10 PERSONAL DATA – NATURE AND PURPOSE OF THE PROCESSING
Supplier processes customers personal data to provide web services to the customer, that belong to the
InstaaAudit SaaS product, such as mobile reporting, training registry, chemical registry and elearning.
Included in the providing the service is developing new services and products and marketing to the
11 PERSONAL DATA – TYPE OF PERSONAL DATA AND CATEGORIES OF DATA SUBJECTS
The type of personal data and category(ies) of data subjects are specified as follows:
1. InstaAudit-platform customer/pilot companies employees
2. InstaAudit-platform customer/pilot companies employees (insurance integration feature enabled)
3. Users that conduct elearnings
From all users following personal data can be stored
• Location at city-level, deducted from the IP-address
• Browser and OS used
• Time stamps from logging activity
In addition, the following personal data can be stored from the 2. group:
• Social security number
• Phone number
• Home address
• Insurance number
• Accident information
In addition, the following personal data can be stored from the 3. group:
• Data from the performed elearnings, such as duration, score, question level answers to the elearning
questions with time stamps.
14 PERSONAL DATA – DETAILED RIGHTS AND OBLIGATIONS OF CUSTOMER AS DATA CONTROLLER
Customers obligation is to ensure, that no sensitive data, as defined in GDPR/art9, or personal data from
minors (children) are inputted to their InstaAudit account.
15 PERSONAL DATA – SUBJECT-MATTER AND DURATION OF PROCESSING
The subject-matter of personal data is the InstaAudit-platform user registry, which is owned and operated by LIS Group Oy to provide InstaAudit service to the customer. 12 months after termination of the contract, supplier shall anonymize all the personal data processed on customers behalf, unless the legislation requires the supplier to retain it, or the supplier has a legitimate interest to retain the personal data, or supplier and customer company have agreed something else. Log records are stored for 12 months to investigate possible security issues and problems.