Software > keyingress > Data Protection (GDPR)

GDPR

Ingress guarantees compliance with the valid German and European data protection laws. To this end, Ingress’s employees committed in writing to comply with data protection requirements in accordance with the General Data Protection Regulation (GDPR). In so far as a project requires the processing of personal data, Ingress will be commissioned to do such processing by the controller in accordance with Article 28 GDPR. Ingress will only ever use personal data within the framework of the contracts entered into with the controller or in accordance with other written instructions received from the controller and in accordance with the provisions of the data protection regulation.

Ingress also guarantees that it will maintain indefinitely all of the information it receives in secrecy. This applies to the company's business processes and in particular to all information that has been designated as confidential or is indicated as a company or business secret. Recordings and notifications will not be transmitted to third parties unless so required by the project.

Personal data are stored separately from the survey data so that the information provided by the respondents cannot be traced back to them. The display of personal data in the backend can be restricted at the user level.

Ingress’s servers are located in ISO 27001 certified high-performance data centres in Germany. At no time will data be transferred to third countries.

Please feel free to request a copy of our detailed Security and Privacy Documentation. Ingress has appointed Thomas Haas as its Data Protection Officer (email: info@ingress.de, Tel.: +49-(0)40-53 02 59 70).

Technical and Organisational Measures (TOM)

Ingress guarantees compliance with the prescribed technical and organisational measures (TOM) under Articles 28 and 32 GDPR to protect the data stored on its systems from unauthorised access, modification, misuse or destruction. This includes the following measures:

  • Measures to pseudonymise and encrypt personal data
  • Measures to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services related to processing
  • Measures to ensure the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident
  • Procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organisational measures to ensure the security of processing
  • Measures to identify and authorise users
  • Measures to protect data during transmission
  • Measures to protect data during storage
  • Measures to ensure the physical security of places where personal data are processed
  • Measures to ensure event logging
  • Measures to ensure the system configuration, including the default configuration
  • Measures for the internal governance and management of the IT systems and their security
  • Measures for the certification/quality assurance of processes and products
  • Measures to ensure data minimisation
  • Measures to ensure the quality of data
  • Measures to ensure a limited storage period
  • Measures to ensure accountability
  • Measures to enable data portability and ensure deletion