DATA PROTECTION DESCRIPTION

Data protection description 

 

In accordance with EU General Data Protection Regulation (2016/679, “GDPR”) and applicable national legislation (including Finnish Data Protection Act 1050/2018).

1.    Description of the register

 

Synbio Powerhouse Ecosystem Forum is a forum managed by VTT Technical Research Centre of Finland Ltd (“Synbio Powerhouse”). Synbio Powerhouse is an operator of the synthetic biology innovation ecosystem in Finland and beyond. The ecosystem consists of scientists and students from a broad variety of disciplines (like life science, ICT, data science, ethics), entrepreneurs, innovators, representatives of big companies in various industries, investors, decision-makers, citizens, municipalities, countries that share interest and passion for applying synthetic biology to build a more sustainable and better world.  

 

Synbio Powerhouse provides the ecosystem opportunities for partnering, matchmaking, education, mentoring, collaboration and co-creation. Synbio Powerhouse helps to transform good ideas into business cases and integrate them with the selected ecosystems in the main markets. Synbio Powerhouse is also the communication channel of the field. Furthermore, it offers Synbio Powerhouse membership with the benefits of joint-projects and partial funding, innovations, joint marketing and visibility efforts.

 

2.    Controller, data protection officer and contact person

 

Name: VTT Technical Research Centre of Finland Ltd. (”VTT”), Business ID: 2647375-4 

Address: Vuorimiehentie 3, 02150 Espoo, Finland

 

Data protection officer (DPO) of VTT:

Name:  Seppo Viinikainen

Address: VTT Technical Research Centre of Finland Ltd., Koivurannantie 1, 40400 Jyväskylä, Finland

E-mail: Seppo.Viinikainen@vtt.fi(DPO) or dataprotection@vtt.fi(DPO, data security, HR manager and legal counsel)

Contact person:

Name: Tuula Palmén

Address: VTT Technical Research Centre of Finland Ltd., Tietotie 2, PL 1000, FI-02044 VTT, Finland

E-mail: tuula.palmen@vtt.fi

3.    Personal data and data subject categories

 

Main categories of personal data: full name, title, organization, organization classification (like research, municipality, state etc.), contact information (address, email address, phone number), information required to target relevant marketing, communication, partnering, educational and collaborative actions (such as field of interest), event management information, idea competitions, newsletter registrations, resource sharing and service utilization information, team, membership, follower information. Images and videos of the participants may be recorded e.g. during the competitions and other events.

 

Main categories of data subjects: Synbio Powerhouse interest groups, collaborators and partners.

4.    Purpose and legal basis of processing 

 

The personal data is processed for the purposes of VTT and/or Synbio Powerhouse, namely: marketing and communication (including newsletter), webinar and event management, partnering, matchmaking, collaboration facilitation, management of competitions and challenges/solutions, finding of Synbio Powerhouse members and followers.

 

Legal basis of processing[1]

☒Legitimate interests pursued by the Controller or by a third party 

legitimate interest concerned: Right to conduct relevant and justified marketing and communication targeted to identified interest groups of Synbio Powerhouse

☒Contractual relationship based on approval of the competition rules

 

5.    Data sources 

 

Personal data is collected from the data subjects and public sources. The personal data may be received also from Synbio Powerhouse interest groups, members and services providers. 

 

6.    Recipients or categories of recipients 

 

Personal data may be provided to the Controller’s services providers, such as:

  • Prinnox Oy (Business ID: 1583890-6), the expert service provider, developing the IT platform.

  • Linkier (Business ID: 2626986-8) the expert service provider in marketing and communication.

  • Financiers of Synbio Powerhouse: Sitra and the ministry of economy and the employment

  • Future members and followers of Synbio Powerhouse Ecosystem

Broad use of the Synbio Powerhouse services may require use of the platforms of third parties. In  such cases Synbio Powerhouse asks for the data object to registrate in such systems. Synbio Powerhouse demand from third parties to comply with the GDPR regulations.

 

Synbio Powerhouse has the register of such third party platforms:

GDPR/Privacy information​​

https://www.nokia.com/privacy

https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/accountability-documentation

 

                         

7. Transfers outside the European Union or the European Economic Area 

 

Personal data is NOT transferred outside the European Union or the European Economic Area

 

8. Retention period of personal data 

 

Personal data is processed as long as necessary and a valid legal basis for said processing is in force. 

 

9. Protection principles

 

The main way is to use personal data in the digital form. Even ever the data is printed (handled manually), the data is kept only as short time as possible in the printed form. After this, the printed data will be stored in the locked containers and destroyed with the normal practice for confidential data.
 

Personal data processed in data systems is protected with:

  • user name

  • password

  • multi-factor authentication (MFA)

  • user monitoring (log)  

  • access control

 

 

Encryption method of data transmission:

  • in transmission: Traffic is always encrypted with https

 

The registrated members can see the other members registrated as users or/and members of the service(s). The name of the member or user may become public in emailings, shared projects or events. To avoid confusion Synbio Powerhouse will keep a register with the basic data of each data object such as:

  • name

  • email

  • organization classification (research organization, company,… etc.)

  • optional link to the profile information sustained by the data object. 

 

10. Rights of the data subjects

 

The data subjects have the following rights, depending on the legal basis of the processing. The legal rights may be exempted from or not applied in some cases as set forth in applicable legislation. Exemptions and restrictions are subject to case-by-case assessment. 

The data subject can exercise these rights by contacting Controller with information set forth in section 2, preferably by email.

 

Right to withdraw consent 

The data subjects have the right to withdraw their consent on which the processing is based on. This shall not affect the lawfulness of processing based on consent before its withdrawal. 

 

Right of access  

The data subjects have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her is being processed and access to his or her personal data and information concerning the processing of his or her personal data.

 

Right to rectification  

The data subjects have the right to obtain from the Controller rectification of inaccurate personal data concerning him or her. The data subjects have the right to have incomplete personal data completed.

 

Right to erasure

The data subjects have the right to obtain from the Controller the erasure of personal data concerning data subject.

 

Right to restriction of processing  

The data subjects have the right to obtain from the Controller restriction of processing.

 

Right to object

The data subjects have the right to object to processing of personal data concerning him or her.

 

Right to data portability  

The data subjects have the right to receive the personal data concerning him or her, which the data subject has provided to the Controller and have the right to transmit those data to another controller.

 

Right to lodge a complaint with a supervisory authority

The data subjects have a right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data breaches the data subject’s rights pursuant to applicable law. In Finland: Finnish Data Protection Ombudsman, Ratapihantie 9, 00520 Helsinki, P.O. Box 800, 00521 Helsinki, Finland, tietosuoja@om.fi

 

 

[1]GDPR Art. 6 and Finnish Data Protection Act 4 §.

Address:

Synbio Powerhouse

Tietotie 2, 02150 Espoo

Finland

info(a)synbio.fi

Contacts:

Principal scientist

merja.penttila(a)vtt.fi

Media and Communications

nina.pulkkis(a)synbio.fi

Co-Creation manager

tuula.palmen(a)vtt.fi

©2019 BY SYNBIO POWERHOUSE