Privacy notice for VTT LaunchPad partner and network registry

VTT LaunchPad partner and network registry.

VTT Technical Research Centre of Finland Ltd (“VTT”), business ID: 2647375-4, Tekniikantie 21, 02150 Espoo

Address: VTT Technical Research Centre of Finland Ltd., Register Office, P.O. Box 1000, FI-02044 VTT, Finland 
E-mail: [email protected] (DPO, data security and their substitutes)

Contact details of the contact person:
Name: Laura Lappalainen
E-mail: [email protected]
 

The personal data to be processed are: 

• VTT LaunchPad investor newsletter: email address
• VTT LaunchPad entrepreneur and mentor network: name, email address, phone number, home town, company name, LinkedIn profile link, and the experience, expertise, aspirations and goals described by the person.

The purpose of the processing of personal data: purpose of the investor newsletter is to spread information about VTT LaunchPad to interested people. 

The purpose of the entrepreneur and mentor network is to find and possibly recruit people interested in VTT LaunchPad activities to develop spin-off companies, for example in the role of a mentor or EIR.

Legal basis for the processing of personal data¹:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(b) of the GDPR)

¹ GDPR Article 6 and Section 4 of the Data Protection Act.

Personal data are obtained from the data subject.

VTT may from time to time change the service providers used in the processing of personal data, for example in connection with public procurement. These will be notified by updating the privacy notice.

Yes. VTT uses Microsoft services, such as Teams and other O365 applications. Microsoft reserves the right to transfer certain data considered as personal data in specific situations, for example, to resolve technical issues. You can review Microsoft’s up-to-date service description here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

The basis for data transfer is Microsoft’s participation in the EU-U.S. Data Privacy Framework.

The investor newsletter data is processed for a maximum of 2 years from the end of the newsletter or when the subject has asked to unsubscribe from the newsletter. After that, the data will then be removed.

Entrepreneur and mentor network data is processed for a maximum of 3 years after enrolment in the network. After this period, the data will be deleted.

Protection of personal data processed in an information system:

• User ID
• Password
• Multi-factor authentication (MFA)
• Access control (IP addresses)
• Logging
   

Protection of personal data in data transfer:

• Data transmission encryption

The data subject has the following rights, however, which may be derogated from and/or restricted in accordance with applicable legislation. Please note that in case the controller cannot identify the data subject, certain rights of the data subjects may not apply, unless the data subject provides additional information enabling his or her identification.² Restriction and deviation are verified on a case-by-case basis.

The data subject may exercise the above rights by contacting the controller using the contact details specified in item 2, preferably by e-mail.

• right of access
• right to rectification
• right to erasure (so-called “right to be forgotten”)
• right to restrict the processing
• right to data portability
• right to not be subject to automated decision-making
• right to lodge a complaint with a supervisory authority

Further information on the data subject’s rights:

The data subject’s right to access data

The data subject has the right to obtain confirmation from the controller as to whether personal data concerning them are processed. In addition, the data subject has the right to access his or hers personal data and information on the processing of personal data.

Right to rectification

The data subject has the right to have inaccurate and incorrect personal data concerning the data subject rectified and incomplete personal data completed without undue delay.

Right to erasure, so-called “right to be forgotten”

The data subject has the right to have the controller erase personal data concerning the data subject without undue delay.

Right to restriction of processing

In certain situations, the data subject has the right to demand that the controller restrict the processing.

Right to object to the processing

In certain situations, the data subject has the right to object to the processing of personal data concerning them.

Right to portability

The data subject has the right to receive personal data concerning them that they have provided to the controller and the right to transmit those data to another controller in so far as the processing is based on consent or contract and the processing is carried out automatically.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with supervisory authorities if the data subject considers that their rights have been violated in the light of the EU General Data Protection Regulation. Contact details of Finnish Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information 

² Article 11 of the GDPR.