How does Visma protect and store personal data?

How we keep your personal data secure

Visma takes the trust you and our Customers place in us very seriously. Visma is committed to preventing unauthorised access, disclosure or other deviant processing of personal data. Visma shall ensure the confidentiality of personal data we process, maintain the personal data integrity and secure its availability according to applicable privacy legislation.  

As part of our commitments, we utilize reasonable and appropriate organizational, technical and physical procedures and measures to safeguard the information we collect and process, taking into account the type of personal data and risk posed to you and our Customers upon breach. Since root causes for privacy breaches are most likely to be found internally, we believe that building a strong corporate culture where respect for and awareness around privacy among our employees are fundamental to ensure lawful processing and protection of your data  The following measures are of particular importance in this regard:


  • The Data Protection Council governing lawfulness of processing and privacy policies for Visma Group. The council is staffed with internal privacy and information security experts supervised by the Corporate Data Protection manager.
  • A lawyer being appointed as Data Protection Officer acting as advisor and controller in privacy matters
  • eLearning privacy courses that are mandatory for all employees 
  • Mandatory procedures for keeping records of processing activities and assessing risks for data subjects applies to all Visma subsidiaries
  • Data processing agreements with subcontractors that process data on behalf of Visma


  • Classification of personal data to ensure implementation of security measures equivalent to risk assessment

  • Assess the use of encryption and pseudonymisation as risk mitigating factors.
  • Limiting access to personal data to those that need access to fulfil obligations according to law or service agreement etc.
  • Manage systems that detects, restores, prevents and reports privacy incidents.
  • Use security self-assessments to analyse whether current technical and organisational measures are sufficient to protect personal data, taking into account the requirements outlined in applicable privacy legislation.


  • Premises protected by access control and video surveillance systems

How long we store your personal data

Visma will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.

This means that Visma may retain your personal data for a reasonable period after you and our Customer’s last interaction with us. When the personal data that we collected is no longer required we erase it.  We may process data for statistical purposes, but in such cases, data will be pseudonymised or anonymised.