How does Visma protect and store personal data as data processor?

Visma provides many different services to our Customers. Most of our services involves processing of the Customers’ data, hereunder their personal data. The purposes of processing is determined by our Customers not by Visma. Making the Customer the data controller. Visma do in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. The relation between the Customer as data controller and Visma as data processor shall be regulated by a data processing agreement.

  The Customer's obligations: When the Customer act as data controller the Customer shall, according to applicable privacy legislation, ensure the legal grounds for processing the personal data. Further, the Customer shall assess and establish ownership to the risks posed to data subjects by processing their personal data. Another important aspect of the Customer’s duty as data controller is to comply with the information duty towards data subjects.

  Visma's obligations: Visma is a natural part of the Customers duties as data controller, in the sense that Visma’s services constitutes parts of the processing of personal data that the Customer must ensure are compliant with applicable privacy legislation.  Thus, when Visma processes personal data on behalf of its Customers, we must do so in accordance with privacy legislation applicable for data processors.      

In short, the Customer and Visma are obligated to cooperate to ensure privacy for data subjects. Visma shall provide the information necessary for the Customer to be compliant with applicable privacy legislation.