PRIVACY POLICY

Privacy Notice for faria.network
FARIA.network  ('FARIA') collects personal data that relates to the users of the FARIA.network website ('website') on behalf of Aalto University and University of Helsinki as coordinators of the FARIA network. This privacy notice applies to the website FARIA.network. The FARIA-coordinators act as the controller for personal data that users of the website provide when they visit the website or by other means or that is collected automatically in conjunction with website browsing activity.

Protecting your privacy and your personal data is of the utmost importance to us. FARIA is committed to complying with the requirements that data protection regulation places upon FARIA in the processing of your personal data.


The means and purposes of processing your personal data are described in further detail in this privacy notice.


This privacy notice is subject to change. This privacy notice will be updated when changes are implemented. You will always find the up-to-date version of this privacy notice on this website.


This Privacy Notice covers the following areas:
1.    Why does FARIA process personal data?
2.    What personal data does FARIA process?
3.    Sources of information
4.    Lawful basis for processing
5.    Transfers and disclosures of personal data
6.    International transfers of personal data
7.    Retention period
8.    Your rights
9.    Who is the controller and who can I contact?


1.    Why does FARIA process personal data?


FARIA collects and processes certain personal data in order to
•    enable you to use the website;
•    maintain and develop the website;
•    enhance or improve your experience of the website by collecting details of your visit through cookies and standard weblogs;
•    enable communication and marketing


In addition, FARIA will also process personal data for the purposes of data security and to prevent and resolve possible misconduct.


2.    What personal data does FARIA process?


FARIA will only process personal data that is necessary for the processing purposes defined in this privacy notice. The personal data that FARIA collects can be grouped into the following categories:
•    Identification information such as title, forename, surname
•    Contact information: such as telephone number, email
•    Information collected through observing the use of the website; e.g. time of visit to our service; the page from which the system accessed our website; pages visited during the session; Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information. FARIA uses cookies and other technologies to collect this data.


•    Newsletter user profile data: Field of interest, opening of newsletter (date and time), contents, clicked links; IP address; browser type, browser version, device type


3.    Sources of information


Personal data is collected from the users themselves during their visits on our website or when they otherwise interact with FARIA. 


Personal data can, if necessary, be collected and updated from FARIA partners and companies or authorities providing services related to personal data, such as companies providing services related to the updating of contact details. This applies mainly to cases where the user has subscribed to our newsletter.


4.    Lawful Basis for Processing


Legitimate interest to maintain and develop website, to communicate and to market the :
•    Personal data processed for communication and marketing purposes
•    Information collected through observing use of website
•    Newsletter user profile data
•    The processing of personal data for the purposes of data security and to prevent and resolve possible misconduct


5. Processing of information by third parties


FARIA disclosures personal data only to the extent necessary for the purposes personal data is processed:
I) Service providers
In the maintenance of its website and in its service provision, FARIA uses partners to process data for the purposes detailed in this data protection policy. FARIA transfers your personal data to such partners only to the extent that the partners need to be able to access the personal data that we process in order to be able provide FARIA with services for the purposes specified in this data protection policy.  
Our website uses the functions of our service providers known as community plug-ins, such as the Share button in Facebook, the content of which is directly derived from Facebook. 
Our website makes use of the cookies of our service providers, such as cookies of Google Analytics, which enable the compilation of statistics and analysis on the use of the website.  


II) Research use
In some situations, FARIA may disclose your personal data for the purposes of research. In these cases, all personal data is processed in accordance with the General Data Protection Regulation and national data protection legislation.


III) Statutory reasons
FARIA may disclose your personal data to third parties if access to personal data or other processing of personal data is required to i) fulfill statutory responsibilities or a court order; ii) detecting, preventing or handling misuses, security risks or technical issues.


6. International transfers of personal data


We used Wix.com to create the website and store data. This means that users’ and Users-of-Users’ Personal Information may be stored in data centers located in the United States of America, Ireland and Israel. They may use other jurisdictions as necessary for the proper delivery of their Services and/or as may be required by law.


Wix.com Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU Member State residents.


Wix affiliates and Third-Party Service Providers that store or process your Personal Information on Wix’s behalf are contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.


Transfer of EU Personal data : If you are located in Europe, when Wix.com Ltd. will transfer your Personal Information to the United States or anywhere outside Europe, they will make sure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Standard Contractual Clauses are in place. 


Privacy Shield Certification: Wix and its affiliates, including DeviantArt Inc., participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List, here.


In compliance with the Privacy Shield Principles, Wix.com commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: privacy@wix.com. For the avoidance of doubt, Wix does not rely on the Privacy Shield as a mechanism for transferring GDPR protected personal data.


Wix.com has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.


The services are provided at no cost to you.


7.    Retention period


Personal data will be retained for the period of validity of the legal basis for processing and for as long as necessary for the processing purposes mentioned in this privacy notice.
The information of users is retained for as long as FARIA´s legitimate interests can reasonably be deemed valid. We determine the validity of our legitimate interest by, for example, your use of our online services as well as the communication between us. Generally, personal data of other users will be retained for a period of one year from their last use of our website, after which the personal data will be deleted.


8. Your rights


The General Data Protection Regulation grants the data subject a number of rights with which the data subject can govern the processing of their personal data. The data subject may use the following rights in relation to FARIA insofar as FARIA acts as the controller for the data subject’s personal data:


Right of access and right to rectification
You have the right to receive confirmation on whether we process personal data relating to you and the right to access any such personal data. FARIA may ask you to specify your request where necessary, for example with regard to the details of the provision of information.


In addition, you have the right to request the rectification of incorrect personal data relating to you, or to supplement incomplete personal data that FARIA is processing.
Right to data erasure


You have the right to request erasure of your personal data from our data systems. FARIA will comply with your request, provided that there is no legitimate reason to retain the data, such as a statutory obligation to continue processing the personal data. Personal data may not be deleted instantly from backup copies and other such data systems, but will be deleted through regular database retention practices.


Right to object
You also have the right to object to the processing of your personal data if your personal data is processed for other purposes than the fulfillment of legal responsibilities or the provision of services. You may object to the processing of your personal data for purposes of direct marketing, even if the basis for such processing is consent given by you in the past. Objecting to the processing of your personal data may lead to limitation of the usage of the FARIA website. You have the right to prohibit direct marketing by following the instructions contained in all of our marketing messages.


Right to restriction of processing
If you contest the correctness of the data which we have registered about you or the lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or until it is assured that our legitimate interests override your interests.


If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.
Right to data portability


You have the right to receive your personal data from us in a structured, commonly used format so that you may transfer your personal data to another controller, provided that the processing of your personal data is based on consent or a contract between you and FARIA.


9. Who is the controller and who can I contact?


You can use your rights by contacting FARIA's data protection officer at jerome.rickmann [at] aalto.fi. The extent of your rights is subject to the legal basis for processing, and exercising your rights requires identification.

Controller:
Aalto-korkeakoulusäätiö sr, which functions as FARIA-coordinator 
Mailing address: PO BOX 11000, FI-00076 Aalto
Phone number: +358 50 430 5770
Visiting address: Otakaari 24, 02150 Espoo


Data protection officer:
Dr. Jérôme Rickmann
Contact information: jerome.rickmann [at] aalto.fi


Right to lodge a complaint
If the processing of your personal data is in breach of applicable legislation, you have the right to lodge a complaint with the national supervisory authority. You can lodge the complaint with a competent supervisory authority. In Finland, this is the Data Protection Ombudsman, and the complaint must be lodged in accordance with instructions provided by the Office of the Data Protection Ombudsman.


Please see https://tietosuoja.fi/en/home for more information.