Edited on January 26th, 2024
Record of processing activities of personal data and rights of subjects
EU General Data Protection Regulation (GDPR) 679/2016
The controller and data protection officer
Eduix Ltd. (1059087-6)
Finlaysoninkuja 21 A
Representative of the controller
Data protection officer
Purposes of processing
Data is used to confirm that a notification of illegal content on an online platform was recieved and to inform the notifier about the decision if contact details were included in the notification.
Basis for the processing
Consent, EU 679/2016, Art. 6.1 a
The data subject has freely given specific, informed and explicit consent to the processing of personal data
Description of the categories of data subjects and categories of personal data
The notifier’s contact details
The groups to which personal data have been or will be disclosed
Designated processors of notifications
Information on the transfer of personal data to third countries or international organisations
Data is not transferred to third countries or international organizations.
Data storage times
Data is stored for 6 months after the notifier has been informed about the decision.
Description of technical and organisational security measures
The notification is sent through the E-lomake service by Eduix Ltd. Its technical and organisational security measures are described below.
Services are offered as SaaS (Software as a Service). The services are browser-based and they are used on servers that are administrated by the service provider.
The servers are located in a locked and access monitored data center in Finland.
Only designated persons are allowed to access the servers. Access to the service is restricted with personal user credentials, their designated user groups and permissions granted to the user groups.
Transfer of data between the service and the user is secured (https).
The service does not profile, score or assess persons.
The service does not process the location data of users.
The functions of the service must be carried out within the service. If a client transfers data outside the service by e-mail, printing etc., the client is responsible for securing any personal data involved.
Relevant logs about the use of the service are saved. Unsuccessful actions are saved in an error log that clearly shows the error type and the related data.
Logs are also stored in regards to users whose use permission has ended. Logs cannot be edited.
The service allows for storing data for the duration of its use. For long-term and permanent storage, the client must transfer or have the data transferred into an archive and remove data from the service.
Data are backed up daily. The service provider tests the backups to ensure that they are functional.
The service provider is responsible for the duty of confidentality of its employees.
The service provider allows a client to carry out monitoring and auditing.
The service provider has a designated data protection officer.
The service provider commits to announcing all data security breaches without delay.