Data Protection / GDPR
In this page we have gathered information on how Rantalainen’s data protection policies regarding GPDR (General Data Protection Regulation), which came into force on 25.05.2018. The GDPR contains obligations to companies who process personal data.
GDPR in a nutshell
The GDPR contains new obligations regarding processing of personal data and data protection. Integral in the new regulation is the risk-based approach and data controller’s obligation to demonstrate that its processing activities are compliant with the requirements of the GDPR. The Data controller is required to handle sensitive data with caution. Additionally, the data controller must be able to demonstrate that it is operating according to the regulation.
Additional information about the GDPR can be found from:
Data Protection Ombudsman
Rantalainen’s contractual reform
Rantalainen is updating existing service agreements with its customers to be compliant with the General Data Protection Regulation. Simultaneously Rantalainen will update the accounting firm conditions (KL2004), which have been in use since 2004. In the new conditions (TAL2018), which are widely applied in the accounting industry, various matters are taken into consideration regarding the development and shift of accounting services. Simultaneously the understandability and readability of the terms have been improved.
We at Rantalainen have also taken the EU General Data Protection Regulation (GDPR) into account in the new conditions by composing a separate data protection agreement. In the renewed terms, the requirements that electronic services and electronic communication with authorities constitute, are also considered. Additionally, the contract responsibilities are defined more precisely than earlier, due to the development of information technology.
Simultaneously with the renewal of the conditions, we at Rantalainen have expanded our liability insurance to answer to the requirements of our new services and increased the accounting firm’s contractual liability limit in the event of damage. The limit has been raised from the industry standard 10.000 euros to 100.000 euros this applies to each of our customers.
Customer-specific exceptions from the contract terms, which have been specifically agreed upon, will stay in effect unless otherwise agreed upon.
The contracts will be updated digitally. The contact persons of our clients will receive a link through which they can digitally sign and accept the new conditions. If the client wishes, the contract update can be delivered and signed in paper form.
Updated service agreements
The updated service agreements consist of the documents below
Rantalainen as a personal data processor
Information security in ensured by both technical and organizational measures. Personal data processing is executed in a appropriate and secure manner. Personal data processing and data security is illustrated in the documents above attachment 1-A and 1-B.
Software used by Rantalainen
Software used by Rantalainen and software providers who are responsible for them are for their part personal data processors. Below we have listed links to the software providers data security web sites. Additionally, the data security of different softwares is illustrated in the attachment 2-B.
- Visma GDPR (Visma Fivaldi, Visma Netvisor and other Visma Software)
- Lemonsoft Oy:n tietosuojaseloste (Lemonsoft)
- Aditro – GDPR (Personec W and other Aditro Software)
- Accountor tietosuojaseloste (Mepco, Tikon, Procountor and other Accountor Software)
Data Protection Officer
Rantalainen’s acting data protection officer is director of legal affairs Kimmo Martikainen (email@example.com, 040 555 8081)
Your contact person in contractual issues
Primarily service managers, service executives and your personal contact person will address your questions. However, if you prefer you may also contact the persons below.