First slide image

The following applies when using INNOMATE HR via cloud.

Data Processing Agreement

By accepting the Subscription Terms for the use of INNOMATE HR, you also agree to a Data Processing Agreement, 01.07.2024, in accordance with the provisions of the EU's General Data Protection Regulation and the corresponding Danish legislation. The Data Processing Agreement follows the Data Protection Authority's Standard Contractual Clauses.

INNOMATE's compliance with the Data Processing Agreement is subject to independent auditor review. The result of the most recent audit, which took place on 22.12.2023, can be found here: IT audit declaration, signed, IT audit declaration, original.

INNOMATE is working towards ISO 27001 certification, which our parent company 24SevenOffice allready has achieved.

IT security with us as your Data Processor

The management of INNOMATE is ultimately responsible for IT security and for continually establishing the necessary policies, procedures, and tools to support it.

The INNOMATE GDPR-group is operationally responsible for the ongoing updating, control, and documentation for compliance with IT security.

For example, IT security includes the following elements:


All access to personal data occurs according to instructions from the data controller (section 9.3). We practice this as follows:

  1. The instruction is general concerning the performance of tasks agreed with each customer regarding the delivery and operation of the HR-solution, including what is described in the underlying subscription agreement, and thus also includes regular system maintenance, which ensures consistency and operational reliability.
  2. Resolution of ordered tasks. As a general rule, ordering must be made and/or confirmed by the data controller via
  3. Support of data controllers generally only occurs after inquiry via

Access and Logging

  1. Access to customer databases is only possible with a personal login, which only authorized personnel possess.
  2. A log is kept of all access to and processing of personal data.


  1. All access to and transfer of personal data between the customer and INNOMATE takes place in a way that prevents unauthorized access to personal data. I.e., via a secure and encrypted connection.
  2. Data is physically secured on INNOMATE's servers and never on mobile devices.
  3. Personal data is routinely backed up.
  4. Access to the customer's personal data is limited to employees in INNOMATE who are approved by the management of INNOMATE A/S and who have signed a confidentiality agreement.


According to section 7 of the Data Processing Agreement, INNOMATE by 24SevenOffice is entitled to use sub-processors but is obligated to inform the data controller about the identity of these sub-processors.

INNOMATE A/S uses and has entered into data processing agreements with the following sub-processors:

Scannet29412006Højvangen 4, 8660 Skanderborg, DenmarkHosting of databases m.m.

Microsoft, Azure IE8256796UMicrosoft Ireland Operations Ltd, One Microsoft Place, South
County Business Park
Leopardstown Dublin 18, D18 P521 Ireland

Hosting of files (including attachments from Recruitment and employee file archives)
Jobnet 34616939Værkmestergade, 5, 8000 Aarhus, Denmark

Job postings
KMD/Charlie Tango ‎21029807Rosenvængets Allé 11, 2100 København, Denmark

Lunaweb Ltd., Germany branchUVAT ID: DE316913979Nördliche Münchner Str. 14A, 82031 Grünwald, Germany

Conversion of documents to PDF format.
Twoday A/S
29973334Gærtorvet 1, 1799 København V, Denmark

Addo Sign - Digital Signature
Google LLC
(from 01/07/2024)
EU372000041Gordon House, Barrow Street Dublin 4 Ireland

Google's reCAPTCHA service is used to distinguish between humans and bots to prevent spam in the job application form.
Amazon Web Services EMEA SARL
(from 01/07/2024)
LU2688861738 Avenue John F. Kennedy, L-1855, Luxembourg

Email sending
    According to INNOMATE's Data Processing Agreement, sub-processors are subject to the same data protection obligations and contractual conditions as INNOMATE by 24SevenOffice, including that personal data is stored within the EU/EEA.

    Security at the Customer as Data Controller

    INNOMATE HR is designed to support the EU's General Data Protection Regulation. The solution meets the requirement for data protection by design and by default, which means that access to personal data is protected so that only those who need it are granted rights to access specific data.

    Access to Personal Data

    Access to personal data is controlled by so-called permission rules, which follow the relations between users. Access can be defined down to the field level. The permissions are set up according to the customer's instructions.


    It is a fundamental principle in the EU's General Data Protection Regulation that it must be clear, for example, to an employee, what data a company stores about the individual. INNOMATE HR is designed so employees can access all data about themselves.

    Deletion of Data

    As soon as personal data are no longer relevant to the company, such data must be deleted. INNOMATE HR ensures through automated workflows when data is deleted. For example,

    • all information on an applicant is deleted no later than half a year after the receipt of the application,
    • parts of an employee's data are deleted when the individual has left the company - and the rest after 5 years.

    The rules for deletion are set up according to the data controller's instructions.

    Contact Us

    For questions, please feel free to contact Chief Information Security Officer Freddy Kristensen på

    2017 Innomate