Privacy Policy
This is the Technology Cluster’s privacy policy and data protection statement, prepared in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Updated on June 1, 2023.
1. Data Controller
Technology Cluster
2. Contact person responsible for the registry
Janne Rauhala
050 573 8776
janne.rauhala@teknologiaklusteri.fi
3. Name of the registry
The Technology Cluster’s Customer and Stakeholder Registry.
4. Legal basis and purpose of processing personal data
Personal data is processed on the basis of a contractual customer relationship, the customer’s consent, a contract, another legitimate basis, or the data subject’s consent.
The data subject’s personal data is processed for the purposes of managing, maintaining, developing, analyzing, and compiling statistics on the Technology Cluster’s customer relationships, as well as for the production, provision, and development of our company’s services.
Personal data is also processed to comply with retention, reporting, and inquiry obligations established by law and in accordance with regulations and guidelines issued by public authorities.
The data will not be used for automated decision-making or profiling.
5. Data Content of the Registry
The information to be recorded in the register includes:
name, position, company/organization, contact information (phone number, email address, mailing address), website addresses, IP address, social media usernames/profiles, information about services subscribed to, and
changes to them, billing information, and other information related to the customer relationship and the services ordered.
6. Standard sources of information
The data stored in the registry is obtained from the customer through, for example, messages sent via web forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer provides their information. Personal data may also be collected from public sources for marketing purposes.
7. Regular disclosure of data and data transfers within the EU
Data will not be disclosed to any third parties other than those acting on behalf of the Technology Cluster or involved in the provision of services. Such third parties include, for example, accounting firms, subcontractors of our teams involved in service provision, service providers, content producers, and the system used to send the newsletter. Data may be published to the extent agreed upon with the customer.
Data is not transferred outside the EU or the EEA. We have ensured that all of our service providers comply with data protection laws.
8. Principles of Data Protection
The register is managed with due care, and data processed using information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is ensured as appropriate. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, is handled confidentially and only by those employees whose job description includes such duties.
Physical records are stored in locked facilities. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, are handled confidentially and only by employees whose job descriptions include such responsibilities.
9. Right of access and right to request correction of data
Every person listed in the registry has the right to review the information stored about them in the registry and to request that any incorrect information be corrected or that any missing information be added
correction. If a person wishes to review the data stored about them or request a correction, the request must be submitted in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the customer within the timeframe specified in the EU General Data Protection Regulation (generally within one month).
Data subjects have the following rights; requests to exercise these rights should be sent to janne.rauhala@teknologiaklusteri.fi.
Right of inspection
The data subject may review the personal data we have stored.
Right to rectification.
A data subject may request that inaccurate or incomplete information concerning them be corrected.
Right to object
A data subject may object to the processing of their personal data if they believe that such data has been processed unlawfully.
Ban on Direct Marketing
The data subject has the right to object to the use of their data for direct marketing purposes.
Right of removal
The data subject has the right to request the erasure of their data if the processing of such data is not necessary. We will process the erasure request, after which we will either erase the data or provide a valid reason why the data cannot be erased.
It should be noted that the data controller may have a statutory or other right not to delete the requested data. The data controller is obligated to retain accounting records for the period specified in the Accounting Act (Chapter 2, Section 10) (10 years). For this reason, accounting-related records cannot be deleted before the expiration of this period.
Withdrawal of Consent
If the processing of a data subject’s personal data is based solely on consent—and not, for example, on a customer relationship or membership—the data subject may withdraw that consent.
The data subject may appeal the decision to the Data Protection Ombudsman
The data subject has the right to request that we restrict the processing of disputed data until the matter is resolved.
Right to Appeal
The data subject has the right to file a complaint with the Data Protection Ombudsman if they believe that we are violating applicable data protection laws in our processing of personal data.
Contact information for the Data Protection Ombudsman: www.tietosuoja.fi/fi/index/yhteystiedot.html
10. Other rights related to the processing of personal data
A data subject has the right to request that their personal data be erased from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be submitted in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the customer within the timeframe specified in the EU General Data Protection Regulation (generally within one month).
11. Cookies
This website uses cookies and other similar technologies, such as browser local storage. Cookies are small text files exchanged between your device’s browser and the server. Cookies and other identifiers have a specified expiration time, after which the browser deletes the identifier. We use these technologies for website usage analytics. You can opt out of all cookies except those necessary for the site’s operation using the cookie management tool available on the site.
12. Changes to the Privacy Policy
Due to developments in our services and changes in legislation, we reserve the right to amend this Privacy Policy. Registered customers will be notified of any significant changes to the Privacy Policy when the terms and conditions are updated.
