Alm Brand Group’s IT environment must be secure and comply with applicable standards, including relevant areas from internationally recognized standards such as ISO 27001, ITIL, SOC 2, and similar, to be robust and able to withstand cyberattacks.
Alm. Brand Group focuses on handling personal data securely and properly in accordance with applicable legislation. We are transparent about the forms of personal information we collect, how we do it, the specific purposes, and the legal basis for processing. The collected information is used solely for the purposes for which it was collected. This is further detailed in the privacy policies for each legal entity under Alm. Brand Group. These privacy policies also provide information on the rights of data subjects, including the right to access their information, request deletion when customer data is no longer relevant, and more.
Additionally, we have business processes and workflows in place to handle data breaches promptly and in compliance with regulations. If there is a risk to the rights or freedoms of data subjects, we report the breach to the Danish Data Protection Agency (Datatilsynet) and inform the affected individuals, granted it is assessed the breach poses a high risk.
Alm. Brand Group processes and shares customer information only with companies, authorities, or organizations when consent is given or when there is another legal basis. We do not sell customer information.
When processing is based on consent, we ensure that the consent meets the conditions for valid consent.
Alm. Brand Group prioritize ensuring that all employees are knowledgeable about data protection regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act. To ensure all employees hold the required knowledge regarding correct use of data protection and personal data, all Alm. Brand employees complete an annual e-learning course on GDPR.
Data protection is a significant focus for Alm. Brand Group, and as an extension of this, we have established a set of data ethics principles outlined in the board-approved Policy and Guidelines for Data Ethics.
As part of the annual operational audit plan approved by the board, we conduct audits of IT in general, including information security and cybersecurity activities. These risk-based audits target various areas. Third-party auditors review general IT controls in critical systems essential for Alm. Brand Group’s financial reporting annually, ensuring that IT systems provide valid data for consolidated financial statements and annual reports.