This description is based on EU General Data Protection Regulation (679/2016) and Personal data act (523/1999)
Date of drafting: 24 May 2019

1. Subject of the privacy policy: Database of registered users of Apros Forum.

2. Controller, Data Protection officer and Contact person:
Controller
Name: VTT Technical Research Centre of Finland Ltd ("VTT"), Business ID 2647375-4
Address: Vuorimiehentie 3, FI-02150 Espoo, Finland

Data protection officer
Name: Seppo Viinikainen
Address: VTT Technical Research Centre of Finland Ltd, Koivurannantie 1, FI-40400 Jyväskylä, Finland
Email address: tietosuoja@vtt.fi or seppo.viinikainen@vtt.fi

Contact person
Name: Pasi Laakso
Address: VTT Technical Research Centre of Finland Ltd, Kivimiehentie 3, FI-02044 VTT, Finland
Email address: apros.support@vtt.fi or pasi.laakso@vtt.fi

3. Handled user information and user groups: Stored information includes Email address, Company (if applicable), First name, Second name, date of registration and last activity, Time zone and all the messages user has written to Apros-forum. System also logs activity data including e.g. which pages in the forum have been visited and when.

Handled user groups are either users of Apros-forum or user registered to it.

4. The purpose of processing personal data and its legal justification: The data is stored to offer services to Apros customers and verify that is eglible to use its services. Apros-forum is used to inform users that can use Apros-Forum to ask and comment the functionality of Apros.

The legal justification for storing the data is either direct contract relation between VTT and the customer or because of customer requesting Apros-Forum services.

Storing personal data is necessary to give Apros-Forum services and to form a contract relationship between the data subject and the controller.

5. User Data source: Information is given by the user during the registration. The date of registration and last activity information are collected automatically.

6. Regular destinations of disclosed data: Data is not disclosed by VTT to other parties. However some of the personal data can be read manually by any registered user.

7. Transfer of personal data to countries outside the the European Union or the European Economic Area: Data is not disclosed outside of European Union or European Economic Area.

8. Automatic decision making, profiling: Personal data stored shall not be used for profiling or automated decision making.

9. Time limit of storing personal data: Information shall be permanently kept in the system unless users requests removal. At that case user data is anonymized from the system.

10. The principles how the data file/register is secured: Data is stored to Linux server located in to the internet. It has a limited number of Administrators that have access to all the data stored and are committed to keep the data secure. Personal data is stored to mysql database and User management is done using system provided by vBulletin Forum software. User roles are Administrator and regular user. Administrators have access to all information. Regular users can see partial information of the other Regular users.

No manual register is related to the Apros-forum database.

11. Rights of the data subjects: Data subjects have the following rights. These could be limited or there could be exceptions based on the Data Protection Regulation.

• Access to personal data - Data subjects have the right to receive confirmation from the controller whether or not the controller is processing personal data that concerns them. Upon request the controller shall provide copy of personal data being processed and data defined in the Data Protection Regulation concerning the handling of personal data.
• Ask rectification of personal data - Data subject has right to get faulty, inaccurate or lacking information rectified without unnecessary delay.
• Ask for personal data removal - Data subject has right to get his information removed without unnecessary delays in case the Data Protection Regulation conditions are met.
• Limit handling of personal data - Data subject has right to limit handling of personal data in case the Data Protection Regulation conditions are met.
• Request transfer of personal data between systems - Data subject has right to ask personal data that he has given to the controller and right to transfer this information to other controller from those parts that are based on contract relationship and handling is done automatically.
• File a complaint to supervising authority - Data subject has right to complain to supervising authority, if he feels that his rights based on Data Protection Regulation has been violated.

12. Cookie policy: Cookie is a text file that allows a web server to store information about a visitor and recognize them when they return to the web site. This is placed on the visitor’s computer and allows Apros-forum to recognize a returning visitor. Cookies enable collection of information regarding your computer, such as your IP address, browser type and the URL of sites visited.

Cookies at Apros-forum are only used to recognize the user and store choices made during the session to improve user experience. Cookiees are not used for Analytics, Advertising or Marketing.

You may block cookies by activating the account setting on your browser where you refuse the setting of all or some cookies. Please note that after blocking all cookies you may not necessarily be able to access or use all parts of Apros-forum.

Here are some browser-specific instructions for disabling or enabling cookies:
Android
Chrome
Edge
Firefox
Internet Explorer
Opera
Safari

Data subject can fulfill these right via contacting to the contact person of the controller mentioned in the item 2, preferably via email using the email address used to register the data to the database. The controller has rights to ask further information to verify the identity of the data subject.