Privacy policy - Simulationstore database

This description is based on EU General Data Protection Regulation (679/2016) and Personal data act (523/1999)

Date of drafting: 22 January 2019

1. Controller

 

Name

VTT Technical Research Centre of Finland Ltd (Business ID 2647375-4)

Contact information

P.O. Box 1000, FI-02014 VTT, Finland

Tel +358 20 722 111

2. Contact person

Name

Pasi Laakso

Contact information

VTT, P.O. Box 1000, FI-02014 VTT, Finland

pasi.laakso@vtt.fi

Tel. 020 722 5776

3. Data protection officer

Name

Seppo Viinikainen

Contact information

VTT, P.O. Box 1000, FI-40400 Jyväskylä, Finland

tietosuoja@vtt.fi or seppo.viinikainen@vtt.fi

Tel. 020 722 2642

4. Name of the register

SimulationStore user database

5. The purpose for
processing the personal
data 

Main purpose of SimulationStore is to provide customers tools to manage their software licenses, download installation packages and License key files. Personal data is stored verify that the user is eligible to use the services of SimulationStore, for customer relations management and marketing the products of VTT. Marketing is implemented in the form of emails (e.g. news letters) and phone calls.

The legal justification for storing the data is either direct contract relation between VTT and the customer or because of customer requesting SimulationStore services.

Storing personal data is necessary to give SimulationStore services and to form a contract relationship between the data subject and the controller.

6. User information and user groups 

From all data subjects following information is stored:

1. Email address

2. Company (if applicable)

3. Title

4. First name

5. Second name

6. Date of registration and last activity

7. User name for the SimulationStore

8. Address

9. Time zone

10. Computer Machine IDs

11. Information about the software licenses

Handled user groups are either SimulationStore users or users registred to SimulationStore.  

7. User data source

User information is given by the user during the registration. The date of registration and last activity information are collected automatically.

8. Regular destinations of
disclosed data and whether
the data is transferred to
countries outside the
the European Union or
the European Economic
Area

VTT can disclose Personal data to 3rd parties, if this is nescessary because of technical reasons related to service or legistlation demands disclosure.

More specifically data will be transferred to these 3rd parties:

  • Fortum Oyj - Personal data of Apros simulation software users. Apros is co-owned with Fortum Oyj.
  • Semantum Oy - Personal data of Sulca users. Sulca is developed and maintained by Semantum

Personal data is disclosed with proper arrangements following the data protection regulation and applicable other legistlation.

Personal data could be disclosed outside of EU- and ETA-region, if that is nescessary because of the technical implementation of the service. In these cases the data protection regulation is followed. Owner of the register could use e.g. model contract clausules accepted by competent autority to be used for international data transfer.

9. Automatic desicion making, especially profiling

Information stored in the SimulationStore shall not be used for profiling or automated desicion making.

 

10. The principles how the data file/register is secured

 

Data is stored to Simulationsite named server located in to the internet. It has a limited number of Administrators that have access to all the data stored and are commited to keep the data secure. Personal data is stored to mysql database and User management is done using Drupal user management system. User roles are Administrator, Application manager, Customer administrator and regular user. Administrators have access to all information, Application managers have access to personal data related to the users of particular application (e.g. Apros, Balas and Sulca are applications). Customer administrators can see the personal data of the regular users and other customer administrators that belong to the Customer group they are administrating. Regular users can see partial information of the other Regular users in the same customer group.

No manual register is related to the Simulation store.

11. Time limit of storing personal data

Information shall be removed or anonymized from the system after 5 years of inactivity in the usage of Simulation store services, if there are no legal basis to continue storing the data.

12. Rights of the data subjects

Data subjects have following rights. These could limited or there could be excpetions based on the Data Protection Regulation.

Access to personal data - Data subjects have the right to recive confirmation from the controller whether or not the controller is processing personal data that concerns them. Upon request the controller shall provide copy of personal data being processed and data defined in the Data Protection Regulation concerning the handling of personal data.

Ask rectification of personal data - Data subject has right to get faulty, inaccurate or lacking information rectified without unnescessary delay.

Ask for personal data removal - Data subject has right to get his information removed without unnescessary delays in case the Data Protection Regulation conditions are met.

Limit handling of personal data - Data subject has right to limit handling of personal data in case the Data Protection Regulation conditions are met.

Request transfer personal data between systems - Data subject has right to ask personal data that he has given to the controller and right to transfer this information to other controller from those parts that are based on contract relationship and handling is done automatically.

File a complaint to supervising authority - Data subject has righ to compla to supervisign authority, if he feels that his  rights based on Data Protection Regulation has been violated.

Data subject can fulfill these right via contacting to the contact person of  the controller mentioned in the item 2, preferably via email using the email address used to register the data to the database. The controller has rights to ask further information to verify the identity of the data subject.

OFFICE OF THE DATA PROTECTION OMBUDSMAN MODEL FORM 25 November 2004
Tel: +358 10 36 66700

Tel: +358 10 36 16670 (information service 9 a.m. to 3 p.m.) Fax: +358 10 36 66735 www.tietosuoja.fi

[Unofficial translation]