Any personal data collected by us is stored on secure servers, and we use rigorous procedures to protect against loss, misuse, unauthorised access, alteration, disclosure or destruction of personal data. In the event of a physical or technical incident, we maintain strict security and incident response plans to handle such incidents in a timely manner and to limit their negative effects.
Here are some examples of the technical and organisational measures we have in place to protect your personal data:
- We encrypt data to protect it during transmissions and, when possible, at rest.
- We anonymise or pseudonymise personal data as soon as possible from a technical perspective as long as it does not infringe on any processing purpose.
- Our services have security features including comprehensive DDoS protection and controls, logs and state-of-the-art firewalls.
- Our data processors are bound by agreements to maintain a level of security appropriate to the data being processed. Some of our suppliers must also answer questionnaires that include questions on IT security and data protection.
- Our dedicated Cyber Incident Response Group continuously reviews our procedures to discover any errors in the collection, storage and processing of data, including physical security measures, in order to prevent unauthorised access to our systems.
- Every other year, we carry out a so-called penetration test, where an assigned third party tests our defences by trying to gain access to our systems.
- We restrict access to personal information to the specific Viaplay Group employees, suppliers and agents who need this information in order to process it. Everyone with such access has strict contractual confidentiality obligations and access is often secured with two-step authentication.
- As part of our onboarding procedure, each new Viaplay Group employee must complete a number of tests and trainings relating to information security, including the protection of personal data. The level of training is adapted to the level of sensitive information handled by the employee. All employees must complete annual e-learnings on data protection.