Terms & Conditions
Important information: Updates to our General Terms of Service
As part of the simplification of our product range and to enable us to deliver a more efficient service, we have updated our General Terms of Service. We have also adjusted the terms to comply with EU Data Security laws and policies.
What does this mean for you
We are providing thirty (30) days notice of these changes, unless stated in specific clauses. The General Terms of Service will take effect from 25 May 2018. These will replace any existing Terms and Conditions you previously held.
For Customers of Netigate Deutschland GmbH and for the SWISS branch these separate Terms of Service apply (DACH, Deutsch).
Für Kunden der Netigate Deutschland GmbH sowie der Zweigniederlassung Schweiz gelten diese Allgemeinen Geschäftsbedingungen.
Through the usage of Netigate both we and our customers contact a large amount of respondents. It is very important that our survey tool users show respect towards the respondents and their integrity. To maintain the highest level of quality in Netigate and security for our customers, we have strict rules and policies that our users must follow. Please contact Netigate to receive your copy of the Netigate General terms and conditions.
How to contact us
Stockholm – Head office
111 44 Stockholm
Phone: +46 (0)8 411 71 10
Security is a highly prioritized area for us and we continuously work to maintain the highest level of security. Our servers are hosted by one of the leading providers in Sweden. All data is currently backed up and stored in multiple locations. Netigate provide systems that discover any attempts to intrude and immediately notify us if that situation should occur. Access to the service is blocked while the investigation takes place.
The general terms and conditions regulate the usage of Netigate. We care about our customers and the respondents that receive surveys through Netigate. Therefore we have a strict policy against spam.
The information contained in this website (not the survey tool) is for general information purposes only. The information is provided by Netigate AB in Sweden and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you might be able to link to other websites which are not under the control of Netigate AB, Sweden. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Netigate AB in Sweden, takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
Cookies & Privacy
Cookies are small text-based data files that web servers store on web site visitors’ computers via the webbrowser. They can be used by web servers to identity visitors as they navigate through different pages on a website, and to identify returning visitors to a website.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close the browser, whereas persistent cookies remain stored on your computer until they get deleted, or until they reach their expiry date.
We use both session cookies and persistent cookies on this website.
We will/may send to you the following harmless cookies:
(1) netigate (essential)
(2) countrytabs (essential)
(3) wordpress_test_cookie (essential)
(4) civicAllowCookies (essential)
Cookies 2 and 3 are session cookies, whereas cookies 1 and 4 are persistent cookies.
Data stored as cookies are for example:
* Browsername/ -version
* Referrer URL
* Hostname (IP Adress)
* Time of the server request
We may use the information we obtain from your use of our cookies for the following purposes:
(1) to recognise your computer when you visit our website;
(2) to track you as you navigate our website, and to enable the use of login and webforms on our website;
(3) to improve the website’s usability;
(4) to analyse the use of our website;
(5) to personalise our website for you;
(6) to save your cookie settings.
When you use our website, you may also be sent third party cookies. Some of them might be intrusive.
Google Analytics is a software solution for webmasters and helps us to get access to e.g. user statistics and to adjust certain parts of our content regarding the user needs. Cookies also help third-party providers (e.g. Google) to recognize which content and advertisements across multiple websites were interesting for users.
All cookies by Google can be identified and start with “__utma”, “__utmb”, “__utmc”, “__utmv”, “__utmz”. None of these identify you personally.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
You can block Google from accessing and storing cookies on your computer by using a browser plugin.
General Data Protection Regulation (GDPR)
Netigate is one of the leading European providers of cloud-based services for online surveys. We help organisations gain valuable insights, make better business decisions and improve processes.
While doing so, we will maintain the value of privacy and preserve the ability for you to control how your data is collected and stored in accordance with the General Data Protection Regulation.
This starts with making sure that you get clear choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.
Key Points of the General Data Protection Regulation (GDPR)
- New data protection laws for organizations that handle personal data within EU and EEA countries.
- GDPR will replace current data protection laws starting the 25th of May 2018.
- GDPR restricts how organizations can collect, store, and process personal data.
