Deploy on infrastructure with ISO 27001 controls, EU residency, and transparent operations.
Security

Security controls you can verify before migration

Deploy on infrastructure with ISO 27001 controls, EU residency, and transparent operations.

Run production workloads on our infrastructure.

Customer data stays in our two Danish data centers, not in third-party public cloud regions.

We operate the physical facilities, network, and platform security controls.

European flag

Hosted in EU data centers

ISO Logo

ISO 27001 Certified

Deploy on infrastructure with ISO 27001 controls, EU residency, and transparent operations.

Security is fundamental to your business operations, and we've got you covered. We've implemented comprehensive security measures and adhere to the highest industry standards. Our state-of-the-art data centers in Denmark feature multiple layers of physical and digital security to keep your data safe.

Our commitment to security is evident in our adherence to internationally recognized standards and regulations. We continuously monitor and update our security protocols to address emerging threats and vulnerabilities, ensuring your deployments remain secure and compliant.

By choosing Asergo, you can trust that your server deployments are in a secure environment, allowing you to focus on your core business activities with peace of mind.

The Asergo Team

ISO Certification

ISO/IEC 27001:2022 in production terms

Asergo is certified to ISO/IEC 27001:2022. Scope includes asset inventory, access control, change handling, incidents, backups, and supplier risk.

You can map these controls to your internal policies before migration.

More about ISO 27001

Statement of Applicability (SOA)

The SOA lists applied Annex A controls, implementation status, and exclusions.

Organizational Controls

Comprehensive policies for information security

Roles and responsibilities defined

Segregation of duties implemented

Threat intelligence monitoring

People Controls

Rigorous employee screening

Comprehensive security training

Clear terms and conditions of employment

Disciplinary processes for security violations

Confidentiality agreements enforced

Physical Controls

Secure physical perimeters

Controlled physical entry

Secure offices and facilities

Protection against physical and environmental threats

Technological Controls

User endpoint security

Privileged access rights management

Information access restrictions

Protection against malware

Single operator across infrastructure and incidents

Asergo operates hardware, network, and platform, and handles infrastructure recovery without cross-vendor escalation.

Security controls are applied where workloads run

Physical access, network policy, and platform controls are managed by the same operations function.

Data residency and compliance stay in one Danish scope

Customer data and operational responsibility remain in Denmark, which helps narrow GDPR audit scope.

Core operations avoid public cloud control planes

Day-to-day operations run without third-party cloud control-plane dependency, reducing external coordination overhead.

Platform configuration, on your request

Platform settings can be adjusted when workload constraints do not fit standard defaults.

Supplier Autonomy

Infrastructure operated by Asergo, not a public cloud vendor

Asergo operates the infrastructure layer directly. Core operations do not depend on third-party cloud control planes.

That gives clear ownership in incidents, changes, and compliance reviews.

Read more about our infrastructure

GDPR Compliance

Your Data, Your Rights

Asergo is GDPR Compliant. We prioritize the protection of your data. The EU General Data Protection Regulation (GDPR) is a data privacy law implemented by the European Union. Effective from May 25, 2018, it is one of the world's leading data privacy legislations. GDPR aims to honor the privacy of persons residing in the EU by protecting their:

Right to access

Right to rectification

Right to erasure

Right to restriction of processing

Right to data portability

Right to object

Right to avoid automated decision-making

Our GDPR Roles: Your Trust, Our Responsibility

Data is essential for running Asergo's services and critical for the safety of our services and users. This policy explains what information we collect, why we collect it, and how we use it. We make legal and binding contractual commitments available to customers through a Data Processing and Confidentiality Agreement compliant with GDPR. If your company collects, stores, or analyzes European residents' personal data, GDPR provisions require you to use a compliant third-party Data Processor, like Asergo, as your hosting provider.

To achieve GDPR compliance, we have implemented appropriate technical and organizational measures. These include internal data protection policies such as staff training, internal audits of processing activities, and internal policy reviews. Our appointed Data Protection Officer (DPO) maintains relevant documentation on processing activities. We implement measures that meet the principles of data protection by design and data protection by default, including data minimization, pseudonymization, and transparency.

Easy Guide: Data Hosting in the EU vs. Abroad

  • GDPR does not mandate EU-only data storage: The GDPR does not require personal data to be physically stored exclusively in the EU. However, it strictly regulates transfers of personal data outside the European Economic Area (EEA).
  • Chapter V of the GDPR applies to all cross-border transfers: Chapter V of the GDPR (Articles 44–50) applies whenever personal data is transferred to or processed in a third country, ensuring the same level of protection as within the EU.
  • The Schrems II ruling changed the game: The Schrems II ruling invalidated the EU–US Privacy Shield. This means organizations must now conduct Transfer Impact Assessments (TIAs) and implement supplementary measures, such as encryption, for transfers to the US or other non-adequate countries.
  • Adequacy decisions allow transfers to select countries: Adequacy decisions permit transfers to countries deemed to provide equivalent data protection, such as Switzerland, Japan, and the UK. Notably, the US is not on this list.
  • EU-only hosting eliminates transfer risks: EU-only hosting where data is stored and processed within the EU by an EU owned provider eliminates the need for SCCs, TIAs, or supplementary measures. This approach reduces legal risk and compliance burden significantly.
  • Data residency and jurisdiction are not the same: Data residency (where data is stored) and jurisdiction (which laws apply) are distinct concepts. Even if data is stored in the EU, a US owned provider may still be subject to US surveillance laws like the CLOUD Act or FISA Section 702.
  • Third country transfers carry significant risks: Third country transfers introduce risks such as foreign surveillance access, complex documentation requirements, legal uncertainty, procurement restrictions, and loss of user trust.
  • Regulated sectors demand EU-only hosting: For regulated sectors like healthcare, education, and the public sector, as well as EU funded projects, EU-only hosting is often a requirement to ensure compliance and avoid disqualification from tenders.
  • EU hosted providers streamline compliance: Choosing an EU hosted and EU owned provider simplifies compliance, speeds up procurement, and aligns with the expectations of privacy sensitive organizations.
  • Asergo sets the standard: Asergo is an example of a platform designed to meet EU data protection standards by hosting all data and operations exclusively within the EU under EU jurisdiction.

FAQ

Frequently Asked Questions

Here are some of the most frequently asked questions about Asergo. If you have any other questions, please contact us.