employment arises between you and us, pursuant to § 26 (1) BDSG we may further process the personal data you have already received for employment purposes, if this is necessary for the execution or termination of the employment relationship, or for performance or fulfilment of required by law or a collective agreement, an operating or service agreement (collective agreement) and duties of employee representation.

Duration of storage of personal data

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements and / or there is no legitimate interest in the re-storage on our part. Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. i.e. the data is blocked and not processed for other purposes. This applies, for example, for data that must be kept for commercial or tax reasons.

However, it can be necessary to store data in order to fulfil contractual obligations to examine warranty and guarantee claims. In addition, it is indispensable to store data to grant or defend the mentioned claims.

In order to comply with the statutory retention period, a deletion shall only be carried out after expiration of the respective retention period.

If you have sent us your job applicant data, we will store your personal data for the duration of the application process. If the application does not result in a job offer, we may also continue to store data as required to defend against possible legal claims. The application documents will be deleted six months after a rejection decision has been communicated to the candidate, unless a longer storage due to litigation is required.

Information processed in a Netigate survey

Your privacy is important to us, and we want you to feel secure when answering our surveys. Therefore, the following part of the Privacy Policy concerns the respondent information we collect a survey is answered. All participation in our surveys is voluntary and our business conduct takes great consideration in preserving the privacy and integrity of our respondents.

When answering our surveys, the personal information registered in the tool is

• The information that the company conducting the survey has entered about you as the respondent, in most cases this is the email address or phone number through which you received the survey link
• The responses from the survey
• The time of response
• The geo location lookup (no IP stored)

In case the survey is anonymous, no information is registered automatically that can be linked to you as a respondent. Only the date and time of your response is stored in this scenario. The service does not use cookies for the respondents other than in one particular survey distribution setting of one response per person,  which you can read more about in the above link. Any personal information provided by you in responding to questions is regarded as voluntarily submitted and will be stored according to local legislation.

No personal information will be shared to a third party unless specifically stated in the survey or without your specific consent. If required by law, personal information may be submitted to local authorities upon request.

Site Visitor Data

When you visit our website we may process personal data in order to be able to provide a user friendly experience of the website on your device.

For the pages to be displayed in your browser, the IP address of the device you are using must be processed. There is also more information about the browser of your device.

In terms of data protection, we are also obliged to guarantee the confidentiality and integrity of personal data processed using our IT systems.

For this purpose, the following data are logged based on a legal balance of interests:

• IP address of the connecting computer (when opening the website)
• Operating system of the connecting computer
• Browser version of the connecting computer
• Name of the retrieved file
• Date and time of access to the internet site
• Volume of data transferred
• Referring URL
• Chat history including IP-address

The IP address will be deleted after 7 days at the latest from all systems used in connection with the operation of this website, except the chat which needs to store the IP address longer to keep the chat history. A chat history is deleted after 3 months. We can no longer produce a personal reference from the remaining data.

The data is also used to detect and correct errors on the website.

Contact form

We offer a contact form on our website where you can request information about our products or services or contact us in general. The data required by you to answer a request has been marked as mandatory. Information on further data fields is voluntary.We need this information to process your request, to contact you correctly and to provide you with an answer. The data processing takes place with concrete inquiries to the fulfillment of a contract or the contract signing. For general inquiries, the processing is based on a comparison of interests.Inquiries received via the contact form on our website will be electronically processed by us to answer your request. In connection with this, other persons or departments and possibly third parties may also receive knowledge of the form contents that you have sent.The transmission of the data form is done safely via encrypted internet connections.

Free Account

When you open a free account at Netigate, you consent to Netigate’s General Terms of Service and Data Processing Agreement.

We offer the opportunity to register to open a free account directly on our website with a double opt-in. The data entered (name, company name, phone number, email address and password) during your registration is encrypted, collected and stored solely for the use of our services. If you choose to register on our website, we will save the date and time of registration. This serves as a protection, in case of a third party abusing your data and making a registration on our website without your knowledge. The legal bases for the processing are Article 6 (1) (b) and Article 6 (1) (f). GDPR.

Newsletter

We might add the functionality to subscribe to an email newsletter on our website. In addition to the voluntary information in the respective form, we only process your email address. This is necessary in order to be able to send you the newsletter.

Existing clients will receive email information from us including newsletters with product updates and other information.

