1. Data controllers
The KEINO Competence Centre is a consortium whose members are:
The Association of Finnish Local and Regional Authorities
VTT Technical Research Centre of Finland Ltd
The Finnish Funding Agency for Innovation – Business Finland
The Finnish Environmental Institute SYKE
KL‐Kuntahankinnat Oy, and
The Finnish Innovation Fund Sitra
These organisations form a consortium, which is not an independent legal person, but a natural alliance established by an agreement.
This privacy statement describes the data protection practices that the network-based KEINO Competence Centre for Sustainable and Innovative Public Procurement applies to keeping a personal data file. The Centre supports and assists public procurers in developing sustainable and innovative public procurements. It is implemented as part of the Finnish Government Programme and financed and steered by the Ministry of Economic Affairs and Employment.
2. Person in charge of matters pertaining to the personal data file
Name: Motiva Oy, Communications and marketing
Contact information: Kati Laakso, Director of Communications and Marketing
3. Name of the personal data file
The personal data file of the KEINO Competence Centre.
4. Joint data control and areas of responsibility
The members of the KEINO Competence Centre consortium listed in section 1 are joint controllers. Each joint controller informs data subjects (individuals) about the collection of their personal data and of a contact point for them. The consortium permits the use of personal information contained in the personal data file by persons who need it to perform their tasks related to the KEINO Competence Centre.
5. Purpose and legal basis of processing personal data
The KEINO Competence Centre's purpose is to act as a network-based competence centre for sustainable and innovative public procurement. The Centre’s key activities that involve the processing of personal data include communication to interest groups, advisory services, purchaser groups, setting up a large pool of experts and tapping into this expertise, and networking.
Thus, the purpose of the processing of the information in the personal data file is to communicate with the KEINO Competence Centre’s stakeholders, experts and customers. The personal data file and the information it contains are used for purposes such as informing about the Centre's activities, organising events and surveying target groups.
The legal basis for personal data processing is the legitimate interest of joint controllers, relating to the KEINO Competence Centre’s activities for which the joint controllers create a network.
Personal data is collected from customers via telephone, mail, the Internet, e-mail and newsletters, at events or in some other way during the customer relationship and by means of cookies or another corresponding technology. Personal data may also be collected from the consortium’s members’ personal data files, provided that the processing of this data is compatible with the purpose for which the data was initially collected.
6. Information content of the personal data file
The personal data file may contain information on the data subject’s first name, last name, organisation, contact information and responsibilities.
7. Recipients/recipient groups of personal data
Where necessary, personal data is disclosed to authorities to the extent permitted and required by current legislation.
8. Transfer of personal data to a third country
It is possible that some of the services related to the processing of personal data are provided outside the territory of the Member States of the European Union and the European Economic Area (EEA). In such cases, any data transfer complies with the requirements of the EU General Data Protection Regulation (GDPR). For example, when agreeing on a data transfer with a processor, the European Commission’s standard contractual clauses are used.
9. Retention of personal data
Personal data is stored for as long as it is necessary for the specific purpose for which it was collected, as stated in this privacy statement, but for no more than five years after the operations have ceased. Passive personal data is removed regularly from the personal data file.
10. Rights of data subjects with regard to processing their personal data
Right of access to data
Data subjects have the right to know what information is held about them on the personal data file and to obtain a copy of the data. Data subjects should send an access request to the email address email@example.com and specify the kind of information the request relates to. Where necessary, the controller will ask for further information to verify the data subject's identity.
The response to the access request is sent to the data subject by email, unless he or she asks to receive the information by some other means.
Right to rectification of data
Joint controllers ensure as far as possible the quality of the data that they process. They rectify, remove or complement erroneous or obsolete personal data on their own initiative or at a data subject’s request.
Right to restriction of processing
Data subjects have the right to request the controller to restrict processing. For example, they may contest the accuracy of the personal data held about them, in which case the processing is restricted until the controller can verify the accuracy of the data.
Right to demand the erasure of data or to object data processing
Data subjects have the right to demand the erasure of their personal data or to object to the processing of their personal data, if the processing is based upon legitimate interests. Data subjects always have the right to object to their data being used for direct marketing by sending an email to firstname.lastname@example.org.
Right to make a complaint to a supervisory authority
Data subjects may make a complaint to a supervisory authority, i.e. the Ombudsman for Data Protection, about the processing of their personal data.