The Netigate Terms of Service (“ToS”) and the integrated Data Processing Agreement (“DPA”) govern the relationship between Netigate and our Customers regarding the services we provide and protection of personal data according to the GDPR.
For Customers of Netigate Deutschland GmbH separate Terms of Service apply (DACH, Deutsch).
Through the usage of Netigate both we and our customers contact a large amount of respondents. It is very important that our product users show respect towards the respondents and their integrity. To maintain the highest level of quality in Netigate and security for our customers, we have strict rules and policies that our users must follow.
Stockholm – Head office
111 51 Stockholm
Phone: +46 (0)8 411 71 10
Our general terms and conditions listed above regulate the usage of Netigate. We care about our customers and the respondents that receive surveys through Netigate. Therefore we have a strict policy against spam.
The information contained in this website (not the survey tool) is for general information purposes only. The information is provided by Netigate AB in Sweden and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you might be able to link to other websites which are not under the control of Netigate AB, Sweden. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Netigate AB in Sweden, takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
Privacy and security are highly prioritized areas for us and we continuously work to maintain the highest level of security and privacy compliance.
Netigate is certified under ISO/IEC 27001:2013 – the world’s best-known standard for information security management and privacy systems. We excluded no areas – or “controls” in our certification process. Our ISO certificate places strict requirements on our daily operations, offices, and IT and technical environments. We are proud that we have continuously passed all external ISO audits conducted since we received our ISO certificate.
ISO certification isn’t just important to our own operations. Netigate also requires that any sub-processors it hires to process Netigate’s data, customer data or survey data are also at least ISO 27001 certified.
Netigate has a Security & Privacy team made up of the following roles: CISO, CTO, Head of IT, Head of Legal, Head of HR, DPO and the lead SRE. The team meet on at least a monthly basis to discuss cyber and privacy issues as part of our ongoing ISO work.
All users of Netigate’s platforms are passed through a central entryway – our website – and all data communicated is directed through a proxy, through https and encrypted (read more below).
We perform penetration tests on both an application and infrastructure level are performed both internally and externally by independent third-party experts on a regular basis.
We support Single-Sign On (SSO) per the SAML 2.0 standard, where requested. For systems used by Netigate employees and contractors, we use multi-factor authentication.
We also have a strong security awareness and training program in place ensuring that all Netigate employees and contractors are trained on relevant topics for their job several times a month. At Netigate’s offices, we have implemented a physical access control system.
Netigate is a cloud-based platform. We do not host customer data or survey data at our premises. Instead, we use the leading data center providers at EU-only locations and who are all thoroughly vetted by us and who are at least ISO 27001 certified, ensuring that they themselves follow the best practices when it comes to data security and redundancy. For qualifying customers, we offer an alternative data storage solution solely hosted within Germany.
All data is currently backed up and stored in multiple locations. Netigate provide systems that discover any attempts to intrude and immediately notify our operations teams if that situation should occur.
Changes and updates to the Netigate platform are usually implemented several times per day. There is also a scheduled service window monthly.
As is required by our ISO certificate, we have business continuity plan and a disaster recovery plan in place, regularly reviewed and audited.
Data in-transit (i.e. during transport) is encrypted with TLS using signed and trusted certificates (ISRG Root X1 CA) stored i Azure Key Vault (using Azure-managed keys) – Standard Tier (FIPS 140-2 Level 1).
Data-at-rest is disk-level encrypted using Azure’s server-side encryption (SSE) with platform managed keys (PMK), which is Azure’s default encryption currently, with Azure-managed keys (symmetric AES 256), stored in Microsoft’s own Key Store.
Where recommended, logins for databases, secrets and credentials are stored in Netigate’s own hosted key management solution (KMS), Hashicorp Vault.
Netigate strives to maintain the highest possible level of security and we follow discussions in the cryptographic community in order to stay informed and updated. We use only state-of-the art algorithms and cryptographic systems.
As an EU-based company, Netigate must comply with the GDPR in relation to its employees, its customers and its suppliers.
