Visma provides many different services to our Customers. These services involves processing of the Customers’ data and may include processing of personal data. The purposes of this processing is determined by our Customers and not by Visma. The Customer is then the data controller for the data subject’s data. Visma do in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. When acting as data processor, Visma is in accordance with the requirements in applicable data protection legislation always committed to enter into a data processing agreement (DPA) with the Customer. The Customer has agreed and guaranteed that:
The Customer is the owner of or otherwise has the right to transfer the data to Visma for processing and that he has the responsibility for the accuracy, integrity, content, reliability and legality of the personal data
It is the Customer’s duty as data controller to notify, to the extent required by applicable law, the relevant supervisory authorities and/or the data subject in the event of any breach or unauthorized disclosure of personal data
When acting as data processor, Visma is responsible for providing technical and organizational security measures in order to safeguard your privacy on behalf of our Customer - the data controller.
As data processor, Visma will not process personal data in any other manner or for any other purpose than as authorized in the agreement with the data controller.
Data subjects having questions, comments, claims or any other issues regarding their personal data that Visma is data processor for, must submit these to the data controller. As data processor, Visma will not give any data subjects access to their personal data without instructions given by the data controller to do so. If governmental authorities or the police request disclosure of personal data, Visma will promptly notify the data controller and we will disclose such data only to comply with a court order.
Visma will provide non-public information about internal systems and routines for data processing to Customers and collaboration partners upon request. This may be contingent upon a non-disclosure agreement.