CSC customer register privacy policy
CSC customer register privacy policy
Updated 26.4.2019
1. Registrar | CSC - Finnish IT Сentre for Science Ltd |
2. Contact person for register-related matters | CSC Service Desk
Data Protection Officer Sanna Vartia |
3. Name of register | CSC customer register |
4. What are the purposes and lawful bases for processing personal data | Data processing is based on our legitimate interests, or on the performance of a contract. We process your data to:
|
5. What data do we process? | The register consists of following data:
The personal data marked with an asterisk is required for establishing a contract or customer relationship with us. We may collect only some of the data, depending on what is necessary for service provision, and for improving service quality and user experience. |
6. Where do we get your data from? | Your data is acquired primarily from:
We may collect and update your personal data from publicly available sources only for the purposes described in this privacy policy. |
7. Where do we transfer your data? | We may transfer personal data to the Ministry of Education and Culture, Finnish institutions of higher education, and research funders for:
We may transfer your data outside of the EU/EEA only in connection with services provided by third-parties, for example to comply with software license agreements. We ensure that our partners have committed to comply with privacy laws and regulations. |
8. How do we protect your data and how long do we store it for? | Systems containing personal data can be accessed only by designated employees with their own access credentials. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities Storage times of personal data vary, depending on the purpose of their collection. We regularly assess the need for storing data, taking into account the applicable legislation. We also take reasonable measures to ensure that the personal data is not contradictory to the data processing purposes, out of date or inaccurate. Where such data is identified, it is either corrected or destroyed without delay. |
9. What are your rights as a data subject? | You have the right to review your data, and demand rectification or erasure of inaccurate or false information. You can withdraw any consent you've given, and prohibit the use of your data for direct marketing. We will present a document assessing our legitimate interests to process your data on request. You can also request us to stop processing your data while you review the document. You have the right to complain to the Data Protection Ombudsman. |
10. Who should I contact? | All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2). |
11. Changes to privacy policy | Material changes to this document will be displayed with dates. If the changes are significant, we may inform you about them by email or by publishing a notification on our website. |