Responsibility

Data protection policy

Data protection policy

RAOS Project Oy’s management demonstrates commitment to data protection by creating the policy and associated requirements, assigning specific roles and responsibilities, continuously developing a good data protection culture, and allocating appropriate resources.

RAOS Project Oy is responsible for compliance with:

  • General Data Protection Regulation (GDPR, 2016/679);
  • Finnish republic Data Protection Act (Tietosuojalaki, 1050/2018);
  • Finnish republic “Act on the Protection of Privacy in Working Life” (Laki yksityisyyden suojasta työelämässä, 759/2004);
  • Russian Federation Federal Law “On personal data” (No. 152-FZ of July 27, 2006);
  • other applicable normative acts concerning privacy and personal data protection.

Personal data in RAOS Project Oy are:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency);
  • collected for specified, explicit and legitimate purposes (purpose limitation);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
  • accurate and kept up to date where necessary (accuracy);
  • stored no longer than is necessary for the purposes for which the personal data are processed (storage limitation);
  • processed in a secure manner that ensures the confidentiality, integrity and availability of personal data.

RAOS Project Oy is able to demonstrate compliance with this statement (accountability).

RAOS Project Oy respects the rights of the Data Subjects (the right to be informed, the right to access, the right to rectification, the right to erasure (right to be forgotten), the right to restrict processing, the right to data portability, the right to object, the rights in relation to automated decision making and profiling) and guarantees their observance.

RAOS Project Oy has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of incidents;
  • processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

The information security management system of RAOS Project Oy is implemented, continuously improving and certified for compliance with ISO/IEC 27001:2013.

In cases when personal data is transferred outside the EU (the European Union) / EEA (the European Economic Area) or to international organisations RAOS Project Oy provides appropriate guarantees by signing additional conditions on personal data protection between the organisations and/or obtaining consent from the Data Subjects.

RAOS Project Oy has appointed a Data Protection Manager (DPM). The Data Subjects can contact him/her at any time and receive additional information by email: privacy@rosatom.fi.

The Data Protection Policy is subject to periodic assessment, revision and updating every two years or, if necessary, at shorter time intervals to reflect changing conditions.