Data protection in Innoflame Oy’s operations
In spring 2018, Innoflame Oy prepared a data balance sheet in cooperation with an external partner. The data balance sheet consists of an assessment of the present situation and of an action plan. Implementation of the measures specified in the action plan to enhance data protection and information security and to develop operations were started immediately.
Innoflame Oy has defined personal data and personal data processing in its operations. Innoflame Oy is the controller of several registers. The information content of these registers varies. Innoflame Oy has prepared principles and data protection practices that are applied to all personal data. In addition, the following has been specified separately for each register:
- What is meant by personal data in the register
- Who processes data contained in the register
- Where is the register stored
- Who is responsible for the register
- Lifecycle of personal data
Data is collected in a regular manner in connection to customer relations and transactions completed in the online store, through various contractual relations, and in the form of modification and log data collected automatically from the systems.
Personal data processing is a vital part of Innoflame Oy’s activities, for which reason the company has appointed a data protection officer. The data protection officer is supported by an external expert in his or her tasks.
Innoflame Oy mainly distributes information to data subjects through its website, where privacy statements and instructions relating to the rights of data subjects are always available. An operating model has been prepared to ensure that the rights of data subjects are always available. An operating model has been prepared to ensure that the rights of data subjects are fulfilled.
Data protection is considered in partnerships, customer relations, and all contractual relations, where personal data is processed. Innoflame Oy requires that its partners have privacy statements or data protection annexes in all contracts.
Information security is observed both on a technical level and in operating models. Only secure solutions are used for personal data processing, and the systems and operating models are kept up-to-date in terms of information security.
Data protection and information security are also observed in physical security solutions, and it is ensured in everyday activities that unauthorised persons have no access to personal data or premises where personal data is processed.
Personal data is stored within the EU and no personal data is conveyed outside the EU except for direct and compelling reasons. These situations are always addressed separately and the concerned parties are informed of it where required.
Processing of personal data as part of Innoflame’s operations is monitored and any deviations are reacted to. An operating model has been prepared for security breaches.
Innoflame Oy’s management is familiar with information security matters and has prepared operating models for observing data protection in the company’s operations. A risk assessment has also been completed and analysed. A continuous operating model has been created for analysing the risks. The model ensures the high quality of data protection, information security, and personal data processing in every day work.
Innoflame Oy fulfils the accountability liability of a controller by means of documents and descriptions.