Edited on May 23rd, 2024
Record of processing activities of personal data and rights of subjects
EU General Data Protection Regulation (GDPR) 679/2016
The controller and data protection officer
Controller
Eduix Ltd. (1059087-6)
Hämeenkatu 17 A 16
33200 TAMPERE
info@eduix.fi
Privacy policy
Representative of the controller
Rami Heinisuo
rami.heinisuo@eduix.fi
Data protection officer
Sirpa Pajula
sirpa.pajula@eduix.fi
Purposes of processing
Data is used when responding to messages left on our accessibility feedback form.
Basis for the processing
Consent, EU 679/2016, Art. 6.1 a
The data subject has freely given specific, informed and explicit consent to the processing of personal data
Description of the categories of data subjects and categories of personal data
The notifier’s contact details if feedback was not left anonymously.
name
phone number
e-mail address
The groups to which personal data have been or will be disclosed
Designated processors that have access to the feedback form.
Information on the transfer of personal data to third countries or international organisations
Data is not transferred to third countries or international organizations.
Data storage
Personal data is stored until they are no longer needed for contacting the sender. After that they are deleted.
Description of technical and organisational security measures
The notification is sent through the E-lomake service by Eduix Ltd. Its technical and organisational security measures are described below.
Services are offered as SaaS (Software as a Service). The services are browser-based and they are used on servers that are administrated by the service provider.
The servers are located in a locked and access monitored data center in Finland.
Only designated persons are allowed to access the servers. Access to the service is restricted with personal user credentials, their designated user groups and permissions granted to the user groups.
Transfer of data between the service and the user is secured (https).
The service does not profile, score or assess persons.
The service does not process the location data of users.
The functions of the service must be carried out within the service. If a client transfers data outside the service by e-mail, printing etc., the client is responsible for securing any personal data involved.
Relevant logs about the use of the service are saved. Unsuccessful actions are saved in an error log that clearly shows the error type and the related data.
Logs are also stored in regards to users whose use permission has ended. Logs cannot be edited.
The service allows for storing data for the duration of its use. For long-term and permanent storage, the client must transfer or have the data transferred into an archive and remove data from the service.
Data are backed up daily. The service provider tests the backups to ensure that they are functional.
The service provider is responsible for the duty of confidentality of its employees.
The service provider allows a client to carry out monitoring and auditing.
The service provider has a designated data protection officer.
The service provider commits to announcing all data security breaches without delay.