Data Safety (GDPR)
Ingress guarantees compliance with the valid German and European data protection laws. Ingress' employees are bound to comply with the data protection requirements of the General Data Protection Regulation (GDPR) in writing.
In so far as a project requires the processing of personal data, Ingress will process such data as instructed by the controller in accordance with Article 28 GDPR. Ingress will only ever use personal data within the framework of the agreements made with the controller or according to other written instructions received from the controller and in accordance with the provisions of the data protection act.
Ingress also guarantees that it will maintain indefinitely all of the information it receives in secrecy. This applies to the company's business processes and in particular to all information that has been designated as confidential or is indicated as a company or business secret. Recordings and notifications will not be transmitted to third parties unless so required by the project.
Ingress anonymizes personal data as soon as the research project allows. Until such time, personal data are stored separately from the survey data so that the information provided by the respondents cannot be traced back to them.
Ingress guarantees compliance with the prescribed technical and organizational measures (TOM) under Art 28 and 32 GDPR to protect the data stored on its systems from unauthorized access, modification, misuse or destruction. This includes the following measures:
- Access control
- Data carrier control
- Storage control
- User control
- Transfer control
- Input control
- Transport control
- Data integrity
- Order control
- Availability control
Ingress' servers are located in ISO 27001 certified high-performance data centres in Germany. Data are not transferred to third countries at any time.
Please feel free to request a copy of our detailed security and privacy documentation
. Ingress has appointed Thomas Haas as its Data Protection Officer.