When you contact us, you will be added to our email list as it may, according to Article 6 (1) (f) GDPR, be deemed of interest. You can unsubscribe from the newsletter at any time. Alternatively, you will find a link to unsubscribe in each newsletter email.

To be able to analyse the popularity of our newsletter releases and optimise them, we log when emails are opened, and links are clicked. This usage analysis is based on a balance of interests. You can object to this processing by unsubscribing from the newsletter.

Cookies

Cookies are used on our website. Cookies are small text information stored in your device via your browser. Cookies are required to enable certain features of our website.

Please refer to our cookie policy at https://www.netigate.net/legal/#cookies where you can also find our cookie declaration, which outlines which cookies are used on the site.

The use of cookies is based on a balance of interests. Our goal is to create a user-friendly experience on our website.

Voluntary information

As far as you have data opposite us e.g. voluntarily provide in forms and these are not required for the performance of our contractual obligations, we process these data in the legitimate assumption that the processing and use of this data in your interest.

Recipient /Disclosure of data

Data that you provide to us will generally not be disclosed to third parties. In particular, your data will not be disclosed to third parties for their advertising purposes.

However, we may use service providers for the operation of this website or for other products or services. Here it can happen that a service provider receives knowledge of personal data. We carefully select our service providers – in particular with regard to data protection and data security – and take all data protection measures necessary for permissible data processing.

We are using the following service providers for our site:

Web analytics

This website uses the web analytics tool Google Analytics provided by Google, Inc. (“Google”). The purpose of the assignment is the “needs-based design” of this website, which is carried out on the basis of a balance of interests. The web analysis also allows us to fix website errors, e.g. to recognize and correct faulty links. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow analysis of how users use the site. In this case, so-called. “Client IDs” are used, which serve to create pseudonymous user profiles that collectively cover the use of the Internet pages by desktop computers and mobile devices by a user.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Since we have activated the so-called IP anonymisation on this website and have concluded a corresponding order processing contract with Google, your IP address will be shortened beforehand by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will not associate your IP address with any other data held by Google.

Google is certified according to the so-called “Privacy Shield” ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI). A reasonable level of privacy is guaranteed by Google.

You may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the link below (http://tools.google.com/dlpage/gaoptout?hl=en) to download and install the available browser plugin. This also excludes you from remarketing.

Alternatively, you can – especially with mobile devices – prevent the collection by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout/

An opt-out cookie is then set, which prevents the future collection of your data when visiting this website.

For more information about the Google Analytics terms of service and privacy notices, please visit: https://policies.google.com/privacy.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Analytics and advertising

We do not use any of the following when you are an existing customer based on your logged in behaviour in the Netigate tool. This section applies to our general site experience.

Custom Audience ads

We may show you interest-based advertising with your permission when you are using Facebook through their service called Custom Audience Tool, which enables us to personalise our ads or remarket based on the sections of the site you visit for example.

We may also use this to create similar audiences in our marketing.

Facebook Pixel

Our website use the Conversion tracking pixel from Facebook which means that after clicking on a Netigate ad we are able to track the return on investment and pass user defined and application-specific events to Facebook for reporting and statistical purposes. This data is processed by Facebook and at this time they can according to their Data Use Policy use the data for their own advertising purposes. This is done through the placement of a pixel or cookie.

To remove yourself from this usage (only users above age 13 can give permission) you can do this here: https://www.facebook.com/ads/website_custom_audiences/

Customer Match

We may if you have given permission use Googles customer match to adapt or exclude users from our marketing.

Read more about how Google uses this data (https://support.google.com/google-ads/answer/6334160?hl=en&ref_topic=6296507)

LinkedIn Matched Audiences

With your permission we may also apply the same logistics as with Google and Facebook in LinkedIn, read more about custom audiences and remarketing here: https://business.linkedin.com/marketing-solutions/ad-targeting/matched-audiences

The LinkedIn Insight Tag can collect data, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days.

To opt our from interest based marketing on LinkedIn this can be done here:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out/

Google webfonts

We use so-called Google webfonts on our websites. It downloads fonts from Google servers, which serve to improve the design of the website. The data processing takes place on the basis of a balance of interests, whereby our interest lies in an attractive design of the Internet.

These fonts are downloaded from Google servers, which are usually located in the United States. The adequate level of data protection is guaranteed by Google (list entry “Privacy Shield”).

