Data protection is a matter of trust!
And the trust of our customers is our most important asset!
Therefore, the protection and the GDPR-conformal collection, processing and use of personal data is an important concern for us at vieconsult. In order to comply to the GDPR, we adhere to the following principles:
1. Security: Data must be protected through technical and organizational measures against unauthorized access.
2. Confidentiality: Personal data must not be made available to anyone other than the intended person or rather it must be granted that nobody else can gain access.
3. Integrity: Data must not be altered by mistake. Their correctness must be guaranteed.
4. Availability: The systems and services must remain available. They must not be lost irretrievably by a system crash or the loss of a folder.
We are committed to the ongoing review, assessment and evaluation of the effectiveness of the defined measures for the purpose of permanently ensuring the security level of our employee surveys. This requires expertise in the most current state of the GDPR data protection for surveys and 100% objectivity.
For this reason, we have engaged an external data protection officer and her team of experts who support our company in an advisory and review capacity in the fulfilment of the GDPR tasks in the context of surveys and 360-degree feedback:
Data protection is a topic. Protecting data is an attitude!
For this reason, we decided not to rely solely on an external team of experts, but to also strive internally for qualifications in this area. Hence, besides his role as managing director at vieconsult, Mag. Gerd Beidernikl also acts as an internal privacy coordinator. As a certified data expert of WKO he is responsible for keeping a data protection perspective upon daily processes and for constantly optimizing them.
Mag. Gerd Beidernikl
vieconsult operates its survey server for online surveys as Dedicated Server in the data center Falkenstein im Vogtland (Germany) of the Hetzner Online GmbH (www.hetzner.de).
Hetzner Online GmbH is regarded as a quality supplier and, among others, is certified according to DIN ISO/IEC 27001. The storage and processing of the data takes place in compliance with all common technical and organizational measures in accordance with Art. 32 GDPR.
You can download the general safety information of the Hetzner Online GmbH via Internet. Questions about data protection and data security at the Hetzner Online GmbH are also answered by their data protection officer at firstname.lastname@example.org.
As a quality service provider, vieconsult is committed to the trustful handling of projects. For us, in addition to the listed, partly legally obligated, measures, this includes:
- The survey itself makes the use of data in a variety of places transparent to all users (menu item: “Data protection”).
- Only data submitted by respondents in the questionnaire itself are used for analysis. Any additionally user background data is listed and displayed transparently in the questionnaire.
- Reference is made to the principles of voluntariness and anonymity. In the case of open comments, it is pointed out that open comments should be given carefully as they are displayed verbatim in the reports and that respondents need to take care of their own anonymity.
- The participation in surveys is voluntary. This voluntariness is pointed out to respondents at the beginning of the survey.
- Respondents have the option of correcting or deleting already entered responses themselves until the official end of the survey.
- Surveys are conducted either anonymously, anonymized or pseudo-anonymously (in accordance with the GDPR). In the latter case, the data is permanently anonymized as soon as possible after the end of the survey.
- The results of the survey data are always anonymized or aggregated according to groups of persons or organizational units.
- An analysis is only conducted if the minimum analysis limit defined in the data protection agreement with the customer has been reached (primary secrecy).
- In addition to units which are hidden or not analysed on the basis of the minimum analysis limit, those units which could be used as a basis for the calculation of hidden or not analysed units by subtraction, are also eliminated.
In addition, we are guided by general principles such as the appropriateness of data collection. For us this means, for example, to collect sociodemographics (e.g. age, gender) only if absolutely necessary and, if at all, to coarsen the data as much as possible (e.g. age in age categories instead of years).