Photonics Center webpage privacy policy
22.2.2021

1. Controller

This privacy policy statement applies to Photonics Center which controller is Business Joensuu Oy, y-tunnus: 2921270-1 Länsikatu 15, 80110 JOENSUU puh: 010 419 8000

2. Contact details in matters regarding the register

For more information regarding the processing of personal data, please contact turvallisuus@businessjoensuu.fi

3. Legal basis for and purpose of processing personal data

We process personal data so that we can perform our statutory project and contract-related obligations. A description that complies with the EU’s General Data Protection Regulation has been drawn up on the means for processing personal data stored in all our registers. The processing of personal data is based on the consent of the data subject, an agreement and/or compliance with a legal obligation to which the controller is subject. Purposes for using personal data: Project management The collection of personal data is based on the law or legislative decrees.

4. Information content of the register and groups of data subjects

Information is collected from current and potential customers, cooperative partners, stakeholders and personnel. The following information may be saved on data subjects:

• personal and contact details: first name, last name, company, address, telephone, e-mail address
• information relating to cooperation, such as information on functions, procedures and events
• information relating to the use of electronic services, such as downloaded pages, browser, operating system, point of time.

5. Regular data sources

We mainly collect personal data from users themselves and from our customer companies, for example, when granting access codes, when a data subject uses our services, when signing up for events or later on during customer relationships. Utilisation of cookies and other similar technologies

We use services provided by third parties on our website to develop our services, improve the web-site’s user experience and for targeting marketing.

Personal data may be collected and updated, for instance, from publicly available or commercial administration or company registers, credit agencies or other reliable partners.

6. Regular data transfer and data transfer outside the EU or EEA

Personal data may be released to third parties under the legislation in force. Information can be disclosed, for instance, in accordance with special legislation and decrees that steer structural funds and EU projects, such as the Government Decree on the eligibility for support of costs part-financed by a structural fund. The controller uses external subcontractors for the tasks mentioned in this policy, in which case the service providers act under the authority of the controller.

The subcontractors, i.e. recipients of personal data, include marketing and communications agencies, events organisers, suppliers of information systems, as well as cooperative partners providing property services. A processing agreement of personal data has been drafted with the ser-vice providers.

7. Register protection principles

Only persons authorised by their work are allowed to process information in the register. The employees have been trained in the processing of confidential information, and they are subject to the obligation of professional confidentiality. Each user has a personal user name and password. The information will be stored electronically, in locked premises, and protected by fire walls and other technical means. Backup copies of databases are made automatically.

8. Automated decision-making, such as profiling

Personal data is not used for the purposes of automated decision-making or profiling

9. Storage period of personal data

Customers’ personal data will be stored for as long as the customer relationship requires, or until the data subject re-quests the controller to erase the data. Personal data related to projects is stored while the project continues, and thereafter in accordance with the law on project activities.

Personal data related to an employment relationship are stored in accordance with relevant legislation.

Personal data related to marketing is stored until the customer requests that their information be re-moved from the register.

Information collected by surveillance cameras is stored for as long as is necessary for the implementation of surveillance purposes.

10. Data subject’s rights

The data subject has the right: – to inspect his/her own personal data

• to request that his/her information be corrected or deleted
• to limit or oppose the processing of his/her own personal data
• to request that his/her personal data is transferred from one system to another/from one data controller to another
• to withdraw the permission he/she has provided, if the processing of personal data is based on permission from the data subject
• to submit a complaint to the Office of the Data Protection Ombudsman, if the data subject believes that his/her personal data has been processed in a manner that