We operate by the principle of privacy by design and default in the entire lifecycle of our products and services.
We have in place appropriate technical and organization measures (called “TOMs”) to follow the GDPR requirements regarding confidentiality, integrity, availability and resilience in accordance according to Art. 32 GDPR. This means at minimum: access control and regular access review, anonymization functionality within the Netigate platform, data encryption during transfer and at-rest, regular backups and regular security testing. You can read more details in our latest TOMs, which appear in an appendix to our standard data protection agreement, available here.
The Netigate Group has appointed a Group Data Protection Officer. You can reach the DPO as follows:
|Netigate Deutschland GmbH
111 51 Stockholm, Sweden
60320 Frankfurt/M, Germany
View here for the latest standard list. All sub-processors are chosen after a thorough data security and privacy vetting process. We perform transfer impact assessments per the requirements of GDPR where necessary.
Netigate always has a data processing agreement in place with customers (who are considered “data controllers”) as well as with any suppliers who process personal data. Our Netigate standard DPA appears as an annex to our general terms of service in the Legal section of our website.
A formal data processing agreement (DPA) is in place with all such other companies that act as sub-processors.
We do not normally transfer data to third countries. We do however work with certain sub-processors who – while based in the EU – may have an ultimate parent company outside the EU. In case of third-country transfers, if an adequacy decision is not in place for the destination country, then either the latest standard contractual clauses (SCC) published by the EU Commission are utilised or binding corporate rules. Where necessary we perform transfer impact assessments with our external GDPR counsel to document the likelihood of such transfers.
Version per 1 August 2023
In the following, we would like to inform you about the processing of personal data in line with the usage of our Internet pages. According to Article 4 of the General Data Protection Regulation (GDPR), “personal data” is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”), which can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The legal basis of data protection can be found in the GDPR.
The party responsible for this website (“the controller”) is Netigate AB (Swedish Org. ID 556576-0997, below called Netigate, US or WE, Address: Drottninggatan 29, SE-11151, Stockholm, Sweden).
In order to be able to offer you our website and the associated services, we process personal data on the following legal basis:
We will refer to the respective terminology in the context of the respective processing, so that you can classify the basis on which we process personal data.
If personal information is processed by you based on your consent, you have the right to revoke your consent to us at any time with future effect.
If we process data based on a legal balance of interests, you, as the person concerned, have the right to object to the processing of your personal data, considering the requirements of Article 21 GDPR.
Netigate will generally process personal information transmitted to or collected by us to meet our legal or contractual obligations to our customers, employees and suppliers and to provide our services
This includes the following cases:
If you apply through our website, we will process personally identifiable information about you for the purpose of your application for employment, to the extent that this is necessary for the decision to establish an employment relationship with us. The legal basis is § 26 para. 1 in conjunction with para. 8 sent. 2 BDSG or corresponding local law in Sweden or Norway.
Furthermore, we may process personal data about you, as far as this is necessary to defend against asserted legal claims from the application process against us. The legal basis is Art. 6 para. 1, letter f DSGVO; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG) or corresponding local law in Sweden or Norway.
Insofar as employment arises between you and us, pursuant to § 26 (1) BDSG or corresponding local law in Sweden or Norway we may further process the personal data you have already received for employment purposes, if this is necessary for the execution or termination of the employment relationship, or for performance or fulfilment of required by law or a collective agreement, an operating or service agreement (collective agreement) and duties of employee representation.
However, it can be necessary to store data in order to fulfil contractual obligations to examine warranty and guarantee claims. In addition, it is indispensable to store data to grant or defend the mentioned claims.
In order to comply with the statutory retention period, a deletion shall only be carried out after expiration of the respective retention period.
If you have sent us your job applicant data, we will store your personal data for the duration of the application process. If the application does not result in a job offer, we may also continue to store data as required to defend against possible legal claims. The application documents will be deleted six months after a rejection decision has been communicated to the candidate, unless a longer storage due to litigation is required.