Applications via Teamtailor

If you would like to apply for a position via our website, this is done via the service provider “Teamtailor.com”. They have a separate privacy policy, which we display here so that the processing of your data is transparent regardless of how you contact us with your job application.

Purposes of processing personal data

We process the aforementioned data for the operation of our website and for the fulfillment of contractual obligations towards our customers or the preservation of our legitimate interests.

For inquiries from you outside an active customer relationship, we process the data for sales and advertising purposes. You may object to the use of your personal data for promotional purposes at any time.

Data processing outside the European Union

If personal data is processed outside the European Union, you will be able to recognize this from previous information.

Security

We are using all necessary technical and organizational security measures to protect your personal data from loss and misuse. Your data is saved in a secure operating environment that is inaccessible to the public. Furthermore, data is encrypted during the transfer by so-called Transport Layers Security (TLS). This means that an approved encryption procedure is used for communication between your computer and our servers.

Existence of automated decision-making

As a responsible company we refrain from automatic decision-making or profiling.

Data Protection Officers

Netigate Group appoints external Data Protection Officers. You can reach them as follows:

Your rights as a data subject

You have the following rights granted by the European directive and regulatory body. If you want to claim any of the rights below, please contact us at the address above.

• Right to confirmation and right to information – we will gladly confirm to you whether we process personal data about you, what data it is and for what purpose it will be processed.
• Right to correction – if the data stored with us should be wrong, we are of course happy to correct it.
• Right to delete – If you wish to delete your personal data, we will, as far as legally possible, comply with your request. As far as data must be kept for legal reasons, these are blocked. The data is then no longer available for further use.
• Right to restriction of processing – if you wish to restrict the use, we will, as far as legally possible, comply with your request.
• Right to objection – if you wish to object to any given consent, we will act on your request.

You also have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data.

Change of this privacy policy

We revise this Privacy Policy in the event of changes concerning this website whenever it may be required. You will always find the current version on this website.

Cookie Policy

To give you as a visitor a smooth and personal experience we use cookies. By using this website and agreeing to our cookie settings you consent to the processing of data by Netigate in accordance with the terms of this policy.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

Data stored as necessary cookies are for example:

• Browsername/ -version
• Operating System
• Referrer URL
• Hostname (IP Adress)
• Time of the server request
• Font preferences
• Cookie Consent

How we use cookies

We use cookies to personalise your experience, content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.Netigate follows a strict anti spam-policy in accordance with the GDPR guidelines.Your cookie consent applies to the following domain(s): https://netigate.net, https://enterprise.netigate.net, https://success.netigate.net/We do not use any marketing cookies such as Google Analytics on the Netigate survey tool itself on the following domains ntgt.de and https://netigate.se

Cookies on our website

Our sites uses different types of cookies depending on the user session.
We may use the following cookie types:  Session Cookies
These cookies are temporary and expire once you leave our site. Permanent Cookies
Permanent cookies may stay on your disk for some time (up to 12 months) after the session has ended. These cookies may hold data such as login details and contact information, so that you don’t have to type them in every time you use the site. We have cookies on the login page to the Netigate tool e.g for the purpose to recognise your login email, but none once you are in a logged-in mode in your account.First-party Cookies
First-party cookies are issued from Netigate’s domains. These cookies often serve to give memory to the website about your data and preferences.

Third-party Cookies

Third-party cookies are cookies that are set by a website/service other than Netigate’s domains. We may use the information we obtain from your use of our cookies for the following purposes:(1) to recognise your computer when you visit our website;
(2) to track you as you navigate our website, and to enable the use of login and webforms on our website;
(3) to improve the website’s usability;
(4) to analyse the use of our website;
(5) to personalise our website for you;
(6) to save your cookie settings;
(7) to remarket our services on third party websites.
More information about each cookie, such as provider, purpose, usage and duration can be found below in our cookie declaration.Google AnalyticsGoogle Analytics is a software solution for webmasters and helps us to get access to e.g. user statistics and to adjust certain parts of our content regarding user needs. Cookies also help third-party providers (e.g. Google) to recognize which content and advertisements across multiple websites were interesting for users.All cookies by Google can be identified and start with “__utma”, “__utmb”, “__utmc”, “__utmv”, “__utmz”. None of these identify you personally.Please refer to the web analytics section of our Privacy Policy for more information

Blocking or deleting cookies

You may refuse the use of cookies by selecting the appropriate settings in your browser or by removing your consent. Please note that if you do this you may not be able to use the full functionality of our websites.Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on. You can also opt-out from interest based advertising on the Network Advertising Network.To remove cookies that are already implemented simply reset your cookie preferences in your browser settings. If you have visited us from different web browsers you need to reset the settings in each web browser.

