Security Measures AS Fair

This document entails the technical and organizational security measures implemented by ArtSolution in support of its (Processing) activities, as set forth by the Privacy Legislation.


Access Control of Processing Areas (Physical)

Web applications, communications and database servers of ArtSolution are located in a secure data center in Belgium operated by KPN.


Access Control to Personal Data Processing Systems (Logical)

ArtSolution has implemented suitable measures to prevent its Personal Data Processing systems from being used by unauthorized persons.

This is accomplished by:

  • Establishing the identification of the terminal and/or the terminal user to the ArtSolution systems;
  • Automatic time-out of user terminal if left idle. Identification and password required to reopen;
  • Automatic lock out of the user ID when several erroneous passwords are entered. Events are logged and logs are reviewed on a regular basis;
  • Utilizing firewall, router and VPN-based access controls to protect the private service networks and back-end-servers;
  • Ad hoc monitoring infrastructure security;
  • Regularly examining security risks by internal employees and third party auditors;
  • Issuing and safeguarding of identification codes;
  • Role-based access control implemented in a manner consistent with principle of least privilege.
  • Access to host servers, applications, databases, routers, switches, etc., is logged;
  • ArtSolution also uses commercial and custom tools to collect and examine its platform and system logs for anomalies.


Transmission Control

ArtSolution has implemented suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.

This is accomplished by:

    • Use of adequate firewall and encryption technologies to protect the gateways and pipelines
    • through which the data travels;
    • Sensitive Personal Data is encrypted during transmission using up to date versions of TLS or
    • other security protocols using strong encryption algorithms and keys;
    • Protecting web-based access to account management interfaces by employees through
    • encrypted TLS
    • End-to-end encryption of screen sharing for remote access, support, or real time communication.


Input Control

ArtSolution has implemented suitable measures to ensure that it is possible to check and establish whether and by whom Personal Data have been input into Personal Data Processing systems or removed.

This is accomplished by:

  • Authentication of the authorized personnel;
  • Protective measures for Personal Data input into memory, as well as for the reading, alteration and deletion of stored Personal Data, including by documenting or logging material changes to account data or account settings;
  • Segregation and protection of all stored Personal Data via database schemas, logical access controls, and/or encryption;
  • Utilization of user identification credentials;
  • Physical security of data processing facilities;
  • Session timeouts.



ArtSolution does not access Personal Data of the Customer, except

  • To provide the required services under the agreement with the Customer;
  • In support of its Customer experience;
  • As required by law; or
  • Upon request by of the Customer;


This is accomplished by:

  • Individual appointment of system administrators;
  • Adoption of suitable measures to register system administrators’ access logs to the infrastructure