HEXA-X Website Privacy Policy

This is the Privacy Policy of the HEXA-X Consortium website.

This Privacy Policy is intended to inform you about the processing of your personal data by [the Hexa-X Consortium / Nokia Solutions and Networks OY] that takes place via the Hexa-X website.

Data controllers for the Hexa-X website

Nokia Solutions and Networks OY is the data controller for the personal data processed on the Hexa-X website, Nokia Solutions and Networks OY’s legal address is Karakaari 7, 02610 Espoo (Finland).

How we use your information

The sections below outline what we use your information for, why we do it and what allows us to do so legally:

When you visit our website

When you use our website, we collect your personal information as set out below. We may also store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the website work as you expect it to (please see our Cookie Policy for more information). You can manage website cookies in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies.

Data collected	Purpose of collection	Legal basis for collection
Basic personal information (name, contact details etc.) when you contact us directly through our Contact Form	Communicating with you in the course of our business. Responding to queries and provide support. Managing security and access to our systems.	(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in ensuring the protection of our systems provided such interests are not overridden by the rights and interests of the data subjects concerned
Brower data (including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address, if you use location-based features and turn on the Location Services settings on your device and computer Login information, browser type and version, time zone setting, browser plug-in types, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream. We analyse website browsing behaviour such as page views	We want to ensure that we give you the best possible service and data analysis allows us to do this. To improve website content and layout	(a) To support our legitimate interests in managing our business and providing and improving services, provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent – which you may withdraw at anytime.