Other

There might be content on our domains linking to other websites, which also use cookies. Netigate AB has no responsibility in how these websites handle and store their cookies.Don’t hesitate to contact us if you have questions about how we use cookies.

Cookie Declaration Cookie declaration was last updated on 2018-10-22 by Netigate AB

Necessary Cookies (6)
Necessary cookies help make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference Cookies (15)
Preference cookies enables our website(s) to remember information that changes the way our website(s) behaves or looks, like your preferred language or the region that you are in.

Statistic Cookies (7)
Statistic cookies help us to understand how visitors interact with our websites by collecting and reporting information anonymously.

Marketing Cookies (20)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Unclassified Cookies (5)
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

GDPR

Netigate is one of the leading European providers of cloud-based services for online surveys. We help organisations gain valuable insights, make better business decisions and improve processes.

While doing so, we will maintain the value of privacy and preserve the ability for you to control how your data is collected and stored in accordance with the General Data Protection Regulation.

This starts with making sure that you get clear choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.

Netigate’s compliance with the General Data Protection Regulation (GDPR)

Key Points of the General Data Protection Regulation (GDPR)

• New data protection laws for organizations that handle personal data within EU and EEA countries.
• GDPR will replace current data protection laws starting the 25th of May 2018.
• GDPR restricts how organizations can collect, store, and process personal data.
• GDPR aims to give each individual full control of how his/her personal data is handled.
• GDPR provides clear regulations regarding transparency connected to processing personal data.
• Strict sanctions for organizations that does not comply.

How Does the GDPR Affect Feedback Collection?

• Collecting and assessing feedback from individuals is a way of processing personal data under the GDPR.
• According to GDPR, the organisation that collects the feedback and determines the purpose of processing is the “Controller”.
• GDPR requires that a Controller process personal data in accordance with its rules and principles.
• According to GDPR, a supplier that processes personal data on behalf of the Controller assumes the role as “Processor”.
• A Controller that wants to use a Processor (for example Netigate) for their feedback collection, needs to ensure that the processor is compliant with GDPR.
• A Controller that wants to use a Processor for gathering feedback processes and procedures must enter into a Data Processing Agreement (DPA) with the Processor. Netigate has this mandatory DPA available for its customers.

Netigate and the GDPR – be on the Safe Side With us

A business with a problem that needs a solution Collecting and assessing feedback from your customers, employees or other individuals within the EU and EEA countries is considered processing personal data. Therefore, it is your responsibility to comply with GDPR as well as document your compliance. As a customer of Netigate you’re on the safe side.

GDPR Focus

One of Netigate’s highest priorities is and has always been data security. Netigate’s focus to comply with GDPR began in April 2016, when EU executed the new legal framework. As a result, Netigate assembled a dedicated GDPR team with the CEO as well as representatives from each department to ensure that every part of the company is compliant.

Located in Europe

Netigate’s headquarters are located in Stockholm, Sweden. Netigate only uses EU-based servers to ensure data protection and security. Netigate offers server locations in Germany and Sweden for our customers. Netigate only utilises certified data centers according to the international information security standard, ISO 27001.

PERSONAL DATA PROCESSING

WHO IS WHO IN THE GDPR

The Respondent is the DATA SUBJECT

Respondent provides input into the survey, and must provide the Controller consent for processing.

Netigate’s customers are the CONTROLLERS

The Controller must receive legal consent (typically consent or a contractual relationship) for processing personal data. The Controller defines the purpose as well as the data lifecycle and retention time. The Controller is always in full control of the data. The Controller is the contact point for the Data Subject.

Netigate is the PROCESSOR

Netigate provides the software tool used by the Controller. The tool includes functionalities that allow customers to fulfill the requirements and principles in accordance with the GDPR. Netigate performs support and services. Netigate provides the required security measures. Data Processing Agreement (DPA) in place with Customer.

Netigate’s hosting provider is the SUB-PROCESSOR

Netigate uses certified hosting providers across a range of data centers to meet the highest security requirements. To ensure data confidentiality, integrity, and accessibility, Netigate takes the necessary and relevant technical and organizational security measures. Data Processing Agreement (DPA) in place with Netigate.

