The General Data Protection Regulation (GDPR)

Privacy principles and limiting processing of personal data is important for Infront.

We have strengthened our values through our preparation to comply with the European Union's new General Data Protection Regulation (GDPR), which is now in force.

Infront recognizes the importance of GDPR to our customers. Our GDPR programme was launched last year and included thorough data and process mapping. We continued to assess policies and practices to make sure that we were in line with both regulation and customer expectations.

This work helped us reinforce our commitment to embed data protection principles deeper into our business processes.

Click here for information about Infront's subvendors. To learn about the measures Infront has taken to ensure sufficient data protection, follow this link

If you want to discuss any aspect of this, please get in touch with our GDPR contact

 

FAQ

We have created this FAQ relating to the GDPR and your use of our services for the purpose of comfort and transparency.

 

General

QUESTION: How has Infront prepared for the implementation of GDPR?

ANSWER: Infront has conducted a full assessment of impacts in our infrastructure, business and development setup. The main focus has been to document existing processing as the processing Infront does of personal data already was, for specific purposes and with lawful basis.

QUESTION: What kind of information that Infront stores will be affected by GDPR?

ANSWER: Data added by customer and/or Infront by registering as users and using Infront products, such as

  • Name
  • Phone number
  • Email address
  • Postal address
  • Trading logs
  • Lists and settings created in Infront front ends

The data is only known by the customer and Infront. As a result, both the customer and Infront can control the main parts of the rectification and deletion process themselves.

QUESTION: Does Infront use any third-party partners that are relevant in regards to GDPR?

ANSWER: Infront partners with Microsoft Azure for Cloud and hosting services for some logs and user settings and lists. We use Freshworks as support desk tool, CRM tool and to send emails regarding product updates.

 

Data

QUESTION: Where is the personal data stored physically?

ANSWER: Infront stores all data at facilities in Europe. Our subvendors are Microsoft Azure and Freshworks. Microsoft Azure store data in Europe. Freshworks store data mainly in Europe and also countries approved by EU. If data is stored in other countries than EU, the standard contractual clauses secure the required data protection level.

QUESTION: How does Infront handle the individual’s right to insight and to correct personal data?

ANSWER: The users have access to view their personal data in the Infront products. This is done by using My Profile in the Infront terminal or Infront Web Trader. The end user can also correct his/her personal data here. Alternatively, they can contact Infront and ask for access or for information to be corrected on their behalf.

QUESTION: Will Infront be able to delete personal data if end user exercises his right to erasure?

ANSWER: Personal data that Infront is not required to keep (due to accounting regulations or to comply with the exchanges’ rules to prevent misuse for example) will be possible to delete. Please contact Infront in these cases.

QUESTION: Who can access the data?

ANSWER: The customers are the only ones who can access their with the exception of Infront Customer Support and Development staff when required.

 

Security

QUESTION: How do you work in order to ensure security at Infront?

ANSWER: At Infront, we actively work to ensure security (data, physical etc.). We regularly review our security procedures and perform risk assessments. Infront conducts regular penetration tests of the implemented security measures, conducted by external partners to ensure that the data security is up to date and adhering to the highest standard.

All Personal Data is on a protected network, behind dedicated firewalls and behind locked doors with physical access restrictions in place.

QUESTION: Do you keep personal data in logs?

ANSWER: Yes, we have logs connected to use of our front ends. These logs contain the absolute minimum of personal data and are mainly used for troubleshooting. Logs are cleaned/deleted in defined cycles taking requirements under the GDPR into consideration.

QUESTION: Do you take backups?

ANSWER: Data is backed up every day. These are stored in Europe and are deleted within the appropriate time.