Go to site

Technical and organisational security Measures

This document is a high-level overview and describes technical and organisational security measures and controls implemented by Master International A/S to protect personal data and ensure the ongoing confidentiality, integrity and availability of our platform, products and services.

Master International A/S is registered with The Danish Data Protection Agency as a data controller, handling information related to employee administration. Further information regarding The Danish Data Protection Agency can be found at https://www.datatilsynet.dk/english/

Master International A/S commits to continuously monitoring the effectiveness of its information safeguards and to a yearly compliance audit by a Third Party to provide assurance on the measures and controls in place, to ensure that we comply with article 32 of the GDPR regulation and its practice. The independent auditor’s ISAE 3000 report on the design and implementation of selected controls applicable to the EU General Data Protection Regulation is available upon request.

Master international A/S shall take the following technical and organisational security measures to protect personal data.

  1. Master international A/S acts either as a Data Controller, Data Processor for customers or Data Sub-Processor for partners depending on the individual case and contract. In all cases the same security measures apply, so that we comply with the GDPR.
  2. Employees at Master international A/S have been appropriately trained and given instructions which ensures that all employees at all times work actively to protect personal data and information about test takers, customers, and partners.
  3. Master international A/S has physical access restrictions to offices and all other areas where processing of personal data is conducted using access control mechanisms. Our access control mechanisms have full audit of access.
  4. Master international A/S has restrictions on access rights to systems containing personal data. Access control systems ensure, that only employees with relevant work-related roles is granted access to systems.
  5. Master international A/S has a formal procedure for change management towards procedures, practices and implementation of changes to the services in compliance with applicable law or otherwise covered by the agreement with the Customer.
  6. Master international A/S implements an architecture which ensures full separation of personal data and data collected from online tests. Data is stored using two separate technical platforms, logical structures and authentication processes minimising the severity of a single security breach. During usage, the combined data is pseudonymised in the application, but the collected data is anonymous on its own.
  7. When acting as a Data Processor or Data Sub-Processor Master international A/S delivers a software platform containing personal data on behalf of customers. In compliance with GDPR we protect these data from both unauthorized and employee access.
  8. Master international A/S ensures that all communication uses appropriate encryption technologies and certificates issued from a trusted provider.
  9. All access to the software platform is audited including rejected attempts.
  10. Master international A/S has processes for handling data security breaches
  11. Master international A/S has processes and systems ensuring availability of both system and data.
  12. Master international A/S ensures that development, testing and production environments are separated.
  13. Master international A/S has the necessary tools and processes to ensure that data is securely wiped before equipment is handed over to third parties or otherwise disposed of.
  14. Master International A/S ensures that all its Sub-Processors have documented and appropriate protection of personal data they process on our behalf.

Last updated: February 2025