Notification of illegal content on online platform: Privacy policy

The notification is sent through the E-lomake service by Eduix Ltd. Its technical and organisational security measures are described below.

• Services are offered as SaaS (Software as a Service). The services are browser-based and they are used on servers that are administrated by the service provider.

• The servers are located in a locked and access monitored data center in Finland.

• Only designated persons are allowed to access the servers. Access to the service is restricted with personal user credentials, their designated user groups and permissions granted to the user groups.

• Transfer of data between the service and the user is secured (https).

• The service does not profile, score or assess persons.

• The service does not process the location data of users.

• The functions of the service must be carried out within the service. If a client transfers data outside the service by e-mail, printing etc., the client is responsible for securing any personal data involved.

• Relevant logs about the use of the service are saved. Unsuccessful actions are saved in an error log that clearly shows the error type and the related data.

• Logs are also stored in regards to users whose use permission has ended. Logs cannot be edited.

• The service allows for storing data for the duration of its use. For long-term and permanent storage, the client must transfer or have the data transferred into an archive and remove data from the service.

• Data are backed up daily. The service provider tests the backups to ensure that they are functional.

• The service provider is responsible for the duty of confidentality of its employees.

• The service provider allows a client to carry out monitoring and auditing.

• The service provider has a designated data protection officer.

• The service provider commits to announcing all data security breaches without delay.