Privacy Policy

Who we are

The Forest Carbon Platform aims to integrate remotely sensed datasets, field measurements and online processing power to maximize their synergy to best meet the needs of different types of users. The foreseen users of the platform range from governmental entities and international organizations to the private sector, the central actors in fighting climate warming.

Our website address is https://www.forestcarbonplatform.org.

More about who we are: https://www.forestcarbonplatform.org/overview/

 

Data Protection Description

In accordance with EU General Data Protection Regulation (2016/679, “GDPR”). Version 1.1, dated 24 May 2018

This information may be subject to changes from time to time due to i.a. technical reasons and/or change of services providers, applicable legislation and legal interpretations.

 

1. The object of the processing

Forest Carbon Platform project and visitor register

 

2. Controllers, data protection officers and contact information

Contact information concerning the register for purpose of establishing the data subject’s rights:

Email: jukka.miettinen@vtt.fi

 

Controller:

VTT Technical Research Centre of Finland Ltd. (”VTT”), Business ID: 2647375-4

Address: Vuorimiehentie 3, 02150 Espoo, Finland

 

Data Protection Officer:

Name: Seppo Viinikainen

Address: VTT Technical Research Centre of Finland Ltd., Koivurannantie 1, 40400 Jyväskylä, Finland

Email: dataprotection@vtt.fi (DPO, cybersecurity manager and legal counsel) or Seppo.Viinikainen@vtt.fi (DPO)

 

3. Categories of the personal data

The categories of the personal data contained in the website forms are i.a.:

• Name
• E-mail address

The data subjects are natural persons representing people interested in the Forest Carbon Monitoring project.

 

4. Purposes of the processing and the legal basis for the processing

The personal data is primarily processed for the following purposes:

• Marketing and communication activities, including direct marketing, such as:
  • Publication and communication activities
  • Event invitations
  • Other sales, communications, marketing and advertising activities
• Business development, other development and reporting

The personal data is processed on the basis of the legitimate interest of the Controller(s). The legitimate interest applicable is a right to conduct well-grounded marketing and communication and thereto related direct marketing.

Every person has the right to refuse to allow the use of their personal data for direct marketing purposes. If the registrant wishes to opt-out, he or she should inform jukka.miettinen@vtt.fi

 

5. Regular sources of information

Personal data are either received from the data subject or filled in on the basis of public sources or from other controller’s registers, such as CRM or marketing registers of the Controller(s).

 

6. Recipients or categories of recipients of the personal data

The Controller(s) may provide third parties with such personal data which is needed by a third party (i) in order to provide the Controller(s) with marketing and/or technical services related to the object of the processing or other similar processing purposes and/or (ii) for collaboration with the Controller(s) which requires joint efforts in marketing and communication. Each provision of data is done in accordance with the requirements of GDPR and applicable legislation.

 

7. Transfer of data outside the European Union or the European Economic Area  

The personal data is not regularly, but may be, transferred outside the EU or EEA if this is necessary to ensure appropriate and cost-effective implementation of the processing purpose, such as in case of technical reasons related to service provider or processing. In such cases, the transfer is done in accordance with the requirements of GDPR and applicable legislation.

In case of the absence of European Commission (“EC”) adequacy decisions, EC standard contractual clauses are used as appropriate or suitable safeguards for these data transfers. Whenever EC adequacy decisions are applicable, the Controller(s) may rely on them.

 

8. The existence of automated decision-making, including profiling

No automated decision-making or profiling which produces legal effects or has similar material effects concerning the data subject is made.

 

9. The period for which the personal data is stored or the criteria used to determine that period

The personal data is processed as long as it is needed for the purpose of any processing purpose set forth above. After this the data subject’s personal data are either anonymised or deleted, unless other applicable legal basis for processing remains.

 

10. Principles of protection of the register

Personal data is stored in a technically secure location. Physical access to the data is restricted by means of access control and other security measures. Access is also prevented by means of e.g. firewalls and other technical protection measures. Only named employees of the Controllers have the right to process personal data contained in the register. These persons are bound by confidentiality obligations.

 

11. Rights of the data subject

The data subjects have the following rights that the data subject may establish by contacting the Controllers in writing, preferably by email, or as detailed below. Some of the rights may be subject to limitations, in accordance with GDPR and applicable legislation.

The data subject is requested to contact the Controllers from an email address which the Controllers presumably has in its register(s). The Controller(s) may also request further information or documentation in order to verify person’s identity.

 

Right of access

The data subjects have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed and access to his or her personal data and information concerning the processing.

 

Right to rectification

The data subjects have the right to obtain from the controller rectification of inaccurate personal data concerning him or her, and the right to have incomplete personal data completed.

 

Right to erasure

The data subjects have the right to obtain from the controller the erasure of personal data concerning him or her, to the extent permitted by law.

 

Right to restriction of processing

The data subjects have the right to obtain from the controller restriction of processing, as set forth in GPDR.

 

Right to data portability

Where the processing is based on the data subject’s contractual relationship and is carried out by automated means, the data subjects have the right to receive the personal data concerning him or her, which he or she has provided to the controller and have the right to transmit those data to another controller.

 

Right to object

Where the personal data is processed on the basis of the legitimate interest of the controller, the data subjects have the right to object at any time to processing of personal data concerning him or her for such purpose.

 

Right to lodge a complaint with a supervisory authority

The data subjects have a right to lodge a complaint with a supervisory authority (e.g. Finnish Data Protection Ombudsman) if the data subject considers that the processing of personal data breaches the data subject’s rights pursuant to GDPR.

 

Cookies

If you visit our page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. Read our cookie policy here.

 

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.