CSC customer and stakeholder register privacy notice

Updated 11.1.2023

1. Registrar	CSC - Finnish IT Сentre for Science Ltd P.O. Box 405 (Keilaranta 14) FI-02101 Espoo tel. 09 457 2821 (operator) servicedesk@csc.fi www.csc.fi (hereinafter referred to as "we" or "CSC")
2. Contact person for register-related matters	CSC Service Desk tel. 09 457 2821 (operator) servicedesk@csc.fi Data Protection Officer privacy@csc.fi
3. Name of register	CSC customer and stakeholder register
4. What are the purposes and lawful bases for processing personal data?	Personal data processing is based on our legitimate interests, or on the performance of a contract. We process your personal data to: produce and develop our products and services fulfil our contractual commitments and obligations manage our customer relationships administrate the contact details of stakeholder networks organise events analyse the customer's or other registered "user's" use of services create statistics and reports to meet the needs of the owners, customers and funders carry out direct marketing, opinion polls, and market surveys target content in the online services of both our company and other organisations
5. What data do we process regarding you?	The register consists of following data: *data subject's basic details, such as name, customer number, username and/or other unique identifier, password, gender and language of communication; *data subject's contact details,* such as email address, telephone number and physical address; professional and research-related information of users of Services for Research, such as home organisation, department or institution, job title, scientific field, nationality and level of education; information regarding use of Services for Research, such as data subject's project memberships, resource applications and use of resources; any direct marketing blocks or approvals* *participant data for events and any event-related data,* such as dietary restrictions *contact person data related to customer relationships, organisations and contracts, such as business IDs and the names and contact details of contact persons, information on previous and current contracts and orders, and other data from customer interactions service use data generated by technical systems, such as logs, online identifiers and any other data collected with specific agreement from the data subject.* The personal data marked with an asterisk is required for establishing a contract or customer relationship with us. We collect only such necessary data that is needed for service provisioning, and for improving service quality and user experience.
6. Where do we get your data from?	Your data is acquired from: you your organization your service use We may collect and update your personal data from publicly available sources only for the purposes described in this privacy policy.
7. Where do we transfer your data?	We may transfer service use -related data to the Ministry of Education and Culture, to the research organizations and to education institutions or to other home organizations, and to funders for: statistical and reporting purposes fulfilling our contractual commitments and obligations We may transfer your personal data outside of the EU/EEA only based on your consent you provide when starting to use services provided by third-parties, for example to comply with software license agreements. We ensure that our partners have committed to comply with privacy laws and regulations.
8. How long do we store your data?	Storage times of personal data vary, depending on the purpose of their collection. We regularly assess the need for storing data, taking into account the applicable legislation. We also take reasonable measures to ensure that the personal data is not contradictory to the data processing purposes, out of date or inaccurate. Where such data is identified, it is either corrected or destroyed without delay.
9. What are your rights as a data subject?	You have a right to object the processing of your data, to review your data, and to demand rectification or erasure of inaccurate or false information. You can prohibit the use of your data for direct marketing. On request, we will present a document assessing our legitimate interests to process your personal data. You can also request us to stop processing your data while you review the document. You have the right to complain to the Data Protection Ombudsman.
10. Who should you contact?	All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2).
11. Changes to privacy policy	Material changes to this document will be displayed with dates. If the changes are significant, we may inform you of them by email or by publishing a notification on our website.