In accordance with EU General Data Protection Regulation (2016/679, "GDPR") and applicable national legislation.
Version 1.0, date 29.10.2018. This Data Protection Description may be subject to changes from time to time due to i.a. changes of legislation and/or legal interpretations and guidance.
1. Description of processing
Mailing list for the Newsletter of European Union funded FutureGrid II project.
2. Controller, data protection officer and contact person
Name: VTT Technical Research Centre of Finland Ltd. ("VTT"), Business ID: 2647375-4
Address: Vuorimiehentie 3, 02150 Espoo, Finland
VTT Data protection officer (DPO):
Name: Seppo Viinikainen
Address: VTT Technical Research Centre of Finland Ltd., Koivurannantie 1, 40400 Jyväskylä, Finland
E-mail: dataprotection(at)vtt.fi (DPO, data security manager and legal counsel), or Seppo.Viinkainen(at)vtt.fi (DPO)
Contact person concerning the register:
Name: Jari Hällström
Address: VTT Technical Research Centre of Finland Ltd., Tekniikantie 1, 02150 Espoo, Finland
3. Categories of the personal data
The categories of the personal data contained in the register are name, email and organisation.
The registered persons represent participants and stakeholders of FutureGrid II project.
4. Purposes of the processing and the legal basis for the processing
The personal data is processed for purposes of newsletter distribution concerning FutureGrid II project.
The data is being processed primarily based on legitimate interest of the Controller(s). The Controller(s) may in some cases request consent of the data subject for the processing of personal data (i.a. by requesting subscription for newsletter distribution). The legitimate interest is the right to efficient project implementation and thereto-related necessary communication and newsletter distribution.
5. Regular sources of information
The personal data is collected from the data subject.
6. Recipients or categories of recipients of the personal data
VTT may provide access to the personal data to FutureGrid II project partners, if this is necessary for efficient project implementation. The personal data is processed under appropriate contractual arrangements in accordance with requirements of GDPR and applicable legislation.
7. Transfer of data outside the European Union or the European Economic Area
The personal data is not transferred outside European Union or EEA.
8. The existence of automated decision-making, including profiling
No automated decision making is made with the personal data.
9. The period for which the personal data is stored or the criteria used to determine that period
The data is being stored for the duration of the project and maximum two (2) years thereafter, or until the data subject withdraws his or her consent concerning processing of the personal data, where consent is relevant.
After this the personal data is either erased or anonymised unless the controller has other legal basis for processing of such personal data (such as legitimate interest of the data controller in connection with a legal claim or investigation) or reasons related to contractual relationship.
10. Principles of protection of the register
The data is protected by technical and organizational measures from unauthorized processing and unauthorized access by third parties. Only persons who need access to the personal data for the purpose carrying out tasks related to FutureGrid II project have access to the personal data, under confidentiality obligations.
11. Rights of the data subject
The data subjects have the following rights, which may be exempted from in accordance with GDPR and applicable legislation:
Right to withdraw consent
The data subjects have the right to withdraw their consent on which the processing is based on.
Right of access
The data subjects have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed and access to his or her personal data and information concerning the processing of his or her personal data.
Right to rectification
The data subjects have the right to obtain from the controller rectification of inaccurate personal data concerning him or her. The data subjects have the right to have incomplete personal data completed.
Right to erasure
The data subjects have the right to obtain from the controller the erasure of personal data concerning him or her if
(i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) the data subject withdraws consent on which the processing is based and where there is no other legal ground for processing;
(iii) the personal data have been unlawfully processed; or
(iv) the personal data have to be erased for compliance with a legal obligation in Union or Finnish law.
Right to restriction of processing
The data subjects have the right to obtain from the controller restriction of processing in cases set forth in GDPR.
Right to data portability
Where the processing is based on the data subject's consent and carried out by automated means, the data subjects have the right to receive the personal data concerning him or her, which he or she has provided to the controller and have the right to transmit those data to another controller.
Right to object
The data subject's may object to the processing of personal data, especially in cases processing is carried out based on legitimate interest of the controller.
Right to lodge a complaint with a supervisory authority
The data subjects have a right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data breaches the data subject's rights pursuant to GDPR.
The data subject can exercise these rights by contacting the controller with information set forth in section 2, in writing or by email.