2. DATA LIFECYCLE AND USAGE
Processing of personal data is based on the consent of the person concerned or on another ground defined by law. Personal data is only processed for a justified purpose and only to the extent necessary for the purpose. It is aimed at ensuring that the data used is accurate by updating it with data obtained from data subjects themselves or from trusted sources (such as authorities, etc.). When data is no longer needed for the purpose for which it was collected, it will be destroyed in an appropriate manner.
3. RESPONSIBILITIES AND ORGANISATION
The CEO is responsible for ensuring the implementation of data protection at TEK. Each manager is responsible for ensuring that the operations in their respective fields are performed in accordance with law and instructions. The CFO is responsible for IT system security.
A data protection officer (DPO) has been appointed for TEK. The DPO supports the organisation by guiding the management and personnel in matters related to data protection. In addition, function-specific data protection contact persons have been appointed. These contact persons make sure that the data and practices related to the implementation of data protection are up to date.
Each TEK employee must familiarise themselves with and command data protection instructions related to their duties.
TEK is in charge of data protection also when transferring personal data to a third party. Prior to such transfer, a written agreement containing the defined responsibilities and obligations of the parties will be concluded.
4. ENSURING DATA PROTECTION
Data protection matters are an integral part of the induction for new employees, and data protection practices are regularly communicated to the whole staff. All staff members sign an NDA concerning the person register.
All employees have been provided with and guided in general data protection instructions. In addition, function-specific personal data processing instructions have been compiled.
The use of information systems containing personal data is controlled with user management. Each user has their own username and password combination to enter the system. Log data is collected from all registers as separately provided for by law or otherwise using sufficient accuracy.
TEK information systems and the data contained in them are stored within the EU. Data is collected to databases that are protected by firewalls, passwords and other technical means. The databases together with their backups are stored in locked and guarded facilities. Only certain predetermined persons are entitled to access the data.
5. PROCEDURES IF DATA PROTECTION IS COMPROMISED
If it is suspected that data protection has been compromised, the case will be investigated immediately. In addition, the competent authority and the person(s) concerned will be informed where the data subject(s) interest so requires.
The personnel has been trained how to perform appropriate personal data processing and retention activities. If a member of the personnel compromises data protection by neglecting the code of practice, the matter will be handled using necessary sanctions or other measures.
6. COMMUNICATION TO TEK MEMBERS, EMPLOYEES AND COOPERATION PARTNERS
If you wish to make a data request, please send an e-mail to the TEK membership register using the subject “Data request”. We will contact you within 30 days of receiving the request. If the data request concerns specific data, please state that in your message. This will speed up handling the matter. The membership register e-mail address is jasenpalvelu(ät)tek.fi.