This description is based on EU General Data Protection Regulation (679/2016) and Personal data act (523/1999)
Date of drafting: 24 May 2019
| 1. Subject of the privacy policy |
Database of registered users of VTT's SimulationStore. |
| 2. Controller, Data Protection officer and Contact person | Controller Name: VTT Technical Research Centre of Finland Ltd ("VTT"), Business ID 2647375-4 Address: Tekniikantie 21, FI-02044 Espoo, Finland Data protection officer Name: Tero Reponen Address: VTT Technical Research Centre of Finland Ltd, Kivimiehentie 3, FI-02044 VTT, Finland Email address: tietosuoja@vtt.fi or tero.reponen@vtt.fi Contact person Name: Pasi Laakso Address: VTT Technical Research Centre of Finland Ltd, Kivimiehentie 3, FI-02044 VTT, Finland Email address: apros.support@vtt.fi or pasi.laakso@vtt.fi |
| 3. Handled user information and user groups | From all data subjects following information is stored:
Handled user groups are either SimulationStore users or users registered to SimulationStore. |
| 4. The purpose for processing the personal data | Main purpose of SimulationStore is to provide customers tools to manage their software licenses, download installation packages and License key files. Personal data is stored verify that the user is eligible to use the services of SimulationStore, for customer relations management and marketing the products of VTT. Marketing is implemented in the form of emails (e.g. news letters) and phone calls. The legal justification for storing the data is either direct contract relation between VTT and the customer or because of customer requesting SimulationStore services. Storing personal data is necessary to give SimulationStore services and to form a contract relationship between the data subject and the controller. |
| 5. User data source | User information is given by the user during the registration or when purchasing a license or asking access to download installation or license key packages. The date of registration and last activity information are collected automatically. |
| 6. Regular destinations of disclosed data | VTT can disclose Personal data to 3rd parties, if this is necessary because of technical reasons related to service or legislation demands disclosure. More specifically data will be transferred to these 3rd parties:
Personal data could be disclosed outside of EU- and ETA-region, if that is necessary because of the technical implementation of the service. In these cases the data protection regulation is followed. Owner of the register could use e.g. model contract clauses accepted by competent authority to be used for international data transfer. |
| 7. Transfer of personal data to countries outside the the European Union or the European Economic Area | Personal data could be disclosed outside of EU- and ETA-region, if that is necessary because of the technical implementation of the service. In these cases the data protection regulation is followed. Owner of the register could use e.g. model contract clauses accepted by competent authority to be used for international data transfer. |
| 8. Automatic desicion making, profiling | Information stored in the SimulationStore shall not be used for profiling or automated desicion making. |
| 9. Time limits of storing personal data | Information shall be removed or anonymized from the system after 5 years of inactivity in the usage of Simulation store services, if there are no legal basis to continue storing the data. |
| 10. The principles how the data file/register is secured | Data is stored to Linux server located in to the internet. It has a limited number of Administrators that have access to all the data stored and are committed to keep the data secure. Personal data is stored to mysql database and User management is done using Drupal user management system. User roles are Administrator, Application manager, Customer administrator and regular user. Administrators have access to all information, Application managers have access to personal data related to the users of particular application (e.g. Apros, Balas and Sulca are applications). Customer administrators can see the personal data of the regular users and other customer administrators that belong to the Customer group they are administrating. Regular users can see partial information of the other Regular users in the same customer group. No manual register is related to the Simulation store. |
| 11. Rights of data subjects | Data subjects have following rights. These could limited or there could be exceptions based on the Data Protection Regulation.
Data subject can fulfill these right via contacting to the contact person of the controller mentioned in the item 2, preferably via email using the email address used to register the data to the database. The controller has rights to ask further information to verify the identity of the data subject. |
| 12. Cookie policy |
Cookie is a text file that allows a web server to store information about a visitor and recognize them when they return to the web site. This is placed on the visitor’s computer and allows Simulationstore to recognize a returning visitor. Cookies enable collection of information regarding your computer, such as your IP address, browser type and the URL of sites visited. SimulationStore cookies are only used to recognize the user and store choices made during the session. This improves user experience e.g. cookies are used to store the consent of our cookie policy so that the banner is not reopened every time you come back to SimulationStore. Simulationstore cookies are not used for Analytics, Advertising or Marketing. You may block cookies by activating the account setting on your browser where you refuse the setting of all or some cookies. Please note that after blocking all cookies you may not necessarily be able to access or use all parts of SimulationStore. Here are some browser-specific instructions for disabling or enabling cookies: Android: https://support.google.com/accounts/answer/61416 |