Privacy policy
1. Introduction
Data Illusion Zumbrunn (“DIZ”, “we”, “us” or “our”) is a Swiss company providing survey and form software, including ngSurvey Cloud and on-premise services (the “Services”). Our infrastructure is hosted in the Netherlands (European Union).This Privacy Notice explains how we collect, use, disclose, and otherwise process personal data:when you visit our websites (the “Sites”),when you interact with us as a customer, prospect, partner, or event participant,when you use our Services as an authorized user.If you participate in a survey or form created using our Services, the organization that invited you is the data controller. DIZ acts solely as a data processor for such survey data.
2. Data Controller
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“revDSG”), the data controller is:Data Illusion Zumbrunn
Switzerland
Email: privacy@dataillusion.com
3. Data Protection Contact
DIZ has not appointed a formal Data Protection Officer.
For any questions, requests, or complaints relating to personal data, please contact:privacy@dataillusion.com
4. Scope of This Privacy Notice
This Privacy Notice applies to:visitors of our Sites (e.g. www.ngsurvey.com),customers and prospective customers,authorized users of our Services,business partners and event participants.It does not apply to third-party websites linked from our Sites, which are governed by their own privacy notices.
5. Customer Data and Survey Data (Processor Role)
5.1 Customer Data
When providing the Services, DIZ may process personal data on behalf of its customers (“Customer Data”). Customers act as data controllers, and DIZ acts as a data processor.Customer Data may include:end-user identifiers (e.g. IP address, email address),system or event logs,usage or configuration data,data submitted in support requests.Processing is governed by customer contracts and data processing agreements.
5.2 Survey and Form Data
All data collected through surveys or forms created using our Services is owned and controlled by the customer.DIZ processes such data solely to provide the Services.DIZ does not use survey data for analytics, marketing, or any other independent purpose.Requests from survey respondents must be addressed to the survey owner.
6. Personal Data
We Collect as Data Controller
6.1 Business and Customer Relationship Data
We may collect:name, company, job title,business address, phone number, email,billing and payment details,license, subscription, and usage information,user credentials and account administration data.
6.2 Data Submitted via Our Sites
You may provide personal data when:completing contact or inquiry forms,downloading documentation or software,subscribing to newsletters,corresponding with us by email or phone.
6.3 Customer Support Data
When you contact support, we may collect:support tickets and correspondence,call recordings (where applicable and lawful),technical information necessary to resolve issues.
6.4 Usage and Technical Data
When you visit our Sites, we may automatically collect:IP address,browser and device type,operating system,date, time, and duration of visits,pages viewed and referral information.
7. CookiesOur Sites use cookies and similar technologies.
Details are provided in our Cookie Policy:
https://www.ngsurvey.com/cookies
8. Legal Bases for Processing
Where we act as data controller, we process personal data on the following legal bases:performance of a contract or pre-contractual steps,compliance with legal obligations,legitimate interests (e.g. operating and improving our business),consent, where required by law.
9. How We Use Personal Data
We use personal data to:operate and develop our business and Services,manage customer relationships and accounts,provide customer support,operate and improve our Sites,communicate with you (including marketing where lawful),manage events and promotions,ensure security, prevent fraud, and enforce legal rights.
10. De-identified and Aggregated Data
We may anonymize or aggregate data so that it can no longer be linked to an individual. Such data may be used for analytics, research, service improvement, and market insights.
11. Sharing and Disclosure of Personal Data
We may disclose personal data:to service providers and subprocessors acting on our instructions,to public authorities where required by law,in connection with corporate transactions (e.g. mergers or asset sales).All subprocessors are contractually bound by data protection obligations.
12. Subprocessors
DIZ may engage third-party subprocessors to provide parts of the Services (e.g. hosting, support tools).
A current list of subprocessors is available upon request.
13. International Data Transfers
Personal data may be transferred outside the EU/EEA or Switzerland. Where this occurs, DIZ ensures appropriate safeguards, including:EU adequacy decisions,Standard Contractual Clauses (SCCs),other lawful transfer mechanisms.You may request further details at privacy@dataillusion.com.
14. Automated Decision-Making
DIZ does not carry out automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.
15. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, tax, accounting, and contractual obligations.
16. Security
DIZ implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure. No system is entirely secure, and we cannot guarantee absolute security.
17. Children
Our Sites and Services are not intended for children under 16. We do not knowingly collect personal data from children under this age.
18. Marketing
CommunicationsWhere permitted by law, we may send marketing communications. You may opt out at any time via the unsubscribe mechanism or by contacting us.
19. Your Rights
Subject to applicable law, you have the right to:access your personal data,rectify inaccurate data,request erasure or restriction,object to processing,receive your data in a portable format,withdraw consent at any time,lodge a complaint with a supervisory authority.Requests can be made to privacy@dataillusion.com.
If your request relates to survey data, we will refer you to the relevant customer.
20. Supervisory Authorities
You have the right to lodge a complaint with your local data protection authority, including:Switzerland: Federal Data Protection and Information Commissioner (FDPIC)EU: your local supervisory authority
21. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. The latest version will always be available on our Sites.
