Via’s data protection statement
Data protection and processing personal data in Via’s client register
Via places a high emphasis on the privacy and data protection of clients and employees: we are committed to protecting the privacy of all personal data. We continuously promote both data protection and data security and develop our operations as necessary to improve these.
We provide information about data protection and the processing of personal data on our website, as well as to individual data subjects on request as needed. We have clearly defined how personal data is processed in our operations and we have drafted documentation on the processing of personal data, data protection and data security.
The documentation consists of three parts:
- internal documentation (such as definitions, guides and data security descriptions)
- public documentation (material published on the website)
- contractual attachments (data protection attachments of contracts relating to processing personal data).
We update our data protection documentation as needed and make a note of any changes in the public documentation on our website, always recording the date of any amendments.
Personal data is collected for various purposes, and different kinds of data are processed according to their different uses. This statement provides a detailed description of the data in our client register and the purposes of using it.
The data controller of the client register is Viittomakielialan Osuuskunta Via (business ID 1575244-0). You can find our contact details on our website, and you can contact us regarding data protection matters at email@example.com.
Definitions for processing personal data
We have analysed what processing personal data means and have defined it as the kind of data that is collected and recorded and for how long it is stored, among other things. Personal data is only processed and stored as needed, and all unnecessary data is erased. Personal data is stored for set times, taking into consideration other legislation and factors affecting the duty to store personal data.
Only people whose work tasks require them to process personal data have access to personal data, and their number is limited based on their job descriptions. Processing personal data is restricted within systems with the use of various roles enabling only the necessary personal data to be processed at any given instance. Personal data is processed based on principles of lawfulness, fairness and transparency, purpose limitation, minimisation of data, accuracy of data and confidentiality. These underlying principles are implemented on a practical level in all our operations, and we have trained our personnel to work according to them.
Personal data is processed based on the lawful basis of, for example:
- having a contractual relationship
- having a legitimate interest
- legal obligations.
Disclosure of personal data
Personal data is processed outside Via only by partners who are in a contractual relationship with Via. Contracts have specific clauses on data protection and processing personal data.
Personal data can be disclosed if required by law, or in situations in which the disclosure of data is necessary for the purposes of the interests and rights of the data subjects. Data is only disclosed using solutions that provide the necessary data security.
Data is not transferred outside the European Union or the European Economic Area unless transfer is immediately necessary, for example, for the technical implementation of a service. In such cases, the data controller is responsible for the level of data protection as required by legislation, and the data controller also ensures a high level of data protection by contracts.
Data protection expertise of our staff
Our staff receive regular training on data protection and processing personal data. We actively monitor data protection practises in our field and always maintain an adequate level of data protection expertise among our staff. The level of expertise necessary is defined by the role of each person, and if processing personal data is a significant part of their job tasks, expertise must be particularly strong.
We have analysed procedures involving processing personal data and have updated them according to the requirements of data protection legislation. In addition to processes, we have looked at technical solutions for both data protection and data security, and we have audited our data protection activities in terms of both procedures and technical solutions. Immediate action has been taken in any areas noted to be in need of development. We only use secure technologies, and we take data security into account in device management too.
Data protection, data security and the processing of personal data are all taken into account in contracts with subcontractors, as well as with partners in co-operation and contractual relationships, and we oblige all of them to fulfil our quality requirements.
Our staff have clear guidelines on how to handle manual documents containing personal data.
Rights of data subjects
Data subjects can avail themselves of all of their rights provided by the General Data Protection Regulation according to the instructions on the website. We react to information requests as soon as possible, and if, for some reason, we cannot implement the request within a month, we will inform those concerned immediately.
Purpose of the register
Personal data is only processed when necessary, and such cases have been predefined. Data in the register is processed for:
- maintaining client relationships
- organising interpreting, teaching and training
- signing in to, using and maintaining electronic services
- legal obligations
- implementing the rights of data subjects
Data contained in the register
Only personal data necessary for the purpose of use is processed in the register, which contains the following data:
- first and last name
- contact details (such as address, telephone number, email address)
- date of birth
- additional information provided by data subjects
- payment information
- start and end date of client relationship
- system signing in and identification data
- log data with detailed information on changes to the previously mentioned data.
Collecting personal data
Personal data is collected during client relationships and through the website. Log data is accrued from systems in conjunction with updates.
Protecting personal data
Databases containing personal data are protected with technical means, such as firewalls and passwords. They are stored in locked facilities and entry into the facilities is restricted. Manual archives are also stored in locked and restricted facilities. Technical solutions are maintained and updated regularly with automatic or manual updates. Virus protection is in place and any irregularities are reacted to, as are any irregularities picked up by the firewall.
We will always be happy to answer any questions pertaining to the processing of personal data. Current contact details are available on our website. We may update data protection materials on our website, so it is always best to check whether the answer to your question can be found on our website first.