DPR-1-1.1 What are the purposes of processing personal data?
Käyttäjän luoma kutsumanimi ja sähköpostiosoite kerätään palveluun kirjautumiseksi (sähköpostiosoite) sekä käyttäjän “tunnistamistarkoituksiin”, jotta hänet voidaan liittää ryhmän jäseneksi. HUOM: Käyttäjä voi nimetä itsensä haluamallaan tavalla ilman aitoa etunimii/sukunimi -yhdistelmää. Muut ryhmän jäsenet eivät näe käyttäjän sähköpostiositetta. Ryhmäadmin näkee käyttäjän sähköpostiosoitteen, jotta voi hallita ryhmän jäsenten rooleja, poistaa jäsenen ryhmästä.
The user-generated username and email address are collected for login (email address) and for "identification" purposes, so that the user can be associated with the group. NOTE: A user can choose to name themselves as they wish without a real first name/last name combination. Other members of the group will not see the user's email address. The group admin sees the user's email address in order to manage the roles of group members, remove a member from the group.
DPR-1-2.1 What role does the service provider give itself in terms of data security?
DPR-1-3.1 Do end users need to give consent for the processing of personal data related to the service?
DPR-1-4.1 Is it possible to make the name of the client organization and a link to its own privacy notice visible to users in the service?
DPR-1-5.1 Does the service provider have access to personal data stored by the client organization?
DPR-1-6.1 Does use of the service generate a register of which the service provider is a joint controller with the client organization?
DPR-1-8.1 Does the service provider have an up-to-date list of personal data sub-processors, including each sub-processor's name, location, processing purpose, and any transfer basis outside the EU/EEA?
DPR-1-9.1 Link to the list of sub-processors (if any)
DPR-1-10.1 Does the service provider or any of its sub-processors process personal data outside the EU/EEA?
DPR-1-11.1 If personal data is processed outside the EU/EEA area, on what grounds is personal data transferred?
DPR-1-12.2 Can personal data be transferred to third countries that are not considered safe?
DPR-1-13.1 In which countries are the service provider's servers located?
Suomi, Ruotsi, Ranska // Finland, Sweden, France
DPR-2-1.1 What personal data does the service provider process?
Käyttäjän itse luoma kutsumanimi ja sähköpostiosoite // User-created username and email address
DPR-2-2.1 Is the service also intended for processing special personal data (e.g. health data)?
DPR-2-3.1 Can the required and optional fields related to users be defined by the administrator?
DPR-2-4.1 Does the service provider provide users with comprehensive information about the processing of personal data in the service?
DPR-2-6.1 What procedures are in place to ensure that data is not used for other purposes?
Tiedonhallintaryhmä hyväksyy kaiken tietojen viennin ja/tai integroinnin kolmansien osapuolten järjestelmiin.
All data export and/or integration with third-party systems is approved by the data management team.
DPR-2-7.1 Does the service have a function for pseudonymizing personal data?
DPR-2-8.1 Can users be asked for separate consents for the processing of certain personal data (e.g., personal identification number or special personal data)?
DPR-2-9.1 Is data processed on a large scale in the service?
DPR-2-10.1 Can the service's functions involve profiling, scoring, or evaluating individuals?
DPR-2-11.1 Can the service involve the processing of location data?
DPR-2-12.1 Can the service define the retention periods for personal data or the criteria for determining them?
DPR-2-13.1 Can users' personal data be anonymized instead of deleted?
DPR-3-3.1 Is the scope and duration of personal data processing proportional to the intended benefits?
DPR-4-2.1 Can users see all the data stored about them?
DPR-4-3.1 Can users download or transfer the data they have stored to another service, or import data from another system?
DPR-4-4.1 How and when are personal data deleted?
Henkilötietoja ei poisteta automaattisesti. Yksityistiliä käyttävä käyttäjä voi poistaa oman tunnuksen itse ja organisaatiotunnukset poistetaan erillisten sopimusten mukaisesti.//Personal data is not automatically deleted. Users with a private account can delete their own ID themselves and organisational IDs are deleted under separate agreements.
DPR-4-5.1 If a data subject exercises their right to restrict the processing of their personal data, what technical means are used to ensure the implementation of the restriction?
Kaikki henkilötiedot poistetaan pyynnöstä. Kaikkia pyyntöjä seurataan.// All personal data is removed per request. All requests are tracked.
DPR-5-1.1 How is the accuracy of the processed personal data ensured?
Henkilötietoja ei muuteta erityisellä tietojenkäsittelytoiminnolla, ja ne näytetään sellaisenaan. // There is no specific data processing functionality that modifies personal data, and it is displayed “as is”.
DPR-6-1.1 Are automated decisions made in the service, and if so, on what basis?
DPR-6-2.1 How are data subjects informed about automated decision-making?
DPR-6-3.1 How are the conclusions related to the data subject that are based on automated decision-making described to them?