Data retention policy
Albacross Nordic AB will handle Customer Data in accordance with the GDPR. The GDPR does not specify retention periods for personal data. Personal data may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed and stored for the purposes for which it was processed.
Data archiving and removal policy
Albacross Nordic AB will handle Customer Data in accordance with the GDPR. Upon request, data will be removed as soon as possible and at the latest within 30 days from the day Customer requested the personal data to be deleted. Data required for business related purposes or keeping the service functional will be anonymised and/or handled as stated in the business agreement until data can be removed.
Data storage policy
The following measures are applied for technical- and organizational security:
• Physical Access Control measures to prevent physical access of unauthorized persons to IT systems that handle personal data
• System Access Control measures to prevent unauthorized persons from using IT systems and processes without proper authentication and access
• Data Access Control measures to ensure that persons authorized to use the IT systems only have access to the personal data that follows from their access rights
• Transmission Access Control measures to ensure that personal data cannot be read, copied, altered or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of personal data is to be done via data transmission systems
• Entry Control measures to ensure that it can be subsequently reviewed and determined if and from whom personal data was entered, altered or deleted in the IT system
• Availability Control measures to ensure that personal data are protected against accidental destruction or loss
• Separation Control measures to ensure that personal data collected for different purposes can be processed separately
• Retention Rules to ensure that personal data is adequately erased or destroyed when use of the personal data is no longer reasonable or necessary
For more information on our Data storage policy, contact legal@albacross.com
Data center location(s)
Ireland
Data hosting details
Cloud hosted
App/service has sub-processors
yes
Guidelines for sub-processors