Service Providers Security Police

General

Kongressi is an event management service which is provided to Data Prisma’s corporate customers by a Software as a Service (Saas) model. Data Prisma is a service provider and Contrasec Oy is a cloud provider. Corporate customers, their employees and their customers are end users. End users save data in the service. The data consists of personal, participation, ordering and accounting information. Our customer organization is the register controller. Cloud provider and Service provider act as a processor for the register based on controller’s orders and rules.

Access management

The only control an end user has is to access the provider's application thru internet from a desktop, laptop, or mobile device. Users are identified uniquely ensuring that any action can be attributed to a specific user. All users have to be identified before they are given a user Id. Every end user has a unique user Id. End users and their privileges are managed by the administrative user of the specific customer organization. Admin users have elevated privileges and the allocation and use of privileges shall be restricted and controlled. Users are required to follow good security practices in the selection use of passwords and the rules are set by Service Provider. Service Provider and Cloud Provider will follow the same principals in their work

Software protection

Cloud Provider and Service Provider will follow their security policy to ensure the secure environment and service for our Customers and end users. The policy covers the whole development and delivery process and more information is available from Service Provider. As an example of one policy is that all updates are first tested in separate development and test environments.

Information Collection and Sharing

All the information saved in the service by the end users belong to our Customer controlling the specific instance of the service. Cloud Provider and Service Provider have the access into the information and we act as a processor for the register based on controller’s orders and rules. Some part of the service may provide information that end user supply into the service to our affiliates, vendors and service providers, which we use for billing systems, contract and account management, customer support, relationship management and other technical operations. Together with the register controller we will ensure that such entities are bound by appropriate confidentiality restrictions to protect the information covered by this Policy. Processors will never use or share personal information in any other ways. However, we normally log and monitor user’s activities in order to provide better services to our users. The intent is to improve usability and performance as well as detect new threats and malicious usage.

Policy changes

The trust and privacy of our customers and their users very seriously. We do not believe that there will be a need to change the main principles provided in this Policy. If modifications are required, we will promptly post the modified Policy on this website.

Contact information

Service Provider:
Data Prisma Oy
Kauppakatu 20, 70100 Kuopio, Finland
kongress@dataprisma.fi