When answering our surveys, the personal information registered in the tool is
Please note that we log the IP address on a web- server level, not at the application level. This means that these logs are stored separately from the application data and are not compared with it. IP addresses are stored as part of security measures to detect attacks on the web servers and to take countermeasures (e.g. blocking IP addresses). The storage period is currently 7 days. The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR. Our interest is to ensure the integrity, confidentiality and availability of the data processed on the web servers.
No personal information will be shared to a third party unless specifically stated in the survey or without your specific consent. If required by law, personal information may be submitted to local authorities upon request.
When you visit our website we may process personal data in order to be able to provide a user friendly experience of the website on your device.
For the pages to be displayed in your browser, the IP address of the device you are using must be processed. There is also more information about the browser of your device.
In terms of data protection, we are also obliged to guarantee the confidentiality and integrity of personal data processed using our IT systems.
For this purpose, the following data are logged based on a legal balance of interests:
The IP address will be deleted after 7 days at the latest from all systems used in connection with the operation of this website, except the chat which needs to store the IP address longer to keep the chat history. A chat history is deleted after 3 months. We can no longer produce a personal reference from the remaining data.
The data is also used to detect and correct errors on the website.
We offer a contact form on our website where you can request information about our products or services or contact us in general. The data required by you to answer a request has been marked as mandatory. Information on further data fields is voluntary.We need this information to process your request, to contact you correctly and to provide you with an answer. The data processing takes place with concrete inquiries to the fulfillment of a contract or the contract signing. For general inquiries, the processing is based on a comparison of interests.Inquiries received via the contact form on our website will be electronically processed by us to answer your request. In connection with this, other persons or departments and possibly third parties may also receive knowledge of the form contents that you have sent (read more under “Recipient / Disclosure of data” below). The transmission of the data form is done safely via encrypted internet connections.
When you open a free account at Netigate, you consent to Netigate’s General Terms of Service and Data Processing Agreement.
We offer the opportunity to register to open a free account directly on our website with a double opt-in. The data entered (name, company name, phone number, email address and password) during your registration is encrypted, collected and stored solely for the use of our services. If you choose to register on our website, we will save the date and time of registration. This serves as a protection, in case of a third party abusing your data and making a registration on our website without your knowledge. The legal bases for the processing are Article 6 (1) (b) and Article 6 (1) (f). GDPR.
We might add the functionality to subscribe to an email newsletter on our website. In addition to the voluntary information in the respective form, we only process your email address. This is necessary in order to be able to send you the newsletter.
Existing clients will receive email information from us including newsletters with product updates and other information.
In the Nordics, when you contact us, you will be added to our email list as it may, according to Article 6 (1) (f) GDPR, be deemed of interest.
In DACH, we will add you to our email list after receiving your explicit consent (i.e. opt-in).
No matter the jurisdiction, you can unsubscribe from the newsletter at any time. Alternatively, you will find a link to unsubscribe in each newsletter email.
To be able to analyse the popularity of our newsletter releases and optimise them, we log when emails are opened, and links are clicked. This usage analysis is based on a balance of interests. You can object to this processing by unsubscribing from the newsletter.
We may record video calls (with or without camera) with new prospects or existing customers for internal training purposes, to provide better follow-up and quality assurance in service or support matters, or as a record of negotiations or verbal agreements.
No matter the purpose of the recording, We will do only record a call after we have informed you and with your consent, which you will be deemed to have given us by joining the call. A written information notice will also be given before the call. The recordings will be deleted automatically after 30 days. You may anytime request the deletion of your data by contacting us.
Cookies are used on our website. Cookies are small text information stored in your device via your browser. Cookies are required to enable certain features of our website.
As far as you have data opposite us e.g. voluntarily provide in forms and these are not required for the performance of our contractual obligations, we process these data in the legitimate assumption that the processing and use of this data in your interest.
Data that you provide to us will generally not be disclosed to third parties. In particular, your data will not be disclosed to third parties for their advertising purposes.
