1. Working close to partners
First of all, we ensure that our business partners fully respect the GDPR - whether they are collecting your data or giving you information about how they process it. In particular, we ask them to be as transparent as possible regarding the transmission of data to Bisnode, and to refer to these web pages for more information on our activities. Also, to make sure data is handled correctly, we regularly audit our vendors and third parties.
2. Limiting processing to a minimum
To protect personal integrity, we limit processing to only what is necessary for the purpose. On top of that, we do not release information if we suspect that it could be used in conflict with our stated purposes and in violation of an individual's privacy. We have an active blocking feature so that every registered individual or company owns the right to refuse direct marketing.
For the processing itself, we maintain advanced and modern technical standards.
3. Regular internal and external controls
The security of your data is of paramount importance to us, and we do regular internal and external checks to ensure that the tools and procedures put in place work properly. We also have an incident/security organization in-house with coordinated processes, both on a central and local level. All employees and consultants who have access to data, are bound by strict processes, that ensure they only have access to the data they need. As a further measure, we also keep logs on anyone who accesses our data.
4. Network of Data Protection Officers
As Bisnode is a European company, we have a network of data protection officers (DPO), both on a central and local level, ensuring there is always one in close proximity to all individuals whose data we handle. But we don't stop there - we also have regular group-wide GDPR trainings for all employees.
5. Ready for you to exercise your rights
We have procedures in place to allow you to exercise your rights easily. Our quick and efficient customer service ensures you can update, correct, block and delete personal data that is false or incomplete.
6. Limiting risks
In compliance with the GDPR, we carried out a data protection impact assessment (DPIA). This document analyzes all the possible risks of harm to your data and all the measures to be taken to avoid or limit this risk to a minimum. The recommended measures have been implemented in our IT system and in our procedures.