1. Registrar

CSC – Finnish IT Сenter for Science Ltd
P.O. Box 405 (Keilaranta 14)
FI-02101 Espoo
tel. +358 9 457 2821 (operator)
servicedesk@csc.fi

Business ID: 0920632-0

www.csc.fi

(hereinafter referred to as "we" or "CSC")

2. Contact person for register-related matters

Minna Lappalainen
tel. +358 9 457 2821 (exchange)
servicedesk(at)csc.fi

Data Protection Officer Marita Pajulahti
privacy(at)csc.fi

3. Name of register

CSC stakeholder register

4. What are the purposes and lawful bases for processing personal data?

Data processing is based on our legitimate interests, or on the performance of a contract.

We process your data to:

• produce and develop our products and services
• fulfil our contractual commitments and obligations
• manage our customer relationships
• administrate the contact details of stakeholder networks
• organise events
• analyse the customer's or other data subject's use of services 
• create statistics and reports to meet the needs of the owners, customers and funders
• carry out direct marketing, opinion polls, and market surveys
• target content at stakeholders on the company's electronic channels.

5. What data do we process?

The register consists of following data:

• data subject's basic details such as name*, unique identifier;
• data subject's contact details such as email address*, telephone number* and physical address*;
• professional and research-related information about users of CSC's services such as home organisation*, department or institution, job title, scientific field*, nationality* and the data subject's role as a member of his/her organisation*;
• information about the data subject as a CSC customer or other stakeholder such as the represented stakeholder, stakeholder history, and information related to billing and collection;
• any direct marketing blocks or approvals
• participant data for events and customer trainings and any event-related data such as dietary restrictions
• contact person data related to customer relationships, organisations and contracts, such as business IDs and the names and contact details of contact persons; information on previous and current contracts and orders; and other data on customer interactions
• service use data generated by technical systems such as log data, online identifier data, source address of network traffic, website use, session duration, IP address and customer information derived from these data, detailed analyses of the data, and

The personal data marked with an asterisk is required for establishing a contract or customer relationship with us. We may collect only some of the data, depending on what is necessary for service provision, and for improving service quality and user experience.

6. Where do we get your data from?

Your data is acquired primarily from:

• you
• your organisation
• service use

We may collect and update your personal data from publicly available sources only for the purposes described in this privacy policy.

7. Where do we transfer your data?

We may transfer your data outside of the EU/EEA only in connection with services provided by third-parties, for example to comply with software license agreements.

We ensure that our partners have committed to comply with privacy laws and regulations.

8. How do we protect the data and how long do we hold it for?

Systems containing personal data can be accessed only by designated employees with their own access credentials. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities

Storage times of personal data vary, depending on the purpose of their collection.

We regularly assess the need for storing data, taking into account the applicable legislation. We also take reasonable measures to ensure that the personal data is not contradictory to the data processing purposes, out of date or inaccurate. Where such data is identified, it is either corrected or destroyed without delay.

9. What are your rights as a data subject?

You have the right to review your data, and demand rectification or erasure of inaccurate or false information.

You can withdraw any consent you've given, and prohibit the use of your data for direct marketing.

We will present a document assessing our legitimate interests to process your data on request. You can also request us to stop processing your data while you review the document.

You have the right to complain to the Data Protection Ombudsman.

10. Who should I contact?

All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2).

11. Changes to privacy policy

Material changes to this document will be displayed with dates. If the changes are significant, we may inform you about them by email or by publishing a notification on our website.