Uudenmaan Koulutuskeskus Oy's data protection principles include the disclosure of the legal basis and purpose of data processing, the reporting of data collected and processed, the technical, administrative and physical protection of data, lawful verification of data and the possibility to request changes.
Uudenmaan Koulutuskeskus Oy does not process personal data on behalf of other data controllers.
Electronically processed data contained in the register are technically protected by firewalls, passwords and other technical means generally accepted in the field of information security. Data transfer between the customer and Uudenmaan Koulutuskeskus SSL (Secure Socket Layer) technology is encrypted between Oy. The data is backed up regularly and the backups are stored in a different location than where the primary data is located. Uudenmaan Koulutuskeskus Oy carries out internal and third-party assessments covering both the technical security of critical information systems.
Only for identified Uudenmaan Koulutuskeskus Employees of Oy and Uudenmaan Koulutuskeskus Employees of companies acting on behalf and on behalf of Oy have access to the data contained in the register on the basis of separately granted access rights. User permissions are regularly monitored and the creation of dangerous combinations of licenses is prohibited in the access management policy. In particular, access rights for administrators of different systems are regularly reviewed and removed when the user no longer needs them. Uudenmaan Koulutuskeskus The rights of employees who have left Oy will be removed from all systems at the end of the employment relationship.
Whole Uudenmaan Koulutuskeskus Oy's personnel, and external persons acting on its behalf, have a duty of confidentiality in relation to all Uudenmaan Koulutuskeskus Oy's customer and personal data. Confidentiality is recorded Uudenmaan Koulutuskeskus Employment contracts of Oy's personnel, including sanctions. Confidentiality is enshrined in agreements with third parties, including sanctions.
Uudenmaan Koulutuskeskus Employees processing information about Oy's customers are trained through regular trainings, where the legality criteria for working are an integral part of the training. Uudenmaan Koulutuskeskus The information security and data protection information of Oy's personnel is regularly maintained in different ways: by organising both regular information campaigns on data security and data protection for all company personnel, and by organising mandatory data security and data protection training for employees each year, in order to pass the employee's test of the topic. Uudenmaan Koulutuskeskus Oy is a information security policy that every new employee goes through when they start their work Uudenmaan Koulutuskeskus Ltd. The existence and location of information security policy are communicated in regular information security trainings and remind employees of the bindingity of that policy. The information security policy describes general rules on data security and data protection that are binding on the employee, whether they are technical rules, security processes or practices and guidelines suitable for everyday work.
Customer data is processed in information systems located in a data center in cloud services located in Finland or the European Union. In data centers located in Finland, the most important production systems have been doubleed into two physically separated data centers to ensure safety, data preservation and continuity of service in normal and exceptional situations. These data centres use safety practices, access management and supervision certified by the service provider.
The manually maintained materials are located in premises where access to unsubsent data is prevented by access control and video surveillance is in place at the main premises to investigate and verify possible physical security breakdowns.
In accordance with Articles 15-22 of the European Union Data Protection Regulation, the data subject is entitled to:
information about him or her that has been stored about him or her Uudenmaan Koulutuskeskus Oy's information systems. The exercise of some data subjects' rights is restricted by another mandatory legislation on the basis of which: Uudenmaan Koulutuskeskus Oy has the right and obligation to rightly refuse to rectify, delete, restrict or transfer data from one system to another. An example of such legislation is, for example, the Accounting Act, which determines the retention of supporting rights related to payroll, regardless of the rights imposed by the data subject in the GDPR.
In situations where the data subject wishes to inspect or change his/her data Uudenmaan Koulutuskeskus data belonging to the register owned by the customer of Oy, the data subject must make a request for verification or modification of the data to the controller, and the controller will carry out the implementation of the request for verification or modification of the data together with the processor Uudenmaan Koulutuskeskus With Oy. In this case, the controller must address the written inspection request to the email address mentioned below.
The request for verification and amendment shall identify the personal data that you want to check and provide the name of the register of the request. The request must be sent by e-mail to: info @ koulutuskeskus .com. The data subject may exercise his or her right to personal data provided for in the Personal Data Act free of charge only once a year.
Notification to the data subject is made by the controller if the data protection breach is likely to pose a high risk to his or her rights and freedoms. The notification describes the nature of the data protection breach and the measures taken, as required by law.
In cases where a data protection breach is Uudenmaan Koulutuskeskus personal data covered by a personal data register owned by a customer of Oy, must be Uudenmaan Koulutuskeskus The customer of Oy is responsible for informing the data subjects. A notification to the controller is made without undue delay of the disclosure of the data protection breach. The notification describes the nature of the data protection breach and the measures taken, as required by law.
Notification to the information security authority is made within 72 hours of disclosure as defined by law, if the data protection breach is likely to pose a risk to the rights and freedoms of the natural person. The notification describes the nature of the data protection breach and the measures taken, as required by law.