1. Policies and practices regarding data protection and data security
We place extremely high value on data security and compliance with the data protection regulations for all our services. Therefore, we used different technical administrative and organizational opportunities within our processes and applications to ensure compliance with data protection regulations. On request we will inform advisors, clients and participants here at any time in detail.
We take data protection matters very seriously and ensure that your privacy is protected when using our portal. Below we explain to you how we, as portal operator, handle your data.
Excerpts from our policies and practices regarding data protection and data security:
- Secure access to the survey: In all surveys access to the personal questionnaire is password protected. We use only safe passwords of at least ten digits with special characters enabled (German keyboard). The first password sent in the invitation e-mail is stored as clear text for technical reasons, and thus does not offer the standard of security we strive for.
Respondents are asked to replace passwords as automatically generated by us after the first login, and prior to the survey carried out by appropriately self-generated passwords. These are then stored in the encrypted database.
- Secure data transmission from the local machine to the one on which the online questionnaire is completed through the server of our automated data processing system with the highest currently available SSL encryption (guaranteed by Thawte SSL Web Server Certificate).
- Professional Web Hosting: The application is run by a professional web hosting service provider and is tested regularly. In 2011 it received an award as the best hosting provider in Germany. The application is hosted on a dedicated server according to current state-of-the-art security concepts.-Separate database concept: Personal Data of a giver of feedback (such as name, e-mail address, company, phone number, location) are stored in a separate database, i.e. de-coupled from the responses of a feedback giver, feedback or results of a feedback receiver to prevent the correlation of personal data in a possible hacker attack .
- Hash encryption within the application: the Assignment of anonymous substantive response data of the feedback questionnaire to a feedback receiver via a mathematical encryption (one-way hash function), so that from the feedback data, no reference can be made to the feedback receiver.
- Protection against Data Loss: Daily full backups of the servers, mirrored panels, the spatial separation of the main server and back up, etc. Sever ensure maximum protection against potentially irretrievable data loss.
-Our data protection and security does not end with use of modern technical possibilities. We have a comprehensive understanding of security and have therefore included these safety requirements in our internal processes (i.e. no sensitive data is saved on memory sticks or CD-ROMs).
Unfortunately, despite all the security measures described there is never complete protection against all the potential hazards possible.
Since also absolute transparency in the handling of your data is important for us, we explain below how we treat your data as a portal operator.
2.1 Automatic saving
When logging in to the portal certain access data is automatically saved as standard. This record comprises:
- The page from which the file has been requested
- file name
- date and time of request
- retention time
- transferred data volume
- access status (file transfer, file not found etc.)
- a description of the type as well as the version of the used internet browser
- your computer’s IP address
- the installed operating system
- screen monitor resolution and tone
These data are solely evaluated for internal statistical purposes and technical administration of the portal, transferring it to third parties even in extract form is not permitted. Furthermore, personal data is only then saved if you indicate this in the course of executing feedback.
An evaluation and use of these anonymously and compiled results by the consultant and the respective companies are exclusively governed by the respective individual contractual provisions between these two parties.
2.2 Personal data
Personal data will only be stored if you have given us your employer or as principal on its own in the context of the implementation of the feedback (under Feedback is always following the implementation of a 360 ° feedback as well as an employee survey to understand).
To carry out a online- questionnaire / feedback we need at least the following personal information from you:
- Title (Mr / Ms)
- First name and surname
- E-mail address
- Company name
In addition, to collect, store, and sometimes we use following personal data:
- Title (Dr. ..)
- Age (from-to)
- Street, postcode, place
- Telephone and fax
Each respondent may, after logging into the application under the menu item "My Account",
see his personal data stored transparently and change it if necessary.
In your survey we collect, store and use your personal data exclusively for the implementation of feedback.Prior to the implementation of 360 degree feedback we shall request your formal consent regarding the collection, storage and use of your personal data.
Your participation in the feedback is voluntary.
To create the feedback your answers will be entered into an automated data processing system from the carrier. For a 360 degree feedback, your answers will be separated from your personal details and stored on the feedback encoder in an anonymous form, together with the responses of other feedback providers using an automated data processing system. In this way, even the carrier is unable to ascribe individual responses. Any conclusion on the individual responses of each feedback provider is generally excluded by the anonymization. An exception are the answers to the feedback given by senior management. These are traceable, since the executive is classified as the sole person in the feedback provider group "Executives". The same applies to the person of the feedback receiver in a 360 degree feedback for storing the answers to the self-image assessment.
Subsequently, the collected data are processed and analyzed in a single report for the feedback receiver. If required, additional group reports can also be created for the client. A group report compiles several individual reports of different feedback receivers together (eg all the feedback recipients of a particular business sector). A conclusion on the individual responses of each feedback receiver is also impossible here as a result of the anonymity process.
As part of an employee survey your answers are separated from your personal details, stored in an anonymised form and then combined with the responses of other feedback providers. Following this, the collected data is processed and evaluated, then compiled into reports for individual organizational units (eg departments). A conclusion on the responses of individual feedback-givers is not possible.
Any evaluation and use of these anonymous and aggregated results by the consultant and the respective companies are exclusively governed by the respective individual contractual provisions between these two parties.
For our scientific research in the area of change Intelligence ® or Strategic management, we will use the results of feedback upon completion of the Survey in the same anonymised form. We use only data that neither allows an inference to the identity of the participants of the feedback nor the company that gave the feedback. Therefore: A mapping of the feedback results to individuals is for us not possible.
We act solely on behalf of a consultant and only collect on behalf of the respective adviser under the 'initiated by your company 360 Degree Feedback and Employee Survey process your data.
Contact person responsible for the implementation of the feedback and the employee survey is exclusively the, communicated to you in advance advisor. The entire order data processing is exempt from the disclosure requirements, as only the consultant is responsible for these data.
However, on request and only in consultation with the consultant we will. Always about the stored data, as far as it concerns you, to give full and free information The communication of information in its own name is forbidden to us as a portal operator. You can consent to the consultant revoked at any time with effect for the future and the deletion or destruction of your data request, as long as they are personal. For this you can also contact us as operators, we will then forward this revocation of your consent dutifully to the respective consultants and carry out the deletion or destruction of your data.
Send your request just a short message to the e-mail address: firstname.lastname@example.org you or to the specified e-mail address of the relevant consultant.
If a deletion conflicts with legal or contractual safekeeping obligations the data is blocked.
Further details on the handling of your data in the 360 degree feedback and employee surveys can be found in our FAQ.