Privacy notice – Commercial trial use of VTT Q5 quantum computing

The privacy notice is based on the EU’s General Data Protection Regulation (2016/679, “GDPR”) and Finnish Data Protection Act (1050/2018). Version 10.10.2023. The privacy notice can be updated. The data subject can review the up-to-date content by regularly visiting the website from where the VTT Q5 Commercial trial use can be purchased.

Name of the purpose of processing
Personal data is collected for the purpose of creating a user account to access VTT Q5 quantum computer.

Controller(s), data protection officer and contact person(s)
VTT Technical Research Centre of Finland Ltd (“VTT”), business ID: 2647375-4, Tekniikantie 21, 02150 Espoo
Address: VTT Technical Research Centre of Finland Ltd., Register Office, P.O. Box 1000, FI-02044 VTT, Finland
E-mail: [email protected] (DPO, data security and their substitutes)

Contact details of the contact person:
Name: Stefan Linge
Address: PO BOX 1000, 02044 VTT, Finland
E-mail: [email protected]

Personal data to be processed

The personal data to be processed are:

  • First Name:
  • Last Name:
  • Company/Organization:
  • Email:

These personal data fields are required when to access VTT Q5 quantum computer. Company name and email addresses are transferred to CSC via email.

The data subjects represent the following groups: Data subjects are personnel of the Customer that orders quantum computing time from VTT.

Purpose of processing and legal basis

The purpose of the processing of personal data is: Providing user accounts to the Customer that has purchased Commercial trial use of VTT Q5 quantum computing.

Legal basis for the processing of personal data[1]:

  • Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(b) of the GDPR)
  • Consent of the data subject (Article 6(a) of the GDPR)

Data sources

Personal data are obtained from the customer whose employees the said personal are.

Recipients or categories of recipients of personal data

Name and contact details of the recipient/Type of recipient (if there is a justifiable reason not to specify)

Purpose of the disclosure, role of the recipient in the processing

CSC IT Center for Science Ltd

For the purpose of user management; independent controller 

VTT may from time to time change the service providers used in the processing of personal data, for example in connection with public procurement. These will be notified by updating the privacy notice.

Transfer of personal data outside the EU or the EEA

No

 

Storage period of personal data

The data are processed for a maximum of 5 years from the end of project. After that, the data will then be removed or anonymised.

Principles of personal data protection

Protection of personal data processed in VTT’s internal information systems, which are protected by: User ID, password and logging.

 

Rights of the data subject

The data subject has the following rights, however, which may be derogated from and/or restricted in accordance with applicable legislation. Please note that in case the controller cannot identify the data subject, certain rights of the data subjects may not apply, unless the data subject provides additional information enabling his or her identification.[2] Restriction and deviation are verified on a case-by-case basis.

The data subject may exercise the above rights by contacting the controller using the contact details specified in item 2, preferably by e-mail.

  • right of access
  • right to rectification
  • right to erasure (so-called “right to be forgotten”)
  • right to restrict the processing
  • right to data portability
  • right to not be subject to automated decision-making
  • right to lodge a complaint with a supervisory authority

Further information on the data subject’s rights:

Right to withdraw consent

If the processing is based on consent, the data subject has the right to withdraw their consent at any time regarding the processing of their personal data.

The data subject’s right to access data

The data subject has the right to obtain confirmation from the controller as to whether personal data concerning them are processed. In addition, the data subject has the right to access his or hers personal data and information on the processing of personal data.

Right to rectification

The data subject has the right to have inaccurate and incorrect personal data concerning the data subject rectified and incomplete personal data completed without undue delay.

Right to erasure, so-called “right to be forgotten”

The data subject has the right to have the controller erase personal data concerning the data subject without undue delay.

Right to restriction of processing

In certain situations, the data subject has the right to demand that the controller restrict the processing.

Right to object to the processing

In certain situations, the data subject has the right to object to the processing of personal data concerning them.

Right to portability

The data subject has the right to receive personal data concerning them that they have provided to the controller and the right to transmit those data to another controller in so far as the processing is based on consent or contract and the processing is carried out automatically.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with supervisory authorities if the data subject considers that their rights have been violated in the light of the EU General Data Protection Regulation. Contact details of Finnish Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information 

 

[1] GDPR Article 6 and Section 4 of the Data Protection Act.

[2] Article 11 of the GDPR.