Privacy policy

Privacy of data collected

The security of the information and the privacy of the personal data obtained to develop the activities of Nordimeta is a concern of the management, which has determined the existence of controls that reduce the probability of incidents of information security or limit their impact.

This policy also aims to guarantee the privacy in the collection and processing of personal data that may be necessary in the course of Nordimeta activities, with the purpose of enabling the development of these activities and only during the period in which these activities take place.
The data collected for compliance with legal obligations shall be kept for such period of time as may be necessary or obligatory for the performance of contractual obligations, or for the period required by law.
Where there is an escape, loss or breach of personal data which is liable to pose a high risk to the rights and freedoms of its users, Nordimeta will notify, within 72 hours of its becoming aware, the control authorities and communicate the situation to the affected data owner (s) in a timely manner.
The data collected will not be shared, sold or transferred to other organizations.
Nordimeta employees are subject to a confidentiality agreement and respect this Information Security Policy.

Information security
In order to protect the confidentiality, integrity and availability of the information, the following guidelines are established:
  • Confidentiality and integrity of information must be preserved;
  • The availability of information must be maintained;
  • The information is only accessible to authorized persons;
  • Information assets are protected against all unauthorized access;
  • Information assets are protected against internal or external threats, whether deliberate or accidental;
  • All employees are trained in information security awareness;
  • All information security breaches and suspected vulnerabilities are reported and investigated;
  • Legal, customer or other requirements are respected.

Acceptable use of IT
Nordimeta employees are sensitized to a set of good practices aimed at minimizing the likelihood of information security incidents:
  • Computers should be properly housed and protected in a manner that minimizes the risk of incidents and improper access;
  • Mobile devices must be physically protected from damage, loss, theft and unauthorized access;
  • Company equipment should only be used by authorized users;
  • Employees should report all security incidents involving mobile devices;
  • Information residing on mobile devices must be safely erased or physically destroyed before such equipment is taken out of service, disposed of or assigned to other employees;
  • The Internet should be used only in the context of the tasks assigned to each employee;
  • The legal data and software protections indicated in the respective licenses must always be observed.