Privacy statement

Coverage

This Privacy Statement explains Aplicom Oy’s information security and privacy practices, processes and technologies that Aplicom Oy uses to protect its customers’ data. This Privacy Statement applies to all customer information processing at Aplicom Oy.

Principles of data protection

Aplicom’s data protection principles include the disclosure of the legality and purpose of the processing of data, the disclosure of data collected and processed, the technical, administrative and physical protection of data, the lawful verification of data and the possibility of request for change. The Privacy Policy meets the requirements of the European Union’s Privacy Policy (GDPR).

Personal information registers and register descriptions

This Privacy Statement applies to all Aplicom’s registers that contain personal information. In those situations, where a registrant wants to see an accurate service-specific register description, it can be obtained by e-mail at dpo@aplicom.fi.

Tehcnical protection of registry information

Electronically processed personal data is technically protected by firewalls, passwords and other necessary technical means against external use. Data transfer between the customer and the supplier is essentially encrypted.

Databases and their backups are located in locked and secured spaces and data can only be accessed by certain pre-named persons.

Aplicom is carrying out internal and third-party evaluations, covering the technical safety of critical information systems, processes and guidelines on administrative data security and data protection.

Administrative protection of registers

Only individualised Aplicom employees and by commission employees of companies working for account of Aplicom have access to the information contained in the register on the basis of the individual rights granted. User access is monitored as part of access control. In particular, the privileges of the various system administrators are regularly checked and removed whenever the user no longer needs them. The access rights of employees who have left Aplicom will be removed at the end of the employment relationship for all systems.

Aplicom’s entire staff, and third parties acting on its behalf, have confidentiality in relation to all customer’s personal data. Employees handling information about the customer are trained with regular training in the work the legality of the making are an integral part of the training. The security and privacy awareness of Aplicom’s staff is regularly maintained in different ways.

Aplicom is carrying out internal and third-party evaluations, covering the technical safety of critical information systems, processes and guidelines on administrative data sexurity and data protection.

Physical protection of registry information

Customer data is processed in information systems that are located in a cloud computing center in Finland or in the European Union. In these forums, the CSE provider has certified safety practices, access control and control.

Registrants rights

In accordance with Articles 15-22 of the European Union’s Data Protection Regulation, the registrant has the right to:

  1. check the personal data
  2. correct the information
  3. delete data
  4. limit the processing
  5. transfer data about oneself from one system to another, which has been stored in Aplicom Oy’s information systems.

If a registrant wishes to check or change the information in Aplicom Oy’s personal data register, the registrant will have to make a request for verification or change of information to the registrar and the controller will perform the verification or change request for the data together with the personal data handler (Aplicom Oy). The registrar must then submit a written request for verification to the below mentioned e-mail address.

The request for inspection and change must identify the personal data that you want to inspect. The request must be sent to: dpo@aplicom.fi. The registrant may exercise his right to personal data provided by the Personal Data Act free of charge only once a year.

Practices for reporting security breaches

The notification will be made to the registrant by the registrar, if the security breach is likely to cause high risk to the registrant’s rights and freedoms. The announcement states the nature of the security breach and the actions taken as required by law.

The notification is made to the security authority within 72 hours of the disclosure if the breach of the privacy breach is likely to result in the risk to the rights and freedoms of a natural person. This notice explains the nature of the breach and the actions taken, as required by law.

Changing the Privacy Statement

Aplicom continually develops its business and reserves the right to change this privacy statement by notifying it in its electronic services and within other customer communication. The changes can be based on changes in legislation and the fulfillment of the following requirements.

Last changes

9.5.2018: First version of the Aplicom Privacy Statement

 

Subscribe to our newsletter

Contact us
Back to top