GDPR

Personal integrity and the security of personal data are of utmost importance to us.

Assessio has made, and continues to make, large investments aimed to ensure we continuously work on improvements regarding security and procedures to respect personal integrity complying with the GDPR. 

Matrigma

Integrity and data security

To ensure integrity and data security, we have our data protection officer and our ISO 27001 certified information security management system (LIS/ISMS). Transparency is a paramount in what we do, here you can find information about:

  • Our answers to frequently asked questions (FAQ)
  • Our responsibility as service provider and personal data assistant
  • Our responsibility as data controller
christin-hume

Different roles but shared responsibility

Data protection, security and integrity are shared responsibilities between Assessio and our customers. The Ascend and Assessio platforms are cloud-based so-called SaaS solutions. Assessio takes responsibility for physical security of hardware, infrastructure, and our part of data protection. The customer is responsible for the parts of the system that are incumbent on them, e.g. authorization assigned to relevant employees, legal basis for personal data processing, and provide local processes and routines protecting personal data in accordance with the GDPR. 

When individuals wish to use their rights in accordance with the data protection regulation and contact Assessio, we will inform our client as soon as possible, as well as reply to the individual that we have contacted you. It is therefore important that our clients have processes in place to respond when candidates wish to exercise their rights.

Incident management & documentation

We follow a well-defined incident management process, and have first, second and, third line support to ensure incidents are handled immediately at correct level and by the correct role Assessio works continuously and structured with customer feedback and strives to constantly improve our systems in close collaboration with our customers.

All routines around personal data management and data protection are documented in our GDPR and ISO 27001-certified management system for information security.

ISO 27001
desktop screen

Confidentiality

Assessio has clear and well-defined routines and processes that ensure confidentiality is maintained, both in the Ascend system as well as in functionality that involve manual procedures.

Read more about Assessio as Personal data controller
Read more about Assessio as Personal data processor