Nexus sees the EU's general data protection regulation (GDPR) as an important step forward in streamlining and unifying data protection requirements across the EU. We also see it as a great opportunity for us to strengthen our clear commitment to data protection principles and practices. It is as well fully in line with our recent ISO 27001 certification in Sweden.
Therefore, we have gathered some frequently asked questions regarding Nexus GO services and GDPR. See also Terms and GDPR Statements.
Nexus uses industry standard systems to protect against data loss, for example, at power outages or other types of interference.
Services that the data center operates, such as order portals, PDF signing and web shop, include replication that restores data if a specific server or cluster in the data center fails. Nexus GO services also include file backup.
Backup is taken regularly and is kept in a safe and in bank vaults. Restoration of the environment is well documented and restore is done continuously.
All communication is encrypted and with login.
Nexus logs access and use of systems containing data, and records access ID, time and relevant information.
Nexus has anti-malware detection to prevent malicious software from getting unauthorized access to data, including public network software.
Nexus (including subcontractors) protects and limits premises, where information systems that process data are available, with lock and authentication with the purpose of identifying authorized individuals. Backup is taken regularly and is kept in safe and bank vaults.
Nexus uses industry standard practice to identify and authenticate users seeking access to the information system.
Nexus does not process any kind of customer data without permission from our customers. Our customers decide which data to handle and Nexus uses this data solely to produce the products for identification, authentication and access control that our customers need.
Nexus’ personnel are required to treat all information confidentially and that obligation remains after their engagement has ceased.
Nexus has implemented a range of technical and organizational measures, such as establishing internal controls and information security practices to protect the data we handle on behalf of the customer. The purpose is to protect our customers' information in our web services from accidental or temporary loss, damage or change, unauthorized disclosure or access, or unauthorized destruction.
Questions and answers in Swedish
The questions and answers for GDPR and Nexus GO services are also available in Swedish.
Data processing agreements:
- Data processing agreement for Nexus GO Cards
- Personuppgiftsbiträdesavtal för Nexus GO Cards (SV)
- Data processing agreement for Nexus GO Signing
Questions and answers: