Security and Privacy
Here you can find important information regarding data collection, security and privacy
GDPR - Data protection regulation
GDPR stands for General Data Protection Regulation and is the common regulation for all member states of the European Union regarding personal information and integrity. Companies outside of the EU, that handle personal information about EU citizens are also covered by the regulation.
GDPR is now law in all member states of the EU since the 25th of may, 2018. The regulation will bring great changes to those that store or process personal information, and will strengthen the rights of the individual citizen in regards to privacy. You can find more information on the Swedish Data Inspection Agency's website.
We recommend that you read the Data Inspection Agencys "6-page guide about data protection (PDF)" (NOTE: In Swedish).
MultiNet as data processor
All behandling av personuppgifter i de webbtjänster som du nyttjar är du som kund personuppgiftsansvarig för. MultiNet är personuppgiftsbiträde och vidtar tekniska och organisatoriska säkerhetsåtgärder för att du ska känna dig trygg med att dina insamlade personuppgifter ska behandlas säkert och enligt lagen. MultiNets tekniska och organisatoriska åtgärder finns beskrivet under Säkerhet.
MultiNet as data controller
Precis som att du är personuppgiftsansvarig för de uppgifter du behandlar så är MultiNet personuppgiftsansvarig för alla personuppgifter om dig som kund, användare eller deltagare på våra utbildningar. All behandling av personuppgifter om dig som kund, användare eller deltagare på våra utbildningar är vi personuppgiftsansvarig för.
Behandling
Med behandling menas en åtgärd eller kombination av åtgärder beträffande personuppgifter eller uppsättningar av personuppgifter, oberoende av om de utförs automatiserat eller ej, såsom insamling, registrering, organisering, strukturering, lagring, bearbetning eller ändring, framtagning, läsning, användning, utlämning genom överföring, spridning eller tillhandahållande på annat sätt, justering eller sammanförande, begränsning, radering eller förstöring.
Frequently asked questions about GDPR
Many customers are approaching us about what we're doing to fulfill the demands set by GDPR. We've collected some of the most frequent questions here.
Rest easy, we are fully complient with GDPR.
Hur kommer ni att kommunicera med oss som kunder gällande kommande systemanpassningar gentemot GDPR?
Säkerhet och integritet
Autentisering och kryptering
- Encrypted communication: MultiNet uses 256-bit SSL-encryption, with 2048-bit RSA keys. All communication to and from the Users computer is encrypted with SSL, the most widely used Internet standard for encrypted communication.
- Password protection: The entire process while logging is encrypted, meaning that no information is sent in clear text. The users password is stored in a one-way encryption format.
- Automatic sign-out: To avoid unauthorized access to your information, the system automatically signs out the User in case they're inactive for more than 30 minutes. The User is always at risk of unauthorized use in the case a user leaves their computer unattended.
- Continuous verification of users: Every action sent to MultiNet's servers force a check of the logged in users permissions.
Hosting
- Fire safety and climate: The data center has automatic smoke detection, and the halls are split into separate fire zones.
- Climate control makes sure that the temperature is kept low, and air moisture optimal.
- Internetanslutning: Dubblerade högkapacitetsanslutningar säkerställer kundernas tillgång till Tjänsten. Internet connection: Double high-capacity connections ensures customer access to the Service
- Secondary power: The data center is equipped with a secondary power supply and diesel generators, ensuring access to power.
- Access to the data center is only given to authorized personnel and requires a biometric check and verification through a key card and code.
System architecture and backup
- Multi-layer redundancy. MultiNets services are built on a modern server platform.
- Firewalls: MultiNets servers and networks are protected by primary and secondary firewalls, with DDoS-protection.
- MultiNet are pro-active through the surveillance and analysis of firewalls and system logs.
- Database security and backups: MultiNet's backup routines has complete coverage of the system, ensuring continuity.
- Full backups are done daily, and incremental backups done every hour. Backups are transferred to two separate locations in Sweden.
- Encryption of the customers passwords remain even in backups.
- Readback tests are done continuously.
Knowledge and information protection
- Only a handful of key people know about how the security system is built.
- All personnel working for MultiNet are bound by confidentiality and non-disclosure agreements, prohibiting the spread of customer information. Only authorized personnel has access to the information.
- The confidentiality agreement does not apply to: Such information that can be shown to have been acquired by other means than fulfilling the Agreement. Any information that is public knowledge. Any information that is required to be disclosed by law.
System status
We put a lot of energy and dedication into making sure that the web services are available 24/7 all year around, so that you can work whenever you want to.
You can see all current information regarding our services on our status page https://status.multinet.com. You can also sign-up for automatic emails about any service disruptions.
Incident handling
MultiNet has a contingency plan for handling any service disruptions. The process aims to clarify the information flow, what routines that are available, all roles and the responsibility of each. An incident team handles the necessary coordination, communication and the responsibility to determine, react and learn from incidents, to minimise the risk of future ones. You can read more about any incidents on https://status.multinet.com or by signing up for the automatic notifications on the status page.
Privacy and Cookies
To help clarify our responsibility to protect your rights and privacy we've created a policy that explains how we use the personal information you share with us. The policy is meant to help explain what information we collect, how we use and how we don't use it.