CSC customer register privacy notice

Updated 26.4.2019

1. Registrar 

CSC - Finnish IT Сentre for Science Ltd
P.O. Box 405 (Keilaranta 14)
FI-02101 Espoo
tel. 09 457 2821 (operator)

(hereinafter referred to as "we" or "CSC")

2. Contact person for register-related matters

CSC Service Desk
tel. 09 457 2821 (operator)


Data Protection Officer Sanna Vartia

3. Name of register

CSC customer register

4. What are the purposes and lawful bases for processing personal data

Data processing is based on our legitimate interests, or on the performance of a contract.

We process your data to:

  • produce and develop our products and services
  • fulfil our contractual commitments and obligations
  • manage our customer relationships
  • administrate the contact details of stakeholder networks
  • organise events
  • analyse the customer's or other data subject's use of services
  • create statistics and reports to meet the needs of the owners, customers and funders
  • carry out direct marketing, opinion polls, and market surveys
  • target content for the online services of both our company and other organisations
  • comply with statutory obligations.

5. What data do we process?

The register consists of following data:

  • data subject's basic details, such as name*, customer number, unique identifier, password, gender and language of communication;
  • data subject's contact details, such as email address*, telephone number* and physical address*;
  • professional and research-related information for users of Services for Research, such as home organisation*, department or institution, job title, scientific field*, nationality* and level of education*;
  • information regarding use of Services for Research, such as data subject's project memberships, resource applications and use of resources;
  • any direct marketing blocks or approvals
  • participant data for events and any event-related data, such as dietary restrictions
  • contact person data related to customer relationships, organisations and contracts, such as business IDs and the names and contact details of contact persons, information on previous and current contracts and orders, and other data from customer interactions
  • service use data generated by technical systems, such as logs, online identifiers and
  • any other data collected with specific agreement from the data subject.

The personal data marked with an asterisk is required for establishing a contract or customer relationship with us. We may collect only some of the data, depending on what is necessary for service provision, and for improving service quality and user experience.

6. Where do we get your data from?

Your data is acquired primarily from:

  • you
  • your organization
  • service use

We may collect and update your personal data from publicly available sources only for the purposes described in this privacy policy.

7. Where do we transfer your data?

We may transfer personal data to the Ministry of Education and Culture, Finnish institutions of higher education, and research funders for:

  • statistical and reporting purposes
  • fulfilling our contractual commitments and obligations

We may transfer your data outside of the EU/EEA only in connection with services provided by third-parties, for example to comply with software license agreements.

We ensure that our partners have committed to comply with privacy laws and regulations.

8. How do we protect your data and how long do we store it for?

Systems containing personal data can be accessed only by designated employees with their own access credentials. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities

Storage times of personal data vary, depending on the purpose of their collection.

We regularly assess the need for storing data, taking into account the applicable legislation. We also take reasonable measures to ensure that the personal data is not contradictory to the data processing purposes, out of date or inaccurate. Where such data is identified, it is either corrected or destroyed without delay.

9. What are your rights as a data subject?

You have the right to review your data, and demand rectification or erasure of inaccurate or false information.

You can withdraw any consent you've given, and prohibit the use of your data for direct marketing.

We will present a document assessing our legitimate interests to process your data on request. You can also request us to stop processing your data while you review the document.

You have the right to complain to the Data Protection Ombudsman.

10. Who should I contact?

All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2).

11. Changes to privacy policy

Material changes to this document will be displayed with dates. If the changes are significant, we may inform you about them by email or by publishing a notification on our website.