Sign in to Kiwa Comply

Privacy Policy

Kiwa Comply™ information management system 

Registrar 

Kiwa Impact Oy, P.O. Box 1000,
FI-00581 Helsinki,
p. 010 521 600,
comply@kiwa.com 

In this document “Service provider” 

Contact person for registrar issues 

Jyrki Lahnalahti, P.O. Box 1000, FI-00581 Helsinki, p. 010 521 600, comply@kiwa.com 
 

Purpose of processing data 

The Service Provider enters in the register the information that the Service Provider needs about its customers and the users of Kiwa Comply™ service for the development and maintenance of the service. The areas of use of the data are contacts, notifications and mailings on the above topics (including customer communications related to service updates). 

In accordance with the section “Data content of the register”, the customer registers the personal data required for the use of the service. In addition to the above, the customer may enter other personal data in the Service in accordance with what he/she considers necessary for the use of the Service. 

Data content of the register  

The type of personal data and the category(ies) of data subjects are defined as follows: 

  1. Organisation admin user (Registrar: Service Provider) 
  1. Other users created by the customer for the Service (Registrar: customer. Data processor: Service Provider) 
  1. Contact persons recorded by the customer for the Service (Registrar: customer. Data processor: Service Provider) 

For users of the service (groups 1 and 2), the following can be recorded 

  • Name 
  • E-mail address 
  • IP-address 
  • Location by city or municipality based on IP address 
  • Browser and operating system used 
  • Timestamps for login times 
  • Timestamps of changes to the information content of the service 

For users of the service group 3 the following can be recorded 

  • Name 
  • Role 

Regular sources of information 

The service provider receives the data from the registrants themselves. 

Regular disclosures of data 

All subsets of the data (in practice, only the name and email address) are shown to the data subjects themselves. The client organisation’s own main user will see his/her own organisation’s data and the name and email address of the users’ data. The service provider’s main users (e.g. user support) will see the data of all organisations and users. 

The email address of the customer’s main user can be forwarded to the service provider’s customer satisfaction surveys. 

Email address lists are compiled from the contact details of customers’ end-users for information needs. 

Transfer of data outside the EU or EEA 

The data collected in the register will not be transferred outside the EU or the European Economic Area. 

Principles of register protection and data storage 

No sensitive or confidential personal data will be entered into the Service by the Service Provider. The Service User is responsible for the classification of personal data under his/her control in the Service in accordance with his/her own principles. 

Address lists are protected in accordance with the Service Provider’s general principles for the protection of similar temporary personal data registers. 

Only registered users can log in to the service by entering their personal username and password. Access to the data is not available to third parties or to persons of the Customer or the Service Provider who do not have access to the Service. The access rights of the Customer’s end-users are managed by the Service Provider. 

12 months after the end of the service contract, the Service Provider will anonymise or delete all personal data covered by the contract, unless the law requires the Service Provider to retain the personal data, or the Service Provider has a legitimate interest in retaining the data. 

In order to resolve possible incidents (including security breaches), log data related to the use of the service will be kept for at least 12 months. 

Right of access 

The data subject has the right to check the data stored in the personal register. The request for inspection is made in writing to the following e-mail address: comply@kiwa.com  

The right to request the correction of information 

The data subject has the right to request the correction of inaccurate information in the register. The request for correction shall be made in writing to the following e-mail address: comply@kiwa.com 

Kiwa Comply™ is a SaaS service (software as a service) designed to help companies build and manage their compliance of management systems. 

Learn more

About us
News
Privacy and cookie policies
Terms of service
Explore our Kiwa Impact service

Contact us

Kiwa Inspecta
Sörnäistenkatu 2, 00580 Helsinki
comply@kiwa.com

You are currently viewing a placeholder content from Google Maps. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock content Accept required service and unblock content