Evästeiden avulla pyrimme tarjoamaan asiakkaillemme paremman käyttökokemuksen. Kun hyväksyt evästeet, pystymme kehittämään sivumme käyttäjäkokemusta, sekä räätälöimään sinulle tarkoitettuja palveluita.
Privacy statement for Lemonsoft platforms
Privacy statement for Lemonsoft platforms
In this policy, we explain the data protection measures for Lemonsoft Platform Services. When a customer uses Lemonsoft Platform Services, Lemonsoft Oyj acts as the processor of personal data with respect to the customer’s personnel and other persons related to the customer to the extent that the data are stored in Lemonsoft Oyj’s services used by the customer. When a customer uses Lemonsoft Platform Services, personal data are the data of the customer’s personnel and other persons related to the customer to the extent that they are stored in Lemonsoft Oyj’s services used by the customer. Lemonsoft Oyj processes the data of personnel and other persons related to the customer stored in Lemonsoft Oyj’s services used by the customer only upon the customer’s separate request. The processing is always related to carrying out customer support, such as the processing of a support request. Processing in accordance with data protection legislation also includes tasks related to the technical maintenance of Lemonsoft Platform Services, such as database storage, backup and other maintenance activities.
1. Processor of personal data
Lemonsoft Oyj
2017863-1
Vaasanpuistikko 20 A, 65100 VAASA
2. Contact person of the processor in matters concerning personal data registers
Lemonsoft Oyj (2017863–1)
Data Protection Officer Jaakko Suninen
Keskikatu 11 B, FI-45100 KOUVOLA
jaakko.suninen@lemonsoft.fi
3. Privacy policies for Lemonsoft platform services
Privacy Policies for Lemonsoft Platform Services (Appendix to the Privacy Policy of Lemonsoft Oyj). This appendix contains additional information for the needs of customers using Lemonsoft Platform Services. The Appendix has been updated on 16 February 2022. Please also see our Privacy Policy at lemonsoft.fi/tietosuojaseloste.
4. Restriction of access
The use of Lemonsoft Oyj’s services requires authentication. Each user of the services is set up with an activation function, which assigns a person access rights to companies and different functions of the services. In addition to the access rights granted in the activation, the user’s access rights can be restricted by means of role restrictions.
The user management of Lemonsoft Oyj’s services manages company-specific user rights so that the user does not have access to a company for which they are not registered as a user.
Access to the Lemonsoft Platform Services’ server environment is only granted to Lemonsoft Oyj’s Information Management. Access to the data centre is monitored by 24-hour security, camera surveillance and access control. All physical facilities in the data centre have been audited as either Katakri 2015 ST III or Katakri 2015 ST IV areas. The data centre meets the requirements of the ISO 9001, ISO 22301, ISO 27001 and ISAE 3000 certifications. Third parties do not have access to Lemonsoft Oyj’s services or the information contained by the services.
5. Retention, verification and restoration of data
The data contained by Lemonsoft Platform Services is located in Finland. Backups are stored in two different physical locations. Cold backups are stored in the Microsoft Azure cloud service in the EU. Documents stored in LemonFiles document management are stored in the Microsoft Azure cloud service in the EU.
The data is replicated on a separate disk system several times a day. In addition, servers and databases are backed up on a daily basis. The backups are stored on a daily level for one (1) month and on a weekly level for six (6) months. Backups are always duplicated to multiple physical locations. Backups are moved through an encrypted VPN connection protected by Bitlocker encryption.
The recovery of database-level data takes place immediately after the receipt of the request.
6. Protection of use and information in the system
When using Lemonsoft Oyj’s services through Lemonsoft Platform Services, the connection is protected with a certificate issued by a trusted party and an SSL-protected connection.
Lemonsoft Oyj uses the Microsoft Azure cloud service with passwords and encryption keys and IP address restriction in a secure manner.
7. Monitoring of leaks and action plan in case of a leak
The technical supervision of data leaks is carried out by Lemonsoft Oyj’s Information Management, and the supervision is continuous.
The personnel of Lemonsoft Oyj are obliged to report a possible or suspected data leak as soon as they detect such a leak. The Chief Information Officer, CEO and Data Protection Officer of Lemonsoft Oyj will be notified. They shall deal with the matter without delay and decide on corrective measures, on providing information about the matter and on notifying the authorities.
8. Additional information
Lemonsoft Oyj may update its data protection policies from time to time. If we make a significant change, we will inform our customers about it separately.