Data Protection

Technical and Organisational Measures

Infront has implemented the following technical and organizational measures to ensure sufficient data protection:

Data Protection by Design and Default

The principles underlying data protection by design and default are incorporated in all stages of developing new services or when making changes to current services.

Regular Risk Assessments and Self-Inspection

Regular risk assessments are conducted to identify data privacy risks, and the results are used to prioritize and implement mitigating measures on all risks that require focus. Infront performs regular penetration tests of the implemented security measures, conducted by external partners to ensure that the data security is up to date and adhering to the highest standard.

Measures are reviewed and evaluated for effectiveness when it comes to ensuring the security of processing Personal Data, and improvements are made when appropriate. Infront has appointed dedicated staff who are responsible for coordinating Infront’s GDPR programme to ensure GDPR compliance.

Access Control

Access to Personal Data is controlled and protected by organisational policies as well as technical measures. The objective is to ensure that there is an organizational awareness about the importance of keeping Personal Data in line with the GDPR requirements of confidentiality and integrity of Personal Data.

Infront’s solution includes technical access limitations on all Personal Data. This means that only Infront and the Customer have access to data related to the Customer’s end users. All Personal Data is on a protected network, behind dedicated firewalls and behind locked doors with physical access restrictions in place.

Storage

All Personal Data processed by Infront in relation to its services are stored on servers within EU/EEA.

Infront only stores Personal Data that is necessary for providing the services as described in Infront's customer agreements.