Other Netigate entities may be SUB-PROCESSORS

Support and services may be provided by other entities within Netigate.

Security of Highest Standard

Netigate continues to be the first and safest choice for data security. Netigate strictly follows German security requirements since Germany maintains the highest security standards in Europe. Netigate has several action points in place that aligns with GDPR, which include the following:

• Maintain confidentiality with access control measures for systems and data
• Secured integrity by encrypted data transfers
• Availability is ensured by regular data and storage backups and disaster recovery plans
• Customer data is logically separated for each customer to ensure confidentiality and integrity
• Continuous penetration tests conducted by external third-party security providers
• Notification of data breach

Privacy and Consent

Netigate has implemented strategies and functions compliant with GDPR’s guidelines by respecting individuals’ rights to control their personal data. This is one reason why Netigate requires personal consent. As a Netigate customer (the Controller), you will always have:

• Full control of your data while using the Netigate platform. This can be accessed through the account settings. Users have the option to permanently remove all data associated with a particular Netigate account at any time.
• There are several privacy settings available, such as set data retention policies, automatic anonymising or the immediate removal of all personal data.
• There is an editable consent collection functionality available for surveys.

Detailed Documentation – for Your and our Safety

GDPR has strict requirements regarding processing documentation. The Controller is responsible for collecting documentation from the Processor. As a Netigate customer, you will have access to required documentation regarding the processing of personal data in the Netigate platform.

Employee Confidentiality

All Netigate employees operate and must abide by non- disclosure agreements. Netigate employees are also subject to privacy training and awareness. All Customer data is considered confidential. Internal access is restricted and is only granted on a need-to-know basis.

Employees are not permitted to enter customer accounts or surveys without explicit approval. Our Netigate employees know how to protect your integrity.

Legal Terms

A mandatory GDPR compliant Data Processing Agreement available (if personal data is processed).

Netigate’s work on privacy

Download the full PDF

What you need to know about the GDPR when collecting feedback in Europe

Introduction

On May 25th, 2018, the European Union’s (EU) new data protection framework, the General Data Protection Regulation (GDPR), will come into force. It is the most significant piece of data protection legislation to date and will impact any organization that processes personal data in connection with goods/services offered to an EU resident, or monitors the behaviour of persons within the EU. The GDPR strengthens individuals’ privacy rights through stricter limits on the processing of their personal data, significantly expanding their rights over their data, and providing increased transparency into the nature, purpose, and utility of it.

GDPR Overview

As a regulation instead of a directive, the GDPR becomes enforceable as law in all EU member states simultaneously on this date. It replaces the separate member state implementations of data protection law, streamlining compliance by providing a single set of principles to follow.

The scope of this new regulation covers all organizations that process the personal data of EU residents or monitor individuals’ behaviours conducted within the EU, regardless of the entity’s location. The terms processing and personal data are defined broadly: processing involves “any operation or set of operations which is performed on personal data” and personal data means “any information relating to an identified or identifiable natural person (‘data subject’).” The GDPR outlines various requirements for Controllers (entities who determine the purposes and means of the processing of personal data) and Processors (entities who process personal data as directed by a Controller).

Suggested Steps for GDPR Compliance

There are several steps that companies should take in anticipation of May 25th 2018, which Netigate have already implemented, such as:

• Form a GDPR compliance team and assign responsibilities
• Undertake a GDPR readiness assessment
• Evaluate requirements for a Data Protection Officer and appoint one if necessary
• Implement policies and procedures to respond to data subjects’ rights requests
• Review and update processor and sub-processor agreements
• Create a record of personal data processing activities
• Obtain, document, and maintain a legal basis for each processing activity
• Update privacy and security policies and procedures
• Update data breach notification protocols

Additional helpful GDPR resources

Below are links to some GDPR resources which we at Netigate will continue to update as relevant regulatory authorities issue additional guidelines.

https://ico.org.uk/media/about-the-ico/consultations/2013551/draft-gdpr-consent-guidance-for-consultation-201703.pdf
http://www.eugdpr.org/gdpr-faqs.html
https://gdpr-info.eu/
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf

While the content on this page is designed to help organizations understand the GDPR in connection with Netigate’s services, the information contained herein may not be construed as legal advice. Organizations should consult with their own legal counsel with respect to interpreting their unique obligations under the GDPR and the use of a company’s products and services to process personal data.