At Express, we always prioritize security with responsibility, precision, and confidentiality.

Our business is built on our customers’ trust – trust that we handle the data entrusted to us in accordance with the law, our internal guidelines, and our customers’ expectations. We protect your data through clear, transparent, and efficient processes, where both handling and access are always limited to what is strictly necessary to complete the task.

We do not take trust for granted – we earn it. That’s why we have established a solid foundation of policies, procedures, and controls that we consistently follow in our daily operations. Our efforts are continuously documented and validated through two annual ISAE 3000 Type II assurance reports conducted by Ernst & Young. At Express A/S, we know that trust begins with security. 

Data security

We host all our servers with Sentia in highly secured data centers located in Denmark. This ensures that your data always remains under Danish jurisdiction, where GDPR and data protection are an integral part of operations. 

All data exchange takes place exclusively via encrypted connections (SFTP) to prevent unauthorized access, and we only retain data for as long as necessary to complete the specific task.

Sikkerhed gennem enkelhed – færre led, færre risici.

• Data is deleted according to clearly defined and regularly reviewed procedures once the purpose has been fulfilled.
• Our IT infrastructure is built on simplicity, transparency, and security.
• Customer information is handled safely and securely every step of the way. 

GDPR and process

Each task is managed entirely within its own isolated environment on our servers. This separation applies throughout our entire infrastructure – from databases and file systems to internal processes and access management. In this way, we ensure that data from different clients or projects is never mixed or intersected, and that no information can be unintentionally accessed across tasks.

Det er en enkel og sikker metode, der reducerer kompleksitet og minimerer risikoen for fejl eller datalæk. Samtidig gør den det lettere at dokumentere og efterleve gældende krav til informationssikkerhed. Resultatet er en gennemsigtig og kontrolleret proces, hvor alle kundedata håndteres korrekt og i fuld overensstemmelse med GDPR.

GDPR and process

Each task is managed entirely within its own isolated environment on our servers. This separation applies throughout our entire infrastructure – from databases and file systems to internal processes and access management. In this way, we ensure that data from different clients or projects is never mixed or intersected, and that no information can be unintentionally accessed across tasks.

Det er en enkel og sikker metode, der reducerer kompleksitet og minimerer risikoen for fejl eller datalæk. Samtidig gør den det lettere at dokumentere og efterleve gældende krav til informationssikkerhed. Resultatet er en gennemsigtig og kontrolleret proces, hvor alle kundedata håndteres korrekt og i fuld overensstemmelse med GDPR.

Production

Production takes place in a security zone with physical access control, where only PET-cleared employees with a documented work-related need are granted access. 

We follow our core principle: simplicity creates security. Each task is handled completely separately – from printing and enveloping to delivery. For example, if we receive 811 letters, we deliver exactly 811 letters. This manual reconciliation, combined with the clear separation of tasks, allows us to document every single step of the process.

Resultatet er fuld sporbarhed og tryghed.

• You can trust that all data is handled correctly, securely, and without any risk of mix-up or unauthorized overlap.
• We never read, record, or store any personal data from any of the letters.
• Security through simplicity – because the most secure solution is often the simplest one.
• All processes are carried out under strictly controlled conditions.