Security & Compliance

This page outlines how Vialumina approaches security, data protection, and regulatory compliance across our products and operations.

Our approach to data security and regulatory compliance 

At Vialumina, data security and compliance are integral to how we design, build, and operate our platform. 
We support organizations in managing fleet, charging, and energy data in a secure, controlled, and compliant manner aligned with applicable regulations and industry best practices. 

This page provides an overview of how we approach security, privacy, and compliance across our products and operations. 

1. Governance and responsibility 
Vialumina has established internal policies and processes to ensure responsible handling of data and continuous oversight of security and compliance practices. 
Clear ownership of data protection and security responsibilities 
Internal access control policies 
Regular review of security practices and operational risks 
Alignment between product, engineering, and operations teams 
Security and compliance are treated as ongoing processes, not one-time activities. 

2. Data protection and privacy 
Vialumina processes personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). 
Personal data is processed lawfully, fairly, and transparently 
Data is collected for specified and legitimate purposes only 
Data minimization principles are applied 
Personal data is retained only as long as necessary 
Details on how personal data is processed, including data subject rights, are available in our Privacy Policy. 

3. Data hosting and infrastructure 
Primary data processing takes place within the EU/EEA 
Infrastructure is hosted in secure, professionally managed environments 
Logical and physical safeguards are applied to protect systems and data 
Where third-party infrastructure providers are used, Vialumina ensures appropriate contractual and technical safeguards are in place. 

4. Access control and authentication 
Access to systems and data is restricted based on role and business need. 
Role-based access control (RBAC) 
Principle of least privilege 
Controlled onboarding and offboarding of users and employees 
Administrative access restricted to authorized personnel 
Access rights are reviewed regularly. 

5. Encryption and data security measures 
Vialumina implements technical measures to protect data throughout its lifecycle, including: 
Encryption of data in transit using industry-standard protocols 
Encryption of data at rest where appropriate 
Secure key management practices 
Segregation of environments where applicable 
Security controls are designed to reduce the risk of unauthorized access, disclosure, or alteration of data. 

6. Monitoring, logging, and incident management 
Vialumina maintains processes for detecting, responding to, and managing security incidents. 
System monitoring and logging 
Procedures for identifying and assessing security events 
Incident response processes to contain, investigate, and remediate issues 
Notification processes aligned with applicable legal requirements 
Security incidents are handled according to defined internal procedures.

7. Third-party and supplier management 
Vialumina may engage trusted third-party providers to support delivery of its services (e.g. hosting, analytics, support tools). 
All suppliers are assessed based on relevance and risk 
Data processing agreements are in place where required 
Suppliers are required to implement appropriate security measures 
Access to data is limited to what is necessary 
Vialumina does not sell customer data to third parties. 

8. International data transfers 
Personal data is primarily processed within the EU/EEA. 
Where data is transferred outside the EU/EEA, Vialumina ensures that appropriate safeguards are applied, such as the European Commission’s Standard Contractual Clauses (Article 46 GDPR), together with supplementary technical and organizational measures where required. 

9. Compliance and regulatory alignment 
Vialumina aligns its security, privacy, and operational practices with applicable regulatory and contractual requirements, including:
The EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
Customer-specific contractual and data protection obligations.
Industry best practices for information security and risk management.

Formal certifications (such as ISO 27001 or SOC 2) may be pursued as organizational maturity and customer requirements evolve.
Vialumina currently operates in alignment with recognized industry standards and implements controls and processes appropriate to the nature, scope, and risk of its services.

10. Customer responsibilities and shared security model 
Security is a shared responsibility. 
Customers are responsible for: 
Managing user access and permissions 
Protecting login credentials 
Using the platform in accordance with applicable laws and agreements 
Vialumina provides the technical and organizational foundation to support secure usage of the platform. 

11. Transparency and continuous improvement 
Vialumina continuously evaluates and improves its security and compliance practices in line with evolving threats, regulatory requirements, and customer expectations. 
This page may be updated as practices, technologies, or regulations change. 

12. Contact 
For questions related to security, data protection, or compliance, please contact: 
support@vialumina.se 
For information about how personal data is processed, please refer to our Privacy Policy


Footer disclaimer 
Security and compliance practices may vary depending on deployment, configuration, and customer requirements.