Privacy Guidelines for MSCR
Effective as of Date 15.3.2025
Controller
CSC – IT Center for Science Ltd
P.O. Box 405 (Keilaranta 14)
02101 Espoo, Finland
Tel. +358 (0)9 457 2821 (operator)
servicedesk(at)csc.fi
Business ID: 0920632-0
www.csc.fi
(Hereinafter referred to as 'we' or 'CSC')
P.O. Box 405 (Keilaranta 14)
02101 Espoo, Finland
Tel. +358 (0)9 457 2821 (operator)
servicedesk(at)csc.fi
Business ID: 0920632-0
www.csc.fi
(Hereinafter referred to as 'we' or 'CSC')
Contact person for register-related matters
Data asset owner: servicedesk(at)csc.fi.
Data Protection Officer: privacy(at)csc.fi
Data Protection Officer: privacy(at)csc.fi
What are the legal grounds for processing personal data?
The data subjects for this processing activity are the users of the Metadata Schema and Crosswalk Registry Service. Processing of personal data is based on a Contract.
What are the purposes of processing personal data?
Personal data is processed to:
- Provide and improve our services
- Perform our contractual obligations
- As a part of our customer relationship.The lawful basis for processing user data is the performance of a contract between user and CSC.
Do we use automated decision-making or profiling?
Data is not used for profiling purposes. We may use automated decision-making in some cases, if the law allows it, or if you have given your consent separately, or if it’s necessary for the execution of the contract.
Note! Not always true e.g., recruitment.
Note! Not always true e.g., recruitment.
What data do we process?
We are processing the following personal data:
- Data subject’s basic data such as name, user ID, password.
- Data subject’s contact detail such as email address
- Contents registered by the user for MSCR Service use.
Where do we get your data from?
All the data we process is provided by the data subject themselves.
To whom do we disclose your data?
The data is only disclosed the authentication identity provider and to no one else.
Do we transfer data outside the EU or EEA or to international organizations? Or to which countries do we transfer data and what are the grounds for these transfers?
Personal data is not transferred outside the European Union (EU) or the European Economic Area (EEA).
How long do we keep your data?
Data Persistense in MSCR followed by the following rules:
- Service-related metadata will be kept until the service is running.
- Personal data which is used for group management will be kept 1 year after the last login.
- Service-related metadata will be kept until the service is running.
- Once the retention period for personal data has expired and there are no longer grounds for processing them within the limits permitted by data protection legislation, the personal data will be deleted.
How do we protect your data?
Information in Information Systems: Only persons who have the right to process the personal data on behalf of CSC can access the data files in accordance with their job descriptions. Access to personal data is restricted and users are identified by a username and password.
With outsourced service providers, CSC has agreed on the necessary data protection obligations in accordance with the General Data Protection Regulation.
With outsourced service providers, CSC has agreed on the necessary data protection obligations in accordance with the General Data Protection Regulation.
What are your rights as a data subject?
Data subjects have the rights under the General Data Protection Regulation to, among other things, inspect their own data, access personal data and demand the correction of incorrect data concerning them. The right of inspection or access to data is carried out according to resources without undue delay, but always within the time limit required by the General Data Protection Regulation at the latest. The identity of the data subject is checked before providing the information. On request, the information is provided in written form.
- The controller must, independently or at the request of the data subject, correct or supplement the incorrect or deficient information. The controller shall, independently or at the request of the data subject, remove unnecessary or outdated data, unless the law or the contract entitles or obligates the controller to retain data.
- The data subject has the right to withdraw the consent he has given, if the processing is based on consent. Withdrawal of consent does not affect the processing that took place before the withdrawal.
- The data subject has the right to request restriction of processing or to object to processing within the limits and in accordance with applicable data protection legislation.
- Data subjects have the right to transfer data from one system to another, i.e., to receive the personal data concerning them in a structured and commonly used format, and to transfer it to another controller within the limits and in accordance with applicable data protection legislation.
- You can send the above requests and questions regarding this privacy policy and CSC's processing of personal data to privacy(at)csc.fi.
- You also have the right to lodge a complaint with the Data Protection Ombudsman. The contact details of the Data Protection Ombudsman can be found on the Data Protection Ombudsman's website at tietosuoja.fi.
Who should you contact?
All communications and requests regarding this policy should be made in writing or in person to the contact person named in section two (2).
Changes to the privacy policy
Changes to this policy will be dated. We may inform you of any significant changes by email or notice on our website.