Trust centre
Our Trust Centre is designed to provide you with information about information security practices, data protection measures, and code of conduct.
Information security and privacy
At Trapets, we understand that security and the protection of customer data are crucial to our solutions and adhere to high information security management standards.
The character of our business imposes a robust framework for managing our customers' data security. We have been an ISO 27001-certified company since 2018.
We have a privacy management system that is led by the Chief Executive Officer (CEO) and supported by the Data Protection Officer (DPO) and the Chief Information Security Officer (CISO). We also work proactively to prevent any unauthorised or unlawful access, use, disclosure, modification, or destruction of data, including:
Storing and processing data in multiple locations within Europe to ensure availability and resilience.
Encrypting data in transit and at rest using advanced encryption standards and protocols.
Backing up data regularly and storing it in geographically redundant locations with encryption and access control.
Providing security risk training to our developers and security awareness training to all our staff annually.
Conducting internal and external security audits.
Only allowing access to our systems and applications from trusted IP addresses or domains.
At Trapets, we understand that security and the protection of customer data are crucial to our services to customers, and we adhere to high information security management standards. Information security is core at Trapets, and we continually develop and improve our information security management system (ISMS).
Trapets has been certified under ISO 27001 since 2018, and our current certification under ISO27001 is valid until 2027. This policy outlines the ways in which Trapets protects our services, our information assets and our customers’ data against threats related to information security, including cyber threats, to secure the security and resilience of our services and the confidentiality, integrity and availability of the data of both Trapets and our customers.
This policy is a level one policy within the Trapets policy framework. Further details around how we manage information security in our service delivery and daily operations are set out in several more specific level two policies and level three routines.
Information security refers to both information security and cyber security in Trapets’ organisation, premises and IT environment. Information security is an integral part of our business operations, and this Information Security Policy provides a company-wide view of information security issues.
Trapets ensures information security in our services and daily business operations by:
We prioritise the security and integrity of data, which is why we have an information security management system and a comprehensive information security policy framework. We have been certified according to ISO27001 since 2018.
The information security and privacy management system is governed by the Chief Executive Officer (CEO) and supported by the Data Protection Officer (DPO) and Chief Information Security Officer (CISO).
Our information security policy framework includes information classification, business continuity and disaster recovery, back-ups, access management, risk- and incident management, encryption and secure development.
We understand and respect the importance of data privacy and comply with the General Data Protection Regulation (GDPR). We only process personal data for legitimate purposes and with appropriate safeguards. In addition to the GDPR, some of the personal data we process for our customers are also covered by legislation on bank secrecy or similar legislation. We are committed to governing privacy accordingly.
Trapets processing of personal data within our service delivery, as processor for our customers (the controllers) is governed by the Data Protection Policy and Data Processing Agreements between Trapets and our customers. Other processing of personal data by Trapets is described in the Trapets Privacy Policy.
To prevent any unauthorised or unlawful access, use, disclosure, modification, or destruction of data, we implement various technical and organisational measures, such as: