About data protection
Personal data refers to all data connected to a natural person that can be used directly or indirectly for their identification, i.e. a person’s name, their location or online credentials. Data protection defines how the personal data can be handled and how that data has to be protected. Therefore, data protection encompasses how a natural person’s privacy and related privileges, rights and freedoms are secured during the processing of their personal data.
The basic principles of data protection have been based on, among other things, the rules, guidelines and standards governing national data protection, personal data registries, and good data management practices and quality. However, the General Data Protection Regulation (GDPR) has unified the regulations concerning these practices within the EU area.
Data protection is an essential part of information security. It is a necessary component to ensure information confidentiality and the operation and collaboration of organizations.
Data protection at Expak
Expak Systems Oy (later referred to as Expak) is a Finnish company, with legal entities, business processes and technical systems that cross national borders. We deliver application and services to both public and private companies in Europe. Our headquarters are in Helsinki, Finland, and we apply European data protection laws, including the new General Data Protection Regulation (GDPR).
Data protection is an integral part of the Expak service. Client data protection has always been a priority us and maintaining your trust is a prerequisite to our operations. We are committed to ensuring the confidentiality and data protection of personal data in our possession. All decisions regarding the privacy are done on a corporate level. The point of contact regarding data protection and privacy is the CEO of our company. The use of data and the systems are monitored and the misconducts are immediately dealt with.
Using the Expak app to manage your data means that you have engaged Expak as a data processor to carry out certain processing activities on your behalf. Therefore, EXPAK acts as the Personal Data processor defined in the Data protection’s regulatory framework and the Client as the registrar. Additionally, Expak acts as the data controller for the personal data we collect about you, the user of our web app and website.
Factors governing data protection
Personal data processing is about privacy, data protection and good data processing practices. The subsequent principles are followed:
- lawfulness, fairness and transparency
- data minimization
- restricting storage
- uniformity and confidentiality
The rights and responsibilities of the registrar
Expak guarantees the registered the rights outlined in the data protection regulation: that personal data is processed according to the appropriate measures and that data protection is an integral part of the planning of new procedures. Processing of personal data is purposeful. We will define in advance the uses of personal data.
The company plans and develops data protection. According to our reposting and informing obligation we compile and deliver the necessary company data protection documentation to our clients, partners and authorities.
We also implement the necessary technical and organizational procedures to ensure and show, that processing is done according to regulations. These processes are reviewed and updated when needed.
Data protection documentation for Expak Systems Oy
Processing your personal data is our privilege based on our requirements.
You can read more about our data protection policies in this document [PDF file]