Privacy and data protection for online surveys at 2ask

The protection of your data is very important to us. For this reason, we have been committed to very high data protection standards for over 20 years, and not just since the introduction of the EU GDPR.

Since 2001               Operation of the 2ask platform in a German data center

Since 2009               Increased the level of data protection through our own server hardware

Since 2011               Operation of 2ask on own high availability cluster

Since 2017               Certification of the data center according to ISO27001

Since 2020               Completely new version of 2ask according to the latest data protection standards

A high level of data protection due to:

• Private, self owned hardware in access-secured data centers
• Fail-safe, redundant server infrastructure
• Security and data protection as early as the software design stage
• Ongoing software updates and security patches
• Qualified and trained employees
• Encrypted data transmission
• Assurance of anonymity
• Clean separation of data from individual customers
• Automated security testing of the survey platform
• Separate test platform for testing before going live

2ask's survey platform has been operated on our company's own servers since 2009 and is located in access-secured data centers in Germany. This enables 2ask to guarantee that sensitive data is only stored on its own data storage facilities and cannot fall into the hands of third parties. The branded hardware used for the storage and processing of sensitive data is maintained exclusively by our own employees. If, for example, a data storage device is replaced, 2ask can ensure that the replaced data storage device is cleanly deleted and destroyed.

All advantages of our data center at a glance

• Modern data center built to Tier III standard (N+1 redundancy).
• Certification according to ISO27001 in 2017
• High availability and multiple redundant internet connections
• Monitoring 24 hours / 7 days a week
• Uninterruptible power and emergency power supply through N+N UPS system, A and B supply path, emergency diesel with 48 hours of emergency operation
• Air conditioning technology for the entire infrastructure (N+1 with cold and hot aisle)
• Fire protection through early fire detection system (RAS) and gas extinguishing system
• Redundant fiber optic connections
• State-of-the-art security technology, access control and video surveillance

All components of our survey platform are designed redundantly so that 2ask can ensure a very high availability of the server infrastructure. Should a component require maintenance, the redundancy allows for uninterrupted operation. Even with the software updates and security patches regularly applied by 2ask, there is zero downtime during ongoing surveys.

The availability of the server infrastructure is monitored automatically via monitoring systems. Anomalies are automatically reported to our system administration.

At 2ask, information security is already taken into account during software development. Thus, possible risks are already assessed at this stage and taken into account in the design of the solution. Automated software tests detect possible risks at an early stage and can be eliminated before the system is put into operation. The selection of software components used is based on a prior risk analysis.

In order to maintain stability and data security at a permanently very high level, software releases are deliberately limited in scope and kept manageable, and are installed on the server cluster in short release cycles without interruption. If the server systems have to undergo security updates due to notifications in security bulletins, these are also installed without interruption.

The employees of 2ask are trained in the handling of sensitive data, in particular personal data and its conscientious processing. All employees who are entrusted with the processing of personal data are obligated according to EU GDPR and the German BDSG.

Both the administration of your account and the execution of surveys is done via the encrypted HTTPS protocol with SSL or TLS encryption. The 2ask back office and the survey server cluster are connected to the Internet via a redundant firewall with load balancing. Maintenance work as well as nightly backups are carried out via a dedicated, direct fiber optic connection to the data center. All rooms are secured and accessible only to authorized personnel.

If desired, 2ask can ensure the anonymity of survey participants. For this purpose, 2ask offers various options that prevent conclusions from being drawn about individual survey participants. For example, an evaluation or viewing of results can be blocked until a certain number of survey participants has been reached. Such an anonymity limit can also be set on individual response options such as an organizational unit. Anonymity limits can also be set in the area of filtered results reports, which require a minimum quantity of a selection option in a closed question to be included in the results report.
 

All data of our customers are logically separated on our data storage infrastructure. This ensures that each customer only has access to their own data and also retains the right to delete their data at any time. 2ask commits itself to never use surveys, survey results and participant data (e.g. e-mail addresses of the participants) of the customer in any way,  nor to make them available to third parties.

If survey participants wish to obtain information about their stored data, 2ask enables easy research of all contact lists and survey results.  Thus, information or deletion of individual data records of a survey participant can be carried out easily in accordance with GDPR.

The server infrastructure is regularly analyzed for possible security problems using automated penetration tests. If these tests reveal a need for action, security patches are prioritized depending on the risk potential and are applied without interruption. If a maintenance window with system interruption is required, this is communicated in advance.

As a rule, software updates are installed on a separate test platform before going live in order to identify any complications before installation on the production servers.