Privacy statement for user tests
Data controller:
Valimotie 17-19
FI-00380 Helsinki, FINLAND
Contact information for register-related matters:
tietosuoja@apotti.fi
If you have any questions about your rights as a data subject, you can also contact our data protection officer at tietosuojavastaava@apotti.fi.
Privacy statement for user tests on the citizen’s user interfaces of Oy Apotti Ab (e.g. Maisa)
The register for citizen’s user interfaces of Oy Apotti Ab collects data on people who have given their consent to participate in user tests on the citizen’s user interfaces of Oy Apotti Ab.
1. What personal data do we collect?
Users’ email address and telephone number are collected. In addition, the test sessions are recorded, and the recording includes the user’s voice and use of a possible user interface. A test on the use of a user interface is always conducted in a test environment that doesn’t have real personal or patient data in it.
2. For what purposes do we process personal data?
Contact information (email address and/or telephone number) is collected for booking/rescheduling/cancelling user test appointments. The test sessions are recorded in order to collect them and to sufficiently analyse them.
Below are listed the legal grounds for processing personal data for the user tests, which comply with article 6 of the EU General Data Protection Regulation:
- a) the data subject has given their consent to process their personal data
3. To whom do we pass on personal data?
Test data is processed only by people designated for the task by Oy Apotti Ab on a case-by-case basis.
4. To which countries do we transfer data?
The personal data saved in the register for user tests on citizen’s user interfaces is stored in Finland and is not transferred outside the EU/EEA area.
5. How do we protect personal data?
We protect personal data by using appropriate technical and organisational protective measures. These measures include proactive and reactive risk management and the use of firewalls, data encryption techniques and secure equipment spaces as well as passage control and security systems. Protective measures also include security planning, controlled granting and monitoring of access rights, ensuring the know-how of staff that participate in the processing of personal data and careful selection of subcontractors. We constantly update our internal practices and guidelines.
6. How long do we keep personal data?
Contact information and test recordings are erased 6 months after the test session at the latest.
Contact information may be linked with a recording indirectly, for instance with a pseudonym, so that in case a person so requests, a recording can be erased before it is due for erasure.
7. What are the data subject’s rights?
According to the General Data Protection Regulation, the data subject has the following rights:
- Right to gain access to personal data
- Right to have data rectified
- Right to have data erased
- Right to restrict processing
- Right to object to processing
- Right to data portability
The data subject also has a right to file a complaint with the Data Protection Authority. You will find more information on the subject on the website of the Data Protection Ombudsman at tietosuoja.fi.
Please note that not all the rights of data subjects are unlimited. If you would like to exercise your rights, please contact tietosuoja@apotti.fi. Please specify in your message which right you wish to exercise.