However, we may use service providers for the operation of this website, for the delivery, improvement and development of other products or services or to perform advertising measurement services on our behalf. Here it can happen that a service provider receives knowledge of personal data. We carefully select our service providers – in particular with regard to data protection and data security – and take all data protection measures necessary (including obtaining your consent where legally required or otherwise on the basis of legitimate interest) for permissible data processing.
We are using the following service providers for our site:
This website uses the web analytics tool Piwik PRO. The purpose of the assignment is the “needs-based design” of this website, which is carried out on the basis of a balance of interests. The web analysis also allows us to fix website errors, e.g. to recognize and correct faulty links. Piwik PRO uses so-called “cookies”. These are text files that are stored on your computer and that allow analysis of how users use the site. In this case, so-called. “Client IDs” are used, which serve to create pseudonymous user profiles that collectively cover the use of the Internet pages by desktop computers and mobile devices by a user. When you visit our website, Piwik PRO will set cookies in your browser and back them up to local storage. Which cookies are created depends on the privacy settings and features, but at minimum a set of a visitor cookie and a session cookie.
We do not use any of the following when you are an existing customer based on your logged in behaviour in the Netigate tool. This section applies to our general site experience.
Custom Audience ads
We may show you interest-based advertising with your consent when you are using Facebook through their service called Custom Audience Tool, which enables us to personalise our ads or remarket based on the sections of the site you visit for example.
We may also use this to create similar audiences in our marketing.
Our website use the Conversion tracking pixel from Facebook which means that after clicking on a Netigate ad we are able to track the return on investment and pass user defined and application-specific events to Facebook for reporting and statistical purposes. This data is processed by Facebook and at this time they can according to their Data Use Policy use the data for their own advertising purposes. This is done through the placement of a pixel or cookie.
To remove yourself from this usage (only users above age 13 can give permission) you can do this here: https://www.facebook.com/ads/website_custom_audiences/
We may if you have given consent use Googles customer match to adapt or exclude users from our marketing.
Read more about how Google uses this data (https://support.google.com/google-ads/answer/6334160?hl=en&ref_topic=6296507)
With your consent we may also apply the same logistics as with Google and Facebook in LinkedIn, read more about custom audiences and remarketing here: https://business.linkedin.com/marketing-solutions/ad-targeting/matched-audiences
The LinkedIn Insight Tag can collect data, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days.
To opt our from interest based marketing on LinkedIn this can be done here:
If you as a website visitor and Google user on our website fill in a customer form, the contact name, company name, phone number and e-mail address that you submit will also be shared with Google in hashed form (encrypted with the one-way hashing SHA-256 algorithm which is a standard for data encryption used by Google and is only accessible by Google) and matched against your signed-in Google account. This means we can use first-party data (from you, the website visitor, when you submit your contact form) to see the overall effectiveness of our advertising and marketing. Where legally required we obtain your consent to such sharing or in other cases your data is processed on the basis of a legitimate interest. If you wish to remove any Google conversion trackers, please read how to do so the section “Web analytics” above.
We process the aforementioned data for the operation of our website and for the fulfillment of contractual obligations towards our customers or the preservation of our legitimate interests.
For inquiries from you outside an active customer relationship, we process the data for sales and advertising purposes. You may object to the use of your personal data for promotional purposes at any time.
If personal data is processed outside the European Union, you will be able to recognize this from previous information.
We are using all necessary technical and organizational security measures to protect your personal data from loss and misuse. Your data is saved in a secure operating environment that is inaccessible to the public. Furthermore, data is encrypted during the transfer by so-called Transport Layers Security (TLS). This means that an approved encryption procedure is used for communication between your computer and our servers.
As a responsible company we refrain from automatic decision-making or profiling.
You have the following rights granted by the European directive and regulatory body. If you want to claim any of the rights below, please contact us at the address above.
You also have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data.
Netigate expects its suppliers to act in accordance with the following principles relating to human rights, labor, the environment and anti-corruption, and taxation.