CSC stakeholder register privacy policy
Stakeholder register privacy policy
Updated: 26.4.2019
1. Registrar | CSC – Finnish IT Сenter for Science Ltd Business ID: 0920632-0 www.csc.fi (hereinafter referred to as "we" or "CSC") |
2. Contact person for register-related matters | Minna Lappalainen
Data Protection Officer Sanna Vartia |
3. Name of register | CSC stakeholder register |
4. What are the purposes and lawful bases for processing personal data? | Data processing is based on our legitimate interests, or on the performance of a contract. We process your data to:
|
5. What data do we process? | The register consists of following data:
The personal data marked with an asterisk is required for establishing a contract or customer relationship with us. We may collect only some of the data, depending on what is necessary for service provision, and for improving service quality and user experience. |
6. Where do we get your data from? | Your data is acquired primarily from:
We may collect and update your personal data from publicly available sources only for the purposes described in this privacy policy. |
7. Where do we transfer your data? | We may transfer your data outside of the EU/EEA only in connection with services provided by third-parties, for example to comply with software license agreements. We ensure that our partners have committed to comply with privacy laws and regulations. |
8. How do we protect the data and how long do we hold it for? | Systems containing personal data can be accessed only by designated employees with their own access credentials. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities Storage times of personal data vary, depending on the purpose of their collection. We regularly assess the need for storing data, taking into account the applicable legislation. We also take reasonable measures to ensure that the personal data is not contradictory to the data processing purposes, out of date or inaccurate. Where such data is identified, it is either corrected or destroyed without delay. |
9. What are your rights as a data subject? | You have the right to review your data, and demand rectification or erasure of inaccurate or false information. You can withdraw any consent you've given, and prohibit the use of your data for direct marketing. We will present a document assessing our legitimate interests to process your data on request. You can also request us to stop processing your data while you review the document. You have the right to complain to the Data Protection Ombudsman. |
10. Who should I contact? | All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2). |
11. Changes to privacy policy | Material changes to this document will be displayed with dates. If the changes are significant, we may inform you about them by email or by publishing a notification on our website. |