Compiled: 01/01/2019 Latest changes: 16/01/2019

1. Controller Business Joensuu Oy, business ID: FI29212701, Länsikatu 15, 80110 JOENSUU, Finland, tel: +358 10 419 8000
2. Contact details in matters regard-ing the register In matters regarding the processing of personal data, please contact turvallisuus@businessjoensuu.fi The security organisation of Business Joensuu is responsi-ble for all matters related to the General Data Protection Regulation and the updating of this document. We reserve the right to change the privacy practices described herein and to update these terms accordingly.
3. Legal basis for and purpose of pro-cessing personal data We process personal data so that we can perform our stat-utory project and contract-related obligations. A description that complies with the EU’s General Data Protection Regulation has been drawn up on the means for processing personal data stored in all our registers. The processing of personal data is based on the consent of the data subject, an agreement and/or compliance with a legal obligation to which the controller is subject. Purposes for using personal data: Project management The collection of personal data is based on the law or legislative decrees.

  • Camera surveillance
    • The premises of Joensuu Science Park owned by Business Finland are monitored by cam-eras, which save information on the users and operations at the premises. Camera sur-veillance is used to protect the customers’ property, ensure smooth functioning of our premises, and to prevent and solve crimes.
4. Information content of the register and groups of data subjects Information is collected from current and potential custom-ers, cooperative partners, stakeholders and personnel. The following information may be saved on data subjects:

  • personal and contact details: first name, last name, company, address, telephone, e-mail address
  • information relating to cooperation, such as infor-mation on functions, procedures and events
  • information relating to the use of electronic ser-vices, such as downloaded pages, browser, operat-ing system, point of time.
5. Regular data sources We mainly collect personal data from users themselves and from our customer companies, for example, when granting access codes, when a data subject uses our services, when signing up for events or later on during customer relation-ships. Utilisation of cookies and other similar technologies

  • We use services provided by third parties on our website to develop our services, improve the web-site’s user experience and for targeting marketing.

Personal data may be collected and updated, for instance, from publicly available or commercial administration or company registers, credit agencies or other reliable part-ners.

The premises of Joensuu Science Park owned by Business Finland are monitored by cameras, which save information on the users and operations at the premises. We use camera surveillance to protect the customers’ property, to en-sure smooth functioning of our premises, and to prevent and solve crimes.

6. Regular data transfer and data transfer outside the EU or EEA Personal data may be released to third parties under the legislation in force. Information can be disclosed, for in-stance, in accordance with special legislation and decrees that steer structural funds and EU projects, such as the Government Decree on the eligibility for support of costs part-financed by a structural fund. The controller uses external subcontractors for the tasks mentioned in this policy, in which case the service provid-ers act under the authority of the controller.

The subcontractors, i.e. recipients of personal data, include marketing and communications agencies, events organis-ers, suppliers of information systems, as well as coopera-tive partners providing property services. A processing agreement of personal data has been drafted with the ser-vice providers.

Videos saved by the surveillance camera may be released to officials.

Business Joensuu Oy’s projects are carried out with part-ners based outside the EU and the European Economic Area. Personal data is disclosed on a case by case basis and with a separate permission from the user.

7. Register protection principles Only persons authorised by their work are allowed to pro-cess information in the register. The employees have been trained in the processing of confidential information, and they are subject to the obligation of professional confiden-tiality. Each user has a personal user name and password. The information will be stored electronically, in locked premises, and protected by fire walls and other technical means. Backup copies of databases are made automati-cally.
8. Automated decision-making, such as profiling Personal data is not used for the purposes of automated decision-making or profiling.
9. Storage period of personal data Customers’ personal data will be stored for as long as the customer relationship requires, or until the data subject re-quests the controller to erase the data. Personal data related to projects is stored while the project continues, and thereafter in accordance with the law on project activities.

  • Personal data related to an employment relation-ship are stored in accordance with relevant legisla-tion.
  • Personal data related to marketing is stored until the customer requests that their information be re-moved from the register.
  • Information collected by surveillance cameras is stored for as long as is necessary for the implemen-tation of surveillance purposes.
10. Data subject’s rights The data subject has the right: – to inspect his/her own personal data

  • to request that his/her information be corrected or deleted
  • to limit or oppose the processing of his/her own per-sonal data
  • to request that his/her personal data is transferred from one system to another/from one data control-ler to another
  • to withdraw the permission he/she has provided, if the processing of personal data is based on permis-sion from the data subject
  • to submit a complaint to the Office of the Data Pro-tection Ombudsman, if the data subject believes that his/her personal data has been processed in a manner that