Last updated: December 14, 2025
Data Illusion Zumbrunn (“DIZ”, “we”, “us” or “our”) is a Swiss company providing survey and form software, including ngSurvey Cloud and on-premise services (the “Services”). Our infrastructure is hosted in the Netherlands (European Union).This Privacy Notice explains how we collect, use, disclose, and otherwise process personal data:when you visit our websites (the “Sites”),when you interact with us as a customer, prospect, partner, or event participant,when you use our Services as an authorized user.If you participate in a survey or form created using our Services, the organization that invited you is the data controller. DIZ acts solely as a data processor for such survey data.
2. Data Controller
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“revDSG”), the data controller is:Data Illusion Zumbrunn
Switzerland
Email: privacy@dataillusion.com
3. Data Protection Contact
DIZ has not appointed a formal Data Protection Officer.
For any questions, requests, or complaints relating to personal data, please contact:privacy@dataillusion.com
4. Scope of This Privacy Notice
This Privacy Notice applies to:visitors of our Sites (e.g. www.ngsurvey.com),customers and prospective customers,authorized users of our Services,business partners and event participants.It does not apply to third-party websites linked from our Sites, which are governed by their own privacy notices.
5. Customer Data and Survey Data (Processor Role)
5.1 Customer Data
When providing the Services, DIZ may process personal data on behalf of its customers (“Customer Data”). Customers act as data controllers, and DIZ acts as a data processor.Customer Data may include:end-user identifiers (e.g. IP address, email address),system or event logs,usage or configuration data,data submitted in support requests.Processing is governed by customer contracts and data processing agreements.
5.2 Survey and Form Data
All data collected through surveys or forms created using our Services is owned and controlled by the customer.DIZ processes such data solely to provide the Services.DIZ does not use survey data for analytics, marketing, or any other independent purpose.Requests from survey respondents must be addressed to the survey owner.
6. Personal Data
We Collect as Data Controller
6.1 Business and Customer Relationship Data
We may collect:name, company, job title,business address, phone number, email,billing and payment details,license, subscription, and usage information,user credentials and account administration data.
6.2 Data Submitted via Our Sites
You may provide personal data when:completing contact or inquiry forms,downloading documentation or software,subscribing to newsletters,corresponding with us by email or phone.
6.3 Customer Support Data
When you contact support, we may collect:support tickets and correspondence,call recordings (where applicable and lawful),technical information necessary to resolve issues.
6.4 Usage and Technical Data
When you visit our Sites, we may automatically collect:IP address,browser and device type,operating system,date, time, and duration of visits,pages viewed and referral information.
7. CookiesOur Sites use cookies and similar technologies.
Details are provided in our Cookie Policy:
https://www.ngsurvey.com/cookies
8. Legal Bases for Processing
Where we act as data controller, we process personal data on the following legal bases:performance of a contract or pre-contractual steps,compliance with legal obligations,legitimate interests (e.g. operating and improving our business),consent, where required by law.
9. How We Use Personal Data
We use personal data to:operate and develop our business and Services,manage customer relationships and accounts,provide customer support,operate and improve our Sites,communicate with you (including marketing where lawful),manage events and promotions,ensure security, prevent fraud, and enforce legal rights.
10. De-identified and Aggregated Data
We may anonymize or aggregate data so that it can no longer be linked to an individual. Such data may be used for analytics, research, service improvement, and market insights.
11. Sharing and Disclosure of Personal Data
We may disclose personal data:to service providers and subprocessors acting on our instructions,to public authorities where required by law,in connection with corporate transactions (e.g. mergers or asset sales).All subprocessors are contractually bound by data protection obligations.
12. Subprocessors
DIZ may engage third-party subprocessors to provide parts of the Services (e.g. hosting, support tools).
A current list of subprocessors is available upon request.
13. International Data Transfers
Personal data may be transferred outside the EU/EEA or Switzerland. Where this occurs, DIZ ensures appropriate safeguards, including:EU adequacy decisions,Standard Contractual Clauses (SCCs),other lawful transfer mechanisms.You may request further details at privacy@dataillusion.com.
14. Automated Decision-Making
DIZ does not carry out automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.
15. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, tax, accounting, and contractual obligations.
16. Security
DIZ implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure. No system is entirely secure, and we cannot guarantee absolute security.
17. Children
Our Sites and Services are not intended for children under 16. We do not knowingly collect personal data from children under this age.
18. Marketing
CommunicationsWhere permitted by law, we may send marketing communications. You may opt out at any time via the unsubscribe mechanism or by contacting us.
19. Your Rights
Subject to applicable law, you have the right to:access your personal data,rectify inaccurate data,request erasure or restriction,object to processing,receive your data in a portable format,withdraw consent at any time,lodge a complaint with a supervisory authority.Requests can be made to privacy@dataillusion.com.
If your request relates to survey data, we will refer you to the relevant customer.
20. Supervisory Authorities
You have the right to lodge a complaint with your local data protection authority, including:Switzerland: Federal Data Protection and Information Commissioner (FDPIC)EU: your local supervisory authority
21. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. The latest version will always be available on our Sites.
Last updated: December 14, 2025