Privacy Notice

Version 1.0, date 29.4.2020. This Privacy Notice may be subject to changes from time to time due to i.a. changes of legislation and/or legal interpretations and guidance.

      1. Description of processing
      KEKO communication and marketing

      2. Controllers, data protection officer and contact person

      (1) VTT Technical Research Centre of Finland Ltd. (”VTT”), Business ID: 2647375-4, Vuorimiehentie 3, 02150 Espoo, Finland, Data protection officer (DPO): dataprotection@vtt.fi (DPO, data security manager and legal counsel), or Seppo.Viinikainen@vtt.fi (DPO)
      Contact person concerning the processing:
      Name: Jukka Hemilä
      Vuorimiehentie 3, 02044 VTT Espoo, Finland
      E-mail: jukka.hemila@vtt.fi

    The following organisations may act as joint controllers concerning the processing:

      (2) KONE Corporation, Business ID 1927400-1, Keilasatama 3, 02150 Espoo, Finland
      Contact person: Global Legal, Data Protection Counsel: personaldatarequest@kone.com

      (3) Nokia Solutions and Networks Oy, Business ID: 2058430-6], Karakaari 7 02610 Espoo, Finland. PL 226, 00045 Nokia Group, Data protection officer (DPO): colette.hanley@nokia.com

      (4) Caverion Oyj, Business ID 2534127-4, Torpantie 2, 01650 Vantaa
      Data protection officer (DPO): kimmo.nikulainen@caverion.com

      (5) YIT Oyj, Business ID 0112650-2 , Panuntie 11, PL 36, 00620 Helsinki
      Data protection officer (DPO): tarmo.nikkila@yit.fi

      (6) Oy Halton Group Ltd, Business ID 0535372-9, Firdonkatu 2 T 146, FI-00520 Helsinki, Finland
      Data protection officer (DPO): aki.saxen@halton.com

      (7) Netox Oy, Business ID: 0721360-7, Saaristonkatu 22, 90100 Oulu
      Data protection officer (DPO): mika.pohjola@netox.fi

      3. Roles of joint controllers
      VTT acts as a primary contact point towards the data subjects and Finnish supervising authority, if needed. Data subject is advised to first contact VTT with any requests or questions that the data subject may have concerning this processing. VTT will forward data subject’s requests to joint controllers, if needed to implement data subject’s rights. VTT will coordinate actions and responses of the joint controllers.

      4. Categories of the personal data
      The categories of the personal data are first name, last name, email, company, job title and phone number. In addition, topics of interest and consent information may be processed.
      The registered persons represent KEKO interest groups, such as representatives of potential and current customers, collaborators and partners of KEKO.

      5. Purposes of the processing and the legal basis for the processing
      The personal data is processed for purposes of KEKO communication and marketing, including but not limited to newsletter distribution, event management and webinar arrangements.
      The data is being processed on the basis of legitimate interest of the Controller. The legitimate interest is the right to conduct relevant and justified research and innovation activity and there to related event management, communication and marketing to relevant interest groups.

      6. Regular sources of information
      Personal data is mainly collected from the data subject. Personal data may also received from collaborators and partners of KEKO.

      7. Recipients or categories of recipients of the personal data
      The Controller may provide the personal data to third parties who represent the following groups:
      – Collaborators and partners of KEKO community.
      – Controller’s services providers concerning KEKO communication, marketing and event management.

      The following recipients may have access to the personal data:
      HubSpot: https://legal.hubspot.com/privacy-policy
      Seravo Oy

      The website uses following cookies, which may have access to personal data:
      Cookiebot: https://www.cookiebot.com/en/privacy-policy/
      Google Analytics: https://policies.google.com/privacy
      Facebook: https://www.facebook.com/business/m/privacy-and-data
      LinkedIn: https://privacy.linkedin.com/
      Twitter: https://business.twitter.com/en/help/ads-policies/other-policy-requirements/policies-for-conversion-tracking-and-tailored-audiences.html

      The personal data is provided under appropriate contractual arrangements in accordance with requirements of GDPR and applicable legislation.

      8. Transfer of data outside the European Union or the European Economic Area
      Data can be transferred outside the European Union or the European Economic Area in accordance with Finnish legislation on case-by-case basis. Especially personal data can be stored on servers outside the EEA by our service provider HubSpot. Read more about HubSpot’s data security: https://legal.hubspot.com/privacy-policy

      9. The existence of automated decision-making, including profiling
      No automated decision making is made with the personal data.

      10. The period for which the personal data is stored or the criteria used to determine that period
      The data is being stored as long as the data subject has a relevant and appropriate relationship to KEKO.

      After this the personal data is either erased or anonymised unless any Controller has other legal basis for processing of such personal data (such as legitimate interest of the data Controller in connection with a legal claim or investigation).

      11. Principles of protection of the register
      The data is protected by technical and organizational measures from unauthorized processing and unauthorized access by third parties. Only persons who need access to the personal data for the purpose carrying out tasks related to processing described in this document have access to the personal data, under confidentiality obligations.

      12. Rights of the data subject

      The data subject can exercise these rights by contacting VTT, preferably in writing from the e-mail address known to VTT.

      The data subjects have the following rights, which may be exempted from in accordance with applicable legislation:

      • Right of access

      • Right to rectification

      • Right to erasure

      • Right to restriction of processing

      • Right to object

      • Right to lodge a complaint with a supervisory authority

      The data subjects have a right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data breaches the data subject’s rights pursuant to GDPR.