Data Protection Description
In accordance with EU General Data Protection Regulation (2016/679, “GDPR”) and applicable national legislation (including Finnish Data Protection Act 1050/2018).
1. Description of the register
Synbio Powerhouse Ecosystem Forum is an innovation cluster managed by Synbio Powerlabs Oy (“Synbio Powerhouse”). Synbio Powerhouse is an operator of the synthetic biology innovation ecosystem in Finland and beyond. The ecosystem consists of scientists and students from a broad variety of disciplines (like life science, ICT, data science, ethics), entrepreneurs, innovators, representatives of big companies in various industries, investors, decision-makers, citizens, municipalities, countries that share interest and passion for applying synthetic biology to build a more sustainable and better world.
Synbio Powerhouse provides the ecosystem opportunities for partnering, matchmaking, education, mentoring, collaboration and co-creation. Synbio Powerhouse helps to transform good ideas into business cases and integrate them with the selected ecosystems in the main markets. Synbio Powerhouse is also the communication channel of the field. Furthermore, it offers Synbio Powerhouse membership with the benefits of joint-projects and partial funding, innovations, joint marketing and visibility efforts.
2. Controller, data protection officer and contact person
Name: Synbio Powerlabs (”Synbio”), Business ID: 3278880-8
Address: Tietotie 1 A 2 , 02150 Espoo, Finland
Data protection officer (DPO) of Synbio:
Name: Melissa Hendrén
Address: Synbio Powerlabs Oy, Tietotie 1 A 2, 02150 Espoo, Finland
E-mail: melissa.hendren@synbiopowerlabs.com
3. Personal data and data subject categories
Main categories of personal data: full name, title, organization, organization classification (like research, municipality, state etc.), contact information (address, email address, phone number), information required to target relevant marketing, communication, partnering, educational and collaborative actions (such as field of interest), event management information, idea competitions, newsletter registrations, resource sharing and service utilization information, team, membership, follower information. Images and videos of the participants may be recorded e.g. during the competitions and other events.
Main categories of data subjects: Synbio Powerhouse interest groups, collaborators and partners.
4. Purpose and legal basis of processing
The personal data is processed for the purposes of Synbio and/or Synbio Powerhouse, namely: marketing and communication (including newsletter), webinar and event management, partnering, matchmaking, collaboration facilitation, management of competitions and challenges/solutions, finding of Synbio Powerhouse members and followers.
Legal basis of processing[1]
-
Legitimate interests pursued by the Controller or by a third party legitimate interest concerned: Right to conduct relevant and justified marketing and communication targeted to identified interest groups of Synbio Powerhouse
-
Contractual relationship based on approval of the competition rules
5. Data sources
Personal data is collected from the data subjects and public sources. The personal data may be received also from Synbio Powerhouse interest groups, members and services providers.
6. Recipients or categories of recipients
Broad use of the Synbio Powerhouse services may require use of the platforms of third parties. In such cases Synbio Powerhouse asks for the data object to registrate in such systems. Synbio Powerhouse demand from third parties to comply with the GDPR regulations.
Synbio Powerhouse has the register of such third party platforms:
GDPR/Privacy information
https://www.nokia.com/privacy
https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/accountability-documentation
7. Transfers outside the European Union or the European Economic Area
Personal data is NOT transferred outside the European Union or the European Economic Area
8. Retention period of personal data
Personal data is processed as long as necessary and a valid legal basis for said processing is in force.
9. Protection principles
The main way is to use personal data in the digital form. Even ever the data is printed (handled manually), the data is kept only as short time as possible in the printed form. After this, the printed data will be stored in the locked containers and destroyed with the normal practice for confidential data.
Personal data processed in data systems is protected with:
-
user name
-
password
-
multi-factor authentication (MFA)
-
user monitoring (log)
-
access control
Encryption method of data transmission:
-
in transmission: Traffic is always encrypted with https
The registered members can see the other members registered as users or/and members of the service(s). The name of the member or user may become public in emailings, shared projects or events. To avoid confusion Synbio Powerhouse will keep a register with the basic data of each data object such as:
-
name
-
email
-
organization classification (research organization, company,… etc.)
-
optional link to the profile information sustained by the data object.
10. Rights of the data subjects
The data subjects have the following rights, depending on the legal basis of the processing. The legal rights may be exempted from or not applied in some cases as set forth in applicable legislation. Exemptions and restrictions are subject to case-by-case assessment.
The data subject can exercise these rights by contacting Controller with information set forth in section 2, preferably by email.
Right to withdraw consent
The data subjects have the right to withdraw their consent on which the processing is based on. This shall not affect the lawfulness of processing based on consent before its withdrawal.
Right of access
The data subjects have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her is being processed and access to his or her personal data and information concerning the processing of his or her personal data.
Right to rectification
The data subjects have the right to obtain from the Controller rectification of inaccurate personal data concerning him or her. The data subjects have the right to have incomplete personal data completed.
Right to erasure
The data subjects have the right to obtain from the Controller the erasure of personal data concerning data subject.
Right to restriction of processing
The data subjects have the right to obtain from the Controller restriction of processing.
Right to object
The data subjects have the right to object to processing of personal data concerning him or her.
Right to data portability
The data subjects have the right to receive the personal data concerning him or her, which the data subject has provided to the Controller and have the right to transmit those data to another controller.
Right to lodge a complaint with a supervisory authority
The data subjects have a right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data breaches the data subject’s rights pursuant to applicable law. In Finland: Finnish Data Protection Ombudsman, Ratapihantie 9, 00520 Helsinki, P.O. Box 800, 00521 Helsinki, Finland, tietosuoja@om.fi
[1]GDPR Art. 6 and Finnish Data Protection Act 4 §.
Published date: 22 August 2023