privacy policy

This Privacy Policy provides relevant information concerning the collection and processing of your personal data in accordance with the EU General Data Protection Regulation 2016/679 (GDPR). This Website collects some Personal Data from its Users. You may print this document for any reference related to HELIOS project by using the print command in the settings of any browser.

Contents

  1. Data Controller
  2. The purposes of processing Personal Data
  3. Detailed information on the processing of Personal Data
  4. Types of Data collected
  5. The rights of Users
  6. Additional Information

1  Data Controller

The Data controller is the person responsible for the purpose and means of processing your personal data. If after reading this policy you still have doubts, you can contact him under:

VTT Technical Research Centre of Finland Ltd
P.O. Box 1000, FI-02044 VTT, Finland

Contact email: ville.ollikainen@vtt.fi

The purposes of processing Personal Data

We collect personal data to provide you with information about the EU Horizon2020 HELIOS research project, and to comply with legal obligations, which may include but are not limited to enforcement requests, detect any malicious or fraudulent activity, and protect rights and interests of users or third parties.

We also need your personal data for interaction with data collection platforms and other third parties to perform analytics, display content from external platforms and tag management. Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing you with our service, in addition to any other purposes described in the present document and in the Cookie Policy.

For specific information about the processing of Personal Data, you may read the following legal grounds for processing Personal Data and Additional information concerning data collection and processing.

2.1  Legal grounds for processing your Personal Data

We process your Personal Data under these grounds:

  • Consent for one or more specific purposes.
  • Legitimate interest: Processing is necessary for the purposes described above and developed by the Data Controller or by an authorised third party.

In any case, the Data Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is legally required.

2.2  Additional information about your Personal Data

In addition to the information contained in this privacy policy, this Website may provide you with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying you on this page and possibly within this Website and/or – as far as technically and legally feasible – sending a notice via any contact information available to the Data Controller. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

If changes affect processing activities performed on the basis of your consent, the Data Controller shall collect new consent from you, where required.

Legal action

Your Personal Data may be used by the Data Controller for legal purposes if required by Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services. You are aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.

2.3  Security of processing

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

In addition to the Data Controller, in some cases, the Data may be accessible to persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from the Data Controller at any time. More information below in Additional Information.

3  Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Analytics
  • Displaying content from external platforms
  • Interaction with data collection platforms and other third parties
  • Tag Management

Types of Data collected

Among others, the personal data we collect or acquire through third parties are the following:

  • Name
  • E-mail address
  • Cookies
  • Usage Data

By actively and freely affirming the use of our services, you consent to provide us with your Personal Data. In cases where this Website specifically states that some Data is not mandatory, you are free not to communicate this Data to us without consequences to the availability or the functioning of the Service.

In the case of Usage Data, the Personal Data will be collected automatically when using this Website. Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. If you have doubts about which Personal Data is mandatory, feel welcome to contact the Data Controller.

You are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Data Controller.

Information about Cookies

This website uses cookies that store and retrieve information when you browse.

  • What are cookies? Cookies are small pieces of information stored in and memorised by your device, providing us with information about you whenever you use our service.
  • Why do we use cookies? We use cookies to recognize you as a user, obtain information about your browsing habits, or customize the way content is displayed. Our specific uses of these technologies are described below.
  • What types of cookies do we use?
    • Own cookies: Cookies sent to the terminal device of the user from a device or domain managed by the service provider.
    • Preferences or personalised cookies: Cookies recording personal information or preferences allowing the system to detect characteristics differentiating one user form another. For instance, language, browser or location.
    • Third-party cookies: Cookies sent to the terminal device of the user from a device or domain not managed by the service provider, but by a third party which processes the data obtained from the cookies. We are not responsible for the cookies third parties may transfer to other parties.
    • Analytical cookies: Cookies tracing and analysing the behaviour of the user in the linked webpage or content shared. Get to know the third parties:
  • Accepting, denying, withdrawing consent or eliminating cookies: You can allow or block the cookies, as well as delete your navigation data (including cookies) from the browser you use. See the options and instructions your browser offers to do so. Please note that if you accept third party cookies and you want to delete them, you will have to remove them from your own browser.
  • Cookies duration of retention: Information provided through cookies will be deleted at the end of the HELIOS project.

The rights of Users

You may exercise certain rights regarding the Data processed by the Data Controller and complying with Article 15 to 22 GDPR. In particular, you have the right to do the following:

  • Withdraw your consent at any time. You have the right to withdraw consent where previously given for the processing of your Personal Data.
  • Object to processing of your Data. You have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access your Data. You have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. You have the right to verify the accuracy of your Data and ask for it to be updated or corrected.
  • Restrict the processing of your Data. You have the right, under certain circumstances, to restrict the processing of your Data. In this case, the Data Controller will not process your Data for any purpose other than storing it.
  • Have your Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your Data from the Data Controller.
  • Receive your Data and have it transferred to another controller. You have the right to receive your Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on your consent.
  • Request not to be subjected to automated processing or decision-making, including profiling. You have the right not to have personal aspects under evaluation that include making statistical deductions to predict your behaviours as a data subject.
  • Lodge a complaint. You have the right to bring a claim before the competent data protection authority of your country. https://edpb.europa.eu/about-edpb/board/members_en

 5.1  Details about the right to object to processing

If your Personal Data is processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether the Data Controller is processing Personal Data for direct marketing purposes, you may refer to the sections related to The purposes of processing Personal Data.

 5.2  How to exercise these rights

Any requests to exercise your rights can be directed to the Data Controller through the contact details provided in this document. You can exercise a request free of charge and the Data Controller will contact you as soon as possible and always within one month, unless properly justified.

6  Additional Information

 6.1  Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Personal Data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legal ground for processing pursued by the Data Controller or by contacting the Data Controller.

Your Personal Data may be retained for a longer period if you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires Personal Data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

6.2  Access to personal data

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located.

If any Data Transfer takes place, it may involve transferring your Personal Data to a country other than your own but under the same protection measures granted by the GDPR or the Privacy Shield Framework.

6.3  Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. In case of doubts, do not hesitate to contact us. Please see the contact information at the beginning of this document.