The purpose of this privacy statement is to tell you what kind of information is collected in Priima learning management system, how the information is processed and how it is protected.
Customer specific Priima user register
Each Customer is the controller of the user register of their own Priima environment
Saarni Learning Oy
Kiviharjunlenkki 1 B
+358 20 718 1850
Contact person for GDPR
Kiviharjunlenkki 1 B
+358 20 718 1850
The processing of personal data owned by the customer, groups of the registered and type of personal data
The customer adds personal data when using Priima learning management system for example from their own staff, partners or other interest groups using the service. The customer owns this user register making the customer the controller and Saarni Learning Oy the processor of personal data. Saarni Learning Oy shall process the personal data of the Customer on behalf of and commissioned by the Customer.
As processor, Saarni Learning Oy has access to user data added by the customer. Compulsory data fields in the service are e-mail, first name and last name. Additional data fields are: username, password, phone number and address. Customer’s environment admin can enable saving the personal identity code in the environment by making the personal identity code field available for users.
The basis and purpose of processing personal data
Saarni Learning Oy processes personal data to provide the Priima learning management system service as described in the Contract between the Customer and Saarni Learning. In addition, users are recognized technically, and a safe access can be provided with the help of personal data. Users can check their own saved data: course completions, assignments, completions, a list of files uploaded by the user and their own personal data.
When a user submits a request to an admin user named by the Customer, their login details and all data can be deleted.
Saarni Learning Oy never processes personal data owned by the customer without an initiative from the customer, such as getting in touch to resolve a problem situation. If the solution to the problem requires processing of personal data, a written permission is always asked from the customer.
Applicable information security measures
Saarni Learning follows actively the realization and state of information security on a general level and regarding their own services. A specified person is responsible for the information security as a whole.
Saarni Learning monitors the state of the learning management systems they offer and informs customers of any possible data leakage at once as has been agreed upon in the escalation procedure.
Information security policy
Information security is a central part of Saarni Learning’s business. The aim of Saarni Learning’s information security policy is to ensure the confidentiality, wholeness and availability of all information, both the customer’s and Saarni Learning’s, in every stage of data processing. The services and functionalities must be reliable and protected so that the compliance with laws and contractual obligations are ensured.
The incident response plan describes the operations when a general or service-related information security incident is detected in the organization.
The rights and obligations of the customer as controller
Customer is responsible for reacting and answering to data requests regarding their own register and the registered users and their rights. In addition, Customer takes care of informing the end users. The customer organization is responsible for the data protection of information related to user accounts as well as materials and other information that they bring up, such as results, that have been created in Priima environment.
The rights of the registered user
The registered user has the right
- to access the personal information that has been collected on the service
- to correct the data that is inaccurate
- to request the personal data to be erased
In order to inspect what personal information has been collected on the service, to correct inaccurate data or request data deletion the user should contact firstname.lastname@example.org.
Data Deletion Requests
We respect your right to privacy and understand that you may wish to delete the personal information that we have collected from you. You may request the deletion of your personal information by contacting us at email@example.com. We will promptly review your request and forward your data deletion request to The Customer that is the controller of the register.
Data deletion will be carried out by The Customer by deleting your user account. When your account is deleted, all recognizable data is removed from the Priima learning management system.
Saarni Learning Oy has trained its staff regarding the General Data Protection Regulation. In addition, all individuals that have the right to process personal data are obligated to observe confidentiality.
The user data saved in the users’ contact information in Priima environment can be viewed by the customer’s admin users via the Priima interface. Admin users are users that have the rights to manage the environment.
Users who have rights to manage courses can always see the names and profile pictures of all environment users if the user has set a profile picture.
Each user can enable or block others to see profile information set by the user. However, the contact information set in the environment administration are always visible to admin users.
Users can see other users’ information saved in their profiles if they have enabled that. There is a setting in the user profile: Other people can see my profile.
Major updates that change the functionalities of the system are ensured to be working properly in a separate test environment before being released to the production servers.
Transferring or processing Data outside EU or EEA
Saarni Learning does not transfer or process personal data outside EU or EEA without a written consent from the Customer. The Customer and Saarni Learning agree beforehand within the contract or as an attachment to the contract of all personal data transfer or processing outside EU or EEA, and they are in principle subject to the model contractual clauses adopted by the European Union for the transfer of personal data outside the EU / EEA.