IT Security Policy

ReplaceIT (”ReplaceIT,” “our,” or “we”) strives to be a trustworthy and attractive company for partners and customers, particularly through the effectiveness and quality of our IT security. Therefore, we ensure that we maintain an appropriate and sufficiently high level of IT security, in compliance with legislation, including the Danish Data Protection Act and the European General Data Protection Regulation (GDPR).

​

A Data-Secure Environmental Footprint for Our Shared Planet

Our mission is to create business value while reducing environmental impact through Sustainable Circular Economy in IT equipment. Our vision is to foster economic transparency, trust, and security in a circular solution, where sustainability is profitable. Simply put, we aim to challenge the "buy-and-dispose" culture.

​

Our main focus is on:

Security – Sustainability – Circular economy.

​

Scope of Application

This IT Security Policy applies to the electronic processing of goods, business information, and personal data at ReplaceIT, including collection, storage, and deletion of data.
 

Personal Data and Responsibility

ReplaceIT processes multiple layers of personal data – both from our customers, partners, suppliers, and employees. We process all personal data lawfully, fairly, and transparently. We continuously work to ensure that all personal data is accurate, up-to-date, and that incorrect or no longer necessary data is corrected or deleted. Management at ReplaceIT is ultimately responsible for IT security and personal data processing. For more detailed information, please refer to our Privacy Policy.

​

Security Measures

Only employees with a legitimate work-related need for access to electronic data processing, including personal data, are granted access either physically or via IT systems with access rights management. This is ensured through our internal IT system, where only management and IT administrators are authorized to make changes. Thus, only management and IT administrators can assign responsibilities to the relevant employees.

​

In addition, the following security measures are implemented in our daily operations:
 

• All computers are password-protected and may not be left unattended.

• We have a “clear desk policy,” meaning no sensitive personal data can be left unmonitored on desks or other areas, and employees must lock their computers when unattended.

• Computers are only issued after being pre-installed with firewalls and antivirus programs.

• Firewalls, antivirus software, and operating systems on both computers and servers are regularly updated through the internal IT system.

• Personal data is deleted securely during the decommissioning and repair of IT equipment.

• Backup: We back up data on servers located within the EU.

• Monitoring: We continuously monitor our IT infrastructure to respond to potential illegal intrusions.

• External electronic storage devices are never used in connection with personal data.

• All employees are trained in handling and protecting personal data, both during onboarding and throughout their employment.

​

IT Security Awareness

A high level of IT security awareness and appropriate behavior from all employees at ReplaceIT are among our most important security measures. Therefore, it is our goal to ensure that there is a strong security awareness throughout the company. Employees are trained and made aware of IT security matters upon hiring and continuously throughout their employment, ensuring the maintenance of an appropriate and sufficiently high level of IT security and correct handling of personal data.

​

IT Contingency Planning

We continuously develop, maintain, and test contingency plans to ensure emergency operations, escalation, restoration, and resumption of normal operations in the event of significant disruptions to our IT systems.

​
Breach Notification

ReplaceITs kontakter hurtigst muligt og inden for 72 timer Datatilsynet, hvis der sker et sikkerhedsbrud på persondatasikkerheden i virksomheden. Hvis sikkerhedsbruddet indebærer en høj risiko for de af ReplaceIT registrerede kunder og medarbejdere bliver disse også informeret hurtigst muligt og inden for 72 timer.