Neste has appropriate technical measures and organizational security policies and procedures in place to protect personal data and information from loss, misuse, alteration, or destruction.
Every employee and contractor in Neste is subject to an information security policy that is supplemented with more detailed instructions. Access to systems and applications used for personal data processing are limited to personnel who need the data for carrying out their job tasks.
Where Neste engages third parties to host electronic data on its behalf, Neste requires them to meet comprehensive information security requirements.
When personal data processing involves manual processing, it is done in premises accepted for such use. These premises are protected with sufficient physical measures, such as access control systems and camera surveillance.