IT & Data Security

Information Security

Autorola’s information security practices are governed by a set of fundamental principles, ensuring alignment with industry standards, a cohesive and robust security framework, and a commitment to safeguarding sensitive data while enabling our business to thrive and maintain a positive reputation.

Compliance with International Standards: Our information security management system adheres to globally recognized best practices, such as ISO 27001, ISO 27002, and ISO 27005.

Leadership and Guidance: The Chief Information Security Officer (CISO) leads the Information Security function, responsible for creating the Information Security Manual, encompassing policies, standards, procedures, and guidelines. This function serves as an internal center of excellence, providing leadership and guidance on all information security matters.

Prudent Investment in Security: We make wise investments in proven information security controls based on lifecycle cost/benefit assessments and risk analyses.

Organization-Wide Responsibility: Information security is embedded throughout the entire organization, safeguarding all information assets under our care, including those we own and those entrusted to us. It is integrated into our IT architecture, operational processes, and management procedures, making every individual accountable for information security.

Integral to Corporate Governance: Information security is a core element of corporate governance, closely intertwined with IT management, physical site security, risk management, legal and regulatory compliance, and business continuity. It fulfills our obligations to employees, business partners, and the broader community.

Business Enabler: Information security serves as a business enabler, allowing us to confidently pursue and maintain relationships, markets, and opportunities that might otherwise seem too risky. By minimizing losses from security breaches, it supports our financial well-being and enhances our corporate image as a trustworthy, open, honest, and ethical organization.

Sensitive Data Protection: We prioritize the protection of sensitive data as defined by GDPR Article 9 and Article 10. Registration of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, and data concerning sex life or sexual orientation is strictly prohibited. Exceptions only apply to preapproved registration of trade-union and required health information of employees when necessary.

GDPR compliance
At our organization, we are committed to upholding the key principles of the GDPR when processing personal data to fulfill our obligations to both our customers and the data subjects. We take full responsibility for implementing and maintaining this policy to ensure compliance with the GDPR. Our approach to processing personal data ensures appropriate security and confidentiality. We protect against unauthorized access, unlawful use, accidental loss, destruction, or damage of personal data and the processing equipment, employing suitable technical and organizational measures.
Data rights
Our employees and data processors with access to personal data are bound by strict confidentiality obligations. We always aim to accommodate data subject requests, even if not legally mandated, to uphold their rights. We process personal data lawfully and fairly, ensuring transparency in all communications related to the processing of our customers' personal data. We use clear and plain language to make information easily accessible and understandable.
Personal data
Personal data is collected for specific, explicit, and legitimate purposes, and we do not use it in ways incompatible with these purposes. The reasons for processing personal data are explicit and determined at the time of collection. We process personal data only to the extent necessary for the intended purposes, ensuring adequacy and relevance. The storage period for personal data is kept to a strict minimum. Personal data is not retained beyond the legally permissible and required period. We store personal data only as long as necessary for the processing purposes.
Previous slide
Next slide

Choose a different country to view content for your location.