Data protection is
a matter of trust!
Information on data protection and IT security
- In almost all projects we work with sensitive personal data, in many cases these are test or questionnaire data which have been entrusted to us - by applicants, by universities or - in more general terms - by organisations. For this reason, the protection and the collection, processing and use of personal data in accordance with the European General Data Protection Regulation (EU GDPR) are of great importance to us.
100% hosted in Europe
The storage and processing of data are carried out in compliance with all current technical and organisational measures in accordance with Art. 32 EU GDPR.
- All data will only be processed on servers of the European Union. The companies commissioned for hosting are also based in the European Union.
- Only the data provided by the participants themselves will be processed. Any additional background data used will be listed and displayed transparently.
- Depending on the project, all data will be deleted or anonymised at the end of the project. Please contact our data protection officer to find out exactly when this will happen.
- All data transfer takes place via HTTPS and is therefore encrypted.
Furthermore, we are guided by general principles such as the expediency of data collection. For us, this means, for example, that sociodemographics (e.g. age, gender) are only collected to the extent that is absolutely necessary or as voluntary information for the purposes of accompanying research.
Our principles
The following principles apply to the implementation of our projects:
-
Security:
Data must be protected against unauthorised access by technical and organisational measures. Our customers and cooperation partners receive a comprehensive catalogue of measures together with our DPA.
-
Confidentiality:
Personal data may not be made available to anyone other than the person for whom it was originally intended. Of course, unauthorised third parties must be prevented from accessing, copying and/or redistributing it.
-
Integrity:
It must not be possible to manipulate data records. Their correctness must be guaranteed, because important decisions are made on the basis of the data.
-
Availability:
The systems and services must be and remain available at all times. The data must not be lost due to a system crash or similar. Because then a lot of important data would be irretrievably lost.
We take data protection seriously!
In order to achieve the above-mentioned security, confidentiality, integrity and availability of data, we are advised by an experienced team of data protection experts.
Protecting data is not merely about new contracts or particularly good technology. It is also an attitude!
For this reason, we have decided not to rely on an external team of experts, but rather to acquire in-depth internal qualifications. Hans-Jörg Didi therefore acts as an internal data protection coordinator in addition to his role as shareholder. He is entrusted with the task of looking at daily processes from the perspective of data protection and continuously optimising them.
In addition, our employees are sensitised and trained for data protection issues.
Questions?
If you have any questions regarding data protection, please contact our internal data protection coordinator:
Hans-Jörg Didi: hans-joerg.didi@itb-consulting.de