LOGOMO PRIVACY POLICY
Privacy Policy
Privacy includes the protection of individuals’ private lives and other rights safeguarding personal privacy when personal data is processed.
The purpose of this Privacy Policy is to ensure that the rights of Logomo’s customers, employees, and other stakeholders regarding the use of their personal data are protected in accordance with legislation, and that the rights and obligations of the data controller and data processors are followed.
When implementing data protection, special attention is paid to the confidentiality of personal data, ensuring that unauthorized persons do not have access to the data, and that the data is not used in a way that harms the data subject.
This Privacy Policy serves as a tool for the organization’s data protection and risk management.
The Privacy Policy applies to all personnel within the organization, as well as to customers and partners.
The CEO of Logomo Oy is legally responsible for implementing actions required by the General Data Protection Regulation (GDPR) within the organization. The management team supervises the practical implementation of this policy. The Data Protection Officer manages and coordinates the enforcement of the up-to-date Privacy Policy.
The organization’s Privacy Policy supports the increase of data protection awareness, and Logomo’s risk management operates in accordance with this policy. Data protection practices are based on the Privacy Policy.
The processing of personal data is based on the data subject’s consent or another lawful basis defined by applicable law.
The accuracy of the data used is maintained, and the information is updated based on the data subject or other reliable sources.
Personal data is processed only for justified purposes and only to the extent and for the duration necessary for the intended purpose.
When the data is no longer necessary for its purpose, it is destroyed appropriately.
Data is used only for the purposes described at the time of collection and within the limits permitted by applicable legislation.
Data is disclosed only on the explicitly stated or legally defined basis and only to the explicitly stated or legally defined recipients.
Data may be transferred outside the country of the data controller’s establishment if the legislation applying to the relevant personal data register permits such transfers.
In such cases, all procedures required under the applicable laws of each jurisdiction are followed.
Access rights of personal data processors are up to date, justified, and documented.
Personal data is accessed only to the extent necessary for the documented purpose.
Reliable authentication mechanisms are used to identify and verify individuals who use systems containing personal data.
Communication connections in use are encrypted. Security features of the systems used are tested at regular intervals.
Facilities where systems are stored are physically protected, and protection is ensured against various failure situations, power outages, fires, and unauthorized access.
Procedures related to data subjects’ rights are documented, and all organizational staff members know how these rights are handled within the organization.
Data subjects’ rights regarding their personal data include:
· Right of access to their data
· Right to rectification
· Right to erasure (“right to be forgotten”)
· Right to data portability
· Right to object to processing, automated decision-making, and profiling