|Data Controller||TECHNOPOLIS PLC, Business ID 0487422-3, Address: Elektroniikkatie 8, 90570 Oulu, on its own behalf and on behalf of companies belonging to the same group which act as joint controllers as applicable. Such group companies are listed in the section “Regular disclosure and transfer of data, and data transfer outside the EU or EEA”.|
|Contact Person for Data-Related Matters||In matters related to data protection please contact via email to firstname.lastname@example.org.
Privacy Coordinator Risto Kivisilta, Energiakuja 3 FI-00180 Helsinki, tel. + +358408400380, email: email@example.com.
|Name of Register||Customer and partner register|
|Legal Basis and Purpose of Processing Personal Data||The processing of personal data is based on (i) performance of the rights and obligations of a lease and/or service agreement between a controller and a customer, or a data controller and its partner, for a supplier agreement, and performance of the preliminary measures required for the agreement, (ii) and/or for the purposes of the legitimate interests of the controller or of a company belonging to the same group.
Personal data is used for managing, developing and maintaining the customer (including potential customer) relationship between the controller and the customer, and the related analysis, compilation of statistics, customer communication, organizing of events, customer experience evaluation, identification of the customer’s users, user management, troubleshooting of electronic services, and management of relationships between the cooperation partners. In addition, personal data is used for direct marketing by the controller and its group companies (including electronic newsletters), targeting and profiling of online advertising, and for designing and development of the controller’s products and services.
|Data Content of the Register, and the Data Protection Groups||Decision-makers and contact persons of current and potential customers , suppliers and partners of the controller, and newsletter subscribers. The registry may contain following personal data:
|Regular Sources of Data||Data is collected regularly about the data subject by telephone, email, on the internet, in meetings, and in conjunction with concluding agreements and contractual relations. Personal data can also be collected and updated from public and private registers, such as the population register, other authorities, credit information companies, contact information providers, and other similar trustworthy parties.|
|Regular Disclosure and Transfer of Data, and Data Transfer Outside the EU or EEA||The controller does not regularly disclose the registered data to third parties.
The controller uses external subcontractors to handle the tasks described in this policy, and in such cases, the service providers act on behalf of the controller. Subcontractors, i.e. recipients of personal data, include e.g. marketing and communication agencies, event organizers, data system suppliers and partners in property services and services for space. The controller is responsible for the activities of its subcontractors as for the controller’s own activities. The controller will ensure, by means of data processing agreements with subcontractors, that these parties are committed to protecting the personal data of the data subject in the manner stated in this document. In addition, the controller may disclose contact details for marketing purposes to its subcontractors used within its business operations.
Some of the personal data contained in this policy will be processed outside the EU and the EEA, whereby the data controller has ensured that its subcontractor is covered by the Privacy Shield data protection system or other similar arrangements (e.g. EU Commission Model Clauses).
Personal data are also disclosed and transferred to the subsidiaries and associated companies of the Technopolis Group for their use, for the purposes specified above. Personal data is transferred to the following companies in Technopolis Group:
Kiinteistö Oy Innopoli II
Technopolis Lietuva UAB
AS Technopolis Ülemiste
|Principles of Registry Protection and Data Storage Period||The only persons who have access rights to the personal data system are those employees of the controller who have the right to process personal data contained in this register for the purposes of carrying out their work. Each user has their own username and password for the system. Data is collected in databases that are protected by firewalls, passwords, and other technical measures. Databases and backups are located in locked spaces, and only certain pre-designated persons can access them.
Personal data is stored for as long as it is necessary for fulfilling the purpose of the personal data. As a rule, the data are kept for the full duration of the customer or partnership relationship, and for six (6) months after its end. However, the controller always has the right to store personal data or otherwise process them after the aforementioned period of storage in the circumstances permitted by law in force from time to time, such as the retention periods to be observed in the Accounting Act and the Withholding Tax Act. The personal data of decision-makers will be stored permanently for direct marketing purposes within the limits of the law.
The controller will regularly assess the need for the storage of personal data, and will also take reasonable measures to ensure that incompatible, obsolete or inaccurate personal data on data subjects is not saved in the register.
|Rights of the Data Subjects||The data subject has the right to inspect the data on him or her that is stored in the register, as well as to demand that any incorrect data be corrected and that any data on him or her be deleted from the register. Any such requests must be submitted in writing personally to Technopolis’ reception service or to firstname.lastname@example.org.
The data subject has the right to deny the controller access to data about the subject for the purposes of direct advertising, market research, opinion polling or related profiling. Such a prohibition may be provided at any time to email@example.com or, for example, by opting out of the mailing list in the manner instructed in the marketing messages themselves.
In accordance with the General Data Protection Regulation, the data subject has the right to object or request restriction of processing of the subject’s data, and to file a complaint against the processing of their personal data to the relevant supervisory authority.