We’re keeping your information safe

In Actimo, we handle a significant amount of data for our customers every day. As your partner and data processor, we use state-of-the-art data protection and security measures to do it in the safest and most secure way.

We partner up with NCC Group (link) for a biannual security audit and penetration tests of our security and consistently score top marks. The latest security grade reported as of April 2018 is 'Excellent 7/7'.

Privacy matters. This is why we have a GDPR-compliant DPA in place with all of our sub-processors to ensure confidentiality in the whole chain, as well as timely breach notifications. We have always taken great pride in being entrusted with our customers' personal data. Therefore, the security and integrity of this data have been at the core of every design decision, big or small. We make sure that your data is only in the hands of the right people. This includes a strict access control regimen where data is encrypted both at rest and in transit.

Personal data collected needs to be processed transparently, and should not be used in any way that a person would not reasonably expect. In Actimo, you get full insight into how your data is being processed, and full access to all data whenever you need it. Facilitating insight requests under GDPR is as simple as exporting the relevant data with a self-service solution.

We provide a very secure and reliable application that ensures automated anonymization, deletion of data for inactive data subjects, as well as opt-out functionality with subsequent deletion for data subjects. When a contact has been deleted or inactivated for a certain amount of time, this contact is anonymized, meaning that all their data is overwritten and no longer personally identifiable.

We use industry best practices for handling personal data, including encryption in all stages of the data lifecycle. All data uploaded or generated by users belongs to our users. That means that we do not claim any ownership over customer data and will never transfer, sell, or license out access to said data to any third parties, except to a subprocessor to provide our services, as instructed by the customer or as legally required by the authorities.