The Most Secure Data Handling on the Market

At Xact by Ramboll, we take data security seriously. Our solutions are employed every day to gather substantial volumes of data concerning citizens, users, customers, colleagues, and other stakeholders.

As a result, data security is at the core of all our services.

We take pride in setting the industry standard for adhering to all relevant regulations governing the processing of personal data. In fact, the official Danish Data Protection Agency finds our security approach so reassuring that they are a customer of ours.

Handling of Sensitive Personal Data

Data security has always been a top priority, and we have been securely managing sensitive personal data long before GDPR became mainstream.
When you choose Xact by Ramboll, you receive a data processing agreement tailored to the data processing we undertake on your behalf — fully compliant with the EU's General Data Protection Regulation (GDPR).
In other words, opting for a solution from Xact by Ramboll means you’re guaranteed legal compliance.

We Assume Responsibility

While you are responsible for your own data, Xact by Ramboll takes on the responsibility for the actual data processing.
This means we are accountable for ensuring that your data is not accidentally or unlawfully destroyed, lost, altered, misused, accessed by unauthorized parties, or otherwise processed in violation of prevailing legislation.

Detailed Log and Access Control

Every action within our Xact systems is meticulously logged, allowing us to document every single operation performed by both users and our employees.
Our logging is so comprehensive that we can reconstruct a user-session at any time, providing an exact overview of the data a given user accessed during the process. And we do not grant access to your data to our support staff unless you have given explicit permission.
Furthermore, as an added layer of access control, our optional Two-Factor Login module can be utilized.

This enables you to keep unauthorized individuals out, even if your username and password fall into the wrong hands. If your Xact solution experiences repeated unsuccessful login attempts from the same username or IP address, the system automatically blocks further login attempts from that source.


No Access for Unauthorized Parties

In a world where criminals employ increasingly sophisticated methods, we dedicate all efforts to safeguarding your data against hackers and other curious entities.

Our servers are securely enclosed behind robust walls, automatically closing bolted doors, and advanced alarm systems with video surveillance.

Limited Access to the Operational Environment

Only a small group of Xact by Ramboll employees have access to the operational environment where your data is stored. All of them are authenticated and equipped with unique access credentials.

Hard Drive Erasure

When hard drives are replaced in the servers, they are securely wiped to prevent data from falling into the wrong hands.


System Enclosure

We consistently keep all software up to date. The entire system is securely enclosed by an effective firewall and antivirus protection, both of which are updated hourly.


Encrypted Communication

All communication from operational staff, developers, and administrators to the system is encrypted. The same applies to communication between users and the Xact platforms. This prevents external entities from intercepting data.

Vulnerability Testing

Regular penetration tests are conducted against the operational environment to identify any vulnerabilities and guarantee that the safeguards set in place actually guard it all safely.


High Availability and Redundancy

We maintain duplicates of everything — both data and equipment — ensuring constant access to your data. With a 99.5% uptime, we are nearly always accessible.



All systems essential for daily operations and secure data storage are designed with redundancies.

This means we have duplicates of everything, including emergency power supply units (UPS) with redundant backup and diesel generators, two separate power supplies to all servers, as well as mirroring of all hard drives, servers, and web servers.

We run constant backups of database changes, and once a day we perform a full backup to tape and a server located at a completely different address.


Monitoring and Alerting

The entire operational environment is continuously monitored by alarm systems, and operational staff are instantly alerted if any irregularities arise.

Force Majeure Preparedness

Not everything is within our control. However, we have a clear plan for safeguarding your data in case of unforeseen accidents and disasters.

Smoke, Fire, and Water Protection

All buildings are equipped with smoke, fire, and flood protection in the form of smoke sensors, fully automated fire suppression systems, and round-the-clock monitoring of power, water, and fire alarms.


Disaster Recovery Procedure

In the event of serious incidents such as natural disasters, fires, or terrorist attacks, we have a disaster recovery plan in place to restore all systems within 24 hours, ensuring your data is secure once again.


Third-Party Verification

We have entered into an agreement with the auditing firm PwC, which regularly reviews our IT security. The annual audit statement from PwC serves as your assurance that we are taking excellent care of your data. 

We continually optimize processes, management, monitoring, leadership, and values, and we meet the requirements of the ISO 9001 standard.

Do you want to know more?

You are welcome to contact Stakeholder Intelligence’s manager, Ivan Dalsgaard Sørensen, if you want to know more about how you can increase the accessibility of your surveys.


Ivan Dalsgaard Sørensen


+45 51 61 78 22