- GDPR aims to give each individual full control of how his/her personal data is handled.
- GDPR provides clear regulations regarding transparency connected to processing personal data.
- Strict sanctions for organizations that does not comply.
How Does the GDPR Affect Feedback Collection?
- Collecting and assessing feedback from individuals is a way of processing personal data under the GDPR.
- According to GDPR, the organisation that collects the feedback and determines the purpose of processing is the “Controller”.
- GDPR requires that a Controller process personal data in accordance with its rules and principles.
- According to GDPR, a supplier that processes personal data on behalf of the Controller assumes the role as “Processor”.
- A Controller that wants to use a Processor (for example Netigate) for their feedback collection, needs to ensure that the processor is compliant with GDPR.
- A Controller that wants to use a Processor for gathering feedback processes and procedures must enter into a Data Processing Agreement (DPA) with the Processor. Netigate has this mandatory DPA available for its customers.
Netigate and the GDPR – be on the Safe Side With us
A business with a problem that needs a solution Collecting and assessing feedback from your customers, employees or other individuals within the EU and EEA countries is considered processing personal data. Therefore, it is your responsibility to comply with GDPR as well as document your compliance. As a customer of Netigate you’re on the safe side.
One of Netigate’s highest priorities is and has always been data security. Netigate’s focus to comply with GDPR began in April 2016, when EU executed the new legal framework. As a result, Netigate assembled a dedicated GDPR team with the CEO as well as representatives from each department to ensure that every part of the company is compliant.
Located in Europe
Netigate’s headquarters are located in Stockholm, Sweden. Netigate only uses EU-based servers to ensure data protection and security. Netigate offers server locations in Germany and Sweden for our customers. Netigate only utilises certified data centers according to the international information security standard, ISO 27001.
WHO IS WHO IN THE GDPR
Respondent provides input into the survey, and must provide the Controller consent for processing.
The Controller must receive legal consent (typically consent or a contractual relationship) for processing personal data. The Controller defines the purpose as well as the data lifecycle and retention time. The Controller is always in full control of the data. The Controller is the contact point for the Data Subject.
Netigate provides the software tool used by the Controller. The tool includes functionalities that allow customers to fulfill the requirements and principles in accordance with the GDPR. Netigate performs support and services. Netigate provides the required security measures. Data Processing Agreement (DPA) in place with Customer.
Netigate uses certified hosting providers across a range of data centers to meet the highest security requirements. To ensure data confidentiality, integrity, and accessibility, Netigate takes the necessary and relevant technical and organizational security measures. Data Processing Agreement (DPA) in place with Netigate.
Support and services may be provided by other entities within Netigate.
Security of Highest Standard
Netigate continues to be the first and safest choice for data security. Netigate strictly follows German security requirements since Germany maintains the highest security standards in Europe. Netigate has several action points in place that aligns with GDPR, which include the following:
- Maintain confidentiality with access control measures for systems and data
- Secured integrity by encrypted data transfers
- Availability is ensured by regular data and storage backups and disaster recovery plans
- Customer data is logically separated for each customer to ensure confidentiality and integrity
- Continuous penetration tests conducted by external third-party security providers
- Notification of data breach
Privacy and Consent
Netigate has implemented strategies and functions compliant with GDPR’s guidelines by respecting individuals’ rights to control their personal data. This is one reason why Netigate requires personal consent. As a Netigate customer (the Controller), you will always have:
- Full control of your data while using the Netigate platform. This can be accessed through the account settings. Users have the option to permanently remove all data associated with a particular Netigate account at any time.
- There are several privacy settings available, such as set data retention policies, automatic anonymising or the immediate removal of all personal data.
- There is an editable consent collection functionality available for surveys.
Detailed Documentation - for Your and our Safety
GDPR has strict requirements regarding processing documentation. The Controller is responsible for collecting documentation from the Processor. As a Netigate customer, you will have access to required documentation regarding the processing of personal data in the Netigate platform.
All Netigate employees operate and must abide by non- disclosure agreements. Netigate employees are also subject to privacy training and awareness. All Customer data is considered confidential. Internal access is restricted and is only granted on a need-to-know basis.
Employees are not permitted to enter customer accounts or surveys without explicit approval. Our Netigate employees know how to protect your integrity.
A mandatory GDPR compliant Data Processing Agreement available (if personal data is processed).
On May 25th, 2018, the European Union's (EU) new data protection framework, the General Data Protection Regulation (GDPR), will come into force. It is the most significant piece of data protection legislation to date and will impact any organization that processes personal data in connection with goods/services offered to an EU resident, or monitors the behaviour of persons within the EU. The GDPR strengthens individuals' privacy rights through stricter limits on the processing of their personal data, significantly expanding their rights over their data, and providing increased transparency into the nature, purpose, and utility of it.
As a regulation instead of a directive, the GDPR becomes enforceable as law in all EU member states simultaneously on this date. It replaces the separate member state implementations of data protection law, streamlining compliance by providing a single set of principles to follow.
The scope of this new regulation covers all organizations that process the personal data of EU residents or monitor individuals' behaviours conducted within the EU, regardless of the entity's location. The terms processing and personal data are defined broadly: processing involves "any operation or set of operations which is performed on personal data" and personal data means "any information relating to an identified or identifiable natural person ('data subject')." The GDPR outlines various requirements for Controllers (entities who determine the purposes and means of the processing of personal data) and Processors (entities who process personal data as directed by a Controller).
|Key Requirements||Brief Description|
|Data Protection by Design and Default||Controllers and Processors must incorporate data protection into new products and services that involve the processing of personal data (Design) and consider data protection issues in all business decisions (Default).|
|Lawfulness of Processing||Processing must be based on consent, performance of a contract, legal obligation, protection of vital interests, tasks carried out in the public interest, or legitimate interest balanced against the fundamental rights of data subjects.|
|Conditions for Consent||Requests for consent must be freely given, specific, informed and unambiguous through a statement or through a clear affirmative action.|
|Security of Processing||Controllers and Processors shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.|
|Data Subject Rights & Information||Controllers shall provide the information outlined in Articles 13 & 14 to Data Subjects and Data Subjects may access, correct, delete, restrict processing of, and transfer their personal data, as well as object to automated decision-making based on their personal data.|
|Data Inventory||Controllers and Processors must create centralized repositories containing records of processing activities carried out on personal data.|
|Data Protection Impact Assessments||Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, prior to processing Controllers must carry out assessments of the impact of the envisaged processing operations on the protection of personal data.|
|Data Protection Officer||Controllers and Processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or large-scale processing of special categories of data must appoint a Data Protection Officer.|
|Controller-Processor Relationships||Controller and Processor relationships must be governed by binding contracts that set the terms of the processing to be performed and provide Controllers with the right to object to Sub-Processors engaged by the Processors.|
|Data Breach Reporting||In the event of a breach involving personal data, the Controller shall, where feasible, notify the relevant Supervisory Authority within 72 hours of becoming aware of it and, if there is a likely high risk to the rights and freedoms of natural persons, the affected data subjects without undue delay.|
Suggested Steps for GDPR Compliance
There are several steps that companies should take in anticipation of May 25th 2018, which Netigate have already implemented, such as:
- Form a GDPR compliance team and assign responsibilities
- Undertake a GDPR readiness assessment
- Evaluate requirements for a Data Protection Officer and appoint one if necessary
- Implement policies and procedures to respond to data subjects' rights requests
- Review and update processor and sub-processor agreements
- Create a record of personal data processing activities
- Obtain, document, and maintain a legal basis for each processing activity
- Update privacy and security policies and procedures
- Update data breach notification protocols
Additional helpful GDPR resources
Below are links to some GDPR resources which we at Netigate will continue to update as relevant regulatory authorities issue additional guidelines.
While the content on this page is designed to help organizations understand the GDPR in connection with Netigate's services, the information contained herein may not be construed as legal advice. Organizations should consult with their own legal counsel with respect to interpreting their unique obligations under the GDPR and the use of a company's products and services to process personal data.