Edited on May 23rd, 2024

Record of processing activities of personal data and rights of subjects

EU General Data Protection Regulation (GDPR) 679/2016

The controller and data protection officer

Eduix Ltd. (1059087-6)
Hämeenkatu 17 A 16
Privacy policy

Representative of the controller
Rami Heinisuo

Data protection officer
Sirpa Pajula

Purposes of processing

Data is used to confirm that a notification of illegal content on an online platform was recieved and to inform the notifier about the decision if contact details were included in the notification.

Basis for the processing

Consent, EU 679/2016, Art. 6.1 a

  • The data subject has freely given specific, informed and explicit consent to the processing of personal data


Description of the categories of data subjects and categories of personal data

The notifier’s contact details

  • name

  • organization

  • e-mail address

The groups to which personal data have been or will be disclosed

Designated processors of notifications

Information on the transfer of personal data to third countries or international organisations

Data is not transferred to third countries or international organizations.

Data storage times

Data is stored for 6 months after the notifier has been informed about the decision.

Description of technical and organisational security measures

The notification is sent through the E-lomake service by Eduix Ltd. Its technical and organisational security measures are described below.

  • Services are offered as SaaS (Software as a Service). The services are browser-based and they are used on servers that are administrated by the service provider.

  • The servers are located in a locked and access monitored data center in Finland.

  • Only designated persons are allowed to access the servers. Access to the service is restricted with personal user credentials, their designated user groups and permissions granted to the user groups.

  • Transfer of data between the service and the user is secured (https).

  • The service does not profile, score or assess persons.

  • The service does not process the location data of users.

  • The functions of the service must be carried out within the service. If a client transfers data outside the service by e-mail, printing etc., the client is responsible for securing any personal data involved.

  • Relevant logs about the use of the service are saved. Unsuccessful actions are saved in an error log that clearly shows the error type and the related data.

  • Logs are also stored in regards to users whose use permission has ended. Logs cannot be edited.

  • The service allows for storing data for the duration of its use. For long-term and permanent storage, the client must transfer or have the data transferred into an archive and remove data from the service.

  • Data are backed up daily. The service provider tests the backups to ensure that they are functional.

  • The service provider is responsible for the duty of confidentality of its employees.

  • The service provider allows a client to carry out monitoring and auditing.

  • The service provider has a designated data protection officer.

  • The service provider commits to announcing all data security breaches without delay.

Rights of the data subject

Skip to content