DPR-1-2.1 What role does the service provider give itself in terms of data security?
DPR-1-4.1 Is it possible to make the name of the client organization and a link to its own privacy notice visible to users in the service?
DPR-1-5.1 Does the service provider have access to personal data stored by the client organization?
DPR-1-6.1 Does use of the service generate a register of which the service provider is a joint controller with the client organization?
DPR-1-7.1 Is a personal data register of users generated for the service provider of which it is the controller?
DPR-1-8.1 Does the service provider have, for each sub-processor, an up-to-date list of sub-processors of personal data, which shows the name, location, processing purpose and possible grounds for transfer outside the EU/EEA area?
DPR-1-9.1 Link to the list of sub-processors (if any)
DPR-1-10.1 Does the service provider or one of its sub-processors process personal data outside the EU/EEA area?
DPR-1-11.1 If personal data is processed outside the EU/EEA area, on what grounds is personal data transferred?
DPR-1-12.1 Can personal data be transferred to non-secure third countries such as the United States?
DPR-2-1.1 What personal data does the service provider process?
DPR-2-2.1 Is the service also intended for processing special personal data (e.g. health data)?
DPR-2-3.1 Can the required and optional fields related to users be defined by the administrator?
DPR-2-4.1 Does the service provider provide users with comprehensive information about the processing of personal data in the service?
DPR-2-5.1 Does the service provider process personal data in accordance with data protection legislation?
DPR-2-6.1 What procedures are in place to ensure that data is not used for other purposes?
DPR-2-7.1 Does the service have a function for pseudonymizing personal data?
DPR-2-10.1 Is there profiling, scoring or evaluation of people in the functions of the service?
DPR-2-11.1 Are users' location data processed?
DPR-2-12.1 Can the service define the retention periods of personal data or its criteria?
DPR-2-13.1 Can users' personal data be anonymized instead of deleted?
DPR-3-1.1 Has the service provider identified, in its privacy policy, all personal data that is clearly related to the use of the service?
DPR-4-1.1 Does the service provider guarantee that the rights of the data subjects are realized in accordance with the EU General Data Protection Regulation (GDPR)?
DPR-4-4.1 How and when are personal data deleted?
Henkilötietoja ei poisteta automaattisesti. Yksityistiliä käyttävä käyttäjä voi poistaa oman tunnuksen itse ja organisaatiotunnukset poistetaan erillisten sopimusten mukaisesti.