DPR-1-1.1 What are the purposes of processing personal data?
DPR-1-2.1 What role does the service provider give itself in terms of data security?
DPR-1-3.1 Do end users need to give consent for the processing of personal data related to the service?
DPR-1-4.1 Is it possible to make the name of the client organization and a link to its own privacy notice visible to users in the service?
DPR-1-5.1 Does the service provider have access to personal data stored by the client organization?
DPR-1-6.1 Does use of the service generate a register of which the service provider is a joint controller with the client organization?
DPR-1-8.1 Does the service provider have an up-to-date list of personal data sub-processors, including each sub-processor's name, location, processing purpose, and any transfer basis outside the EU/EEA?
DPR-1-9.1 Link to the list of sub-processors (if any)
DPR-1-10.1 Does the service provider or any of its sub-processors process personal data outside the EU/EEA?
DPR-1-11.1 If personal data is processed outside the EU/EEA area, on what grounds is personal data transferred?
DPR-1-12.2 Can personal data be transferred to third countries that are not considered safe?
DPR-1-13.1 In which countries are the service provider's servers located?
DPR-2-1.1 What personal data does the service provider process?
DPR-2-2.1 Is the service also intended for processing special personal data (e.g. health data)?
DPR-2-3.1 Can the required and optional fields related to users be defined by the administrator?
DPR-2-4.1 Does the service provider provide users with comprehensive information about the processing of personal data in the service?
DPR-2-6.1 What procedures are in place to ensure that data is not used for other purposes?
DPR-2-7.1 Does the service have a function for pseudonymizing personal data?
DPR-2-8.1 Can users be asked for separate consents for the processing of certain personal data (e.g., personal identification number or special personal data)?
DPR-2-9.1 Is data processed on a large scale in the service?
DPR-2-10.1 Can the service's functions involve profiling, scoring, or evaluating individuals?
DPR-2-11.1 Can the service involve the processing of location data?
DPR-2-12.1 Can the service define the retention periods for personal data or the criteria for determining them?
DPR-2-13.1 Can users' personal data be anonymized instead of deleted?
DPR-3-3.1 Is the scope and duration of personal data processing proportional to the intended benefits?
DPR-4-2.1 Can users see all the data stored about them?
DPR-4-3.1 Can users download or transfer the data they have stored to another service, or import data from another system?
DPR-4-4.1 How and when are personal data deleted?
Henkilötietoja ei poisteta automaattisesti. Yksityistiliä käyttävä käyttäjä voi poistaa oman tunnuksen itse ja organisaatiotunnukset poistetaan erillisten sopimusten mukaisesti.
DPR-4-5.1 If a data subject exercises their right to restrict the processing of their personal data, what technical means are used to ensure the implementation of the restriction?
DPR-5-1.1 How is the accuracy of the processed personal data ensured?
DPR-6-1.1 Are automated decisions made in the service, and if so, on what basis?
DPR-6-2.1 How are data subjects informed about automated decision-making?
DPR-6-3.1 How are the conclusions related to the data subject that are based on automated decision-making described to them?