GDPR compliance at globainsight
globainsight is built for enterprise customers with strict data-protection requirements. This page summarises how we comply with the EU and UK General Data Protection Regulation, and what we provide to help our customers meet their own GDPR obligations.
1. Our role
When you use the platform to collect survey responses, you are the data controller and globainsight is the data processor. When panellists join our panel directly, globainsight is the controller of their panellist data. Both relationships are governed by documented agreements.
2. Data Processing Agreement
A standard DPA incorporating EU Standard Contractual Clauses and the UK International Data Transfer Addendum is available to all customers - pre-signed and downloadable from your account dashboard. Custom DPAs are available for enterprise contracts.
3. Lawful basis & consent
Panellists provide explicit, granular consent on joining the panel and on every study. Withdrawals are honoured within 24 hours. For business contacts of our customers, we rely on legitimate interest with documented balancing tests.
4. Data subject rights
Panellists can exercise access, rectification, erasure, restriction, portability, and objection rights via a self-service portal at panel.globainsight.com/rights. Requests routed through customers are responded to within 5 business days.
5. Sub-processors
A current sub-processor list, including processing purpose and location, is published at globainsight.com/subprocessors and updated 30 days before any change. You can subscribe to change notifications.
6. International transfers
Data is stored in regional clusters: EU (Frankfurt), UK (London), US (Virginia), and APAC (Singapore). Cross-region transfers use SCCs plus supplementary measures (encryption at rest and in transit, pseudonymisation where feasible).
7. Breach notification
We notify affected customers within 24 hours of confirming a personal data breach, with regulators notified within 72 hours where required. A documented incident response runbook is available under NDA.
8. Contact our DPO
EU Representative: globainsight EU GmbH, Friedrichstrasse 88, 10117 Berlin, Germany. DPO: dpo@globainsight.com.