Privacy Notice
Version 1.0, date 29.4.2020. This Privacy Notice may be subject to changes from time to time due to i.a. changes of legislation and/or legal interpretations and guidance.
-
Right of access
-
Right to rectification
-
Right to erasure
-
Right to restriction of processing
-
Right to object
-
Right to lodge a complaint with a supervisory authority
1. Description of processing
KEKO communication and marketing
2. Controllers, data protection officer and contact person
(1) VTT Technical Research Centre of Finland Ltd. (”VTT”), Business ID: 2647375-4, Vuorimiehentie 3, 02150 Espoo, Finland, Data protection officer (DPO): dataprotection@vtt.fi (DPO, data security manager and legal counsel), or Seppo.Viinikainen@vtt.fi (DPO)
Contact person concerning the processing:
Name: Jukka Hemilä
Vuorimiehentie 3, 02044 VTT Espoo, Finland
E-mail: jukka.hemila@vtt.fi
The following organisations may act as joint controllers concerning the processing:
(2) KONE Corporation, Business ID 1927400-1, Keilasatama 3, 02150 Espoo, Finland
Contact person: Global Legal, Data Protection Counsel: personaldatarequest@kone.com
(3) Nokia Solutions and Networks Oy, Business ID: 2058430-6], Karakaari 7 02610 Espoo, Finland. PL 226, 00045 Nokia Group, Data protection officer (DPO): colette.hanley@nokia.com
(4) Caverion Oyj, Business ID 2534127-4, Torpantie 2, 01650 Vantaa
Data protection officer (DPO): kimmo.nikulainen@caverion.com
(5) YIT Oyj, Business ID 0112650-2 , Panuntie 11, PL 36, 00620 Helsinki
Data protection officer (DPO): tarmo.nikkila@yit.fi
(6) Oy Halton Group Ltd, Business ID 0535372-9, Firdonkatu 2 T 146, FI-00520 Helsinki, Finland
Data protection officer (DPO): aki.saxen@halton.com
(7) Netox Oy, Business ID: 0721360-7, Saaristonkatu 22, 90100 Oulu
Data protection officer (DPO): mika.pohjola@netox.fi
3. Roles of joint controllers
VTT acts as a primary contact point towards the data subjects and Finnish supervising authority, if needed. Data subject is advised to first contact VTT with any requests or questions that the data subject may have concerning this processing. VTT will forward data subject’s requests to joint controllers, if needed to implement data subject’s rights. VTT will coordinate actions and responses of the joint controllers.
4. Categories of the personal data
The categories of the personal data are first name, last name, email, company, job title and phone number. In addition, topics of interest and consent information may be processed.
The registered persons represent KEKO interest groups, such as representatives of potential and current customers, collaborators and partners of KEKO.
5. Purposes of the processing and the legal basis for the processing
The personal data is processed for purposes of KEKO communication and marketing, including but not limited to newsletter distribution, event management and webinar arrangements.
The data is being processed on the basis of legitimate interest of the Controller. The legitimate interest is the right to conduct relevant and justified research and innovation activity and there to related event management, communication and marketing to relevant interest groups.
6. Regular sources of information
Personal data is mainly collected from the data subject. Personal data may also received from collaborators and partners of KEKO.
7. Recipients or categories of recipients of the personal data
The Controller may provide the personal data to third parties who represent the following groups:
– Collaborators and partners of KEKO community.
– Controller’s services providers concerning KEKO communication, marketing and event management.
The following recipients may have access to the personal data:
HubSpot: https://legal.hubspot.com/privacy-policy
Seravo Oy
The website uses following cookies, which may have access to personal data:
Cookiebot: https://www.cookiebot.com/en/privacy-policy/
Google Analytics: https://policies.google.com/privacy
Facebook: https://www.facebook.com/business/m/privacy-and-data
LinkedIn: https://privacy.linkedin.com/
Twitter: https://business.twitter.com/en/help/ads-policies/other-policy-requirements/policies-for-conversion-tracking-and-tailored-audiences.html
The personal data is provided under appropriate contractual arrangements in accordance with requirements of GDPR and applicable legislation.
8. Transfer of data outside the European Union or the European Economic Area
Data can be transferred outside the European Union or the European Economic Area in accordance with Finnish legislation on case-by-case basis. Especially personal data can be stored on servers outside the EEA by our service provider HubSpot. Read more about HubSpot’s data security: https://legal.hubspot.com/privacy-policy
9. The existence of automated decision-making, including profiling
No automated decision making is made with the personal data.
10. The period for which the personal data is stored or the criteria used to determine that period
The data is being stored as long as the data subject has a relevant and appropriate relationship to KEKO.
After this the personal data is either erased or anonymised unless any Controller has other legal basis for processing of such personal data (such as legitimate interest of the data Controller in connection with a legal claim or investigation).
11. Principles of protection of the register
The data is protected by technical and organizational measures from unauthorized processing and unauthorized access by third parties. Only persons who need access to the personal data for the purpose carrying out tasks related to processing described in this document have access to the personal data, under confidentiality obligations.
12. Rights of the data subject
The data subject can exercise these rights by contacting VTT, preferably in writing from the e-mail address known to VTT.
The data subjects have the following rights, which may be exempted from in accordance with applicable legislation:
The data subjects have a right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data breaches the data subject’s rights pursuant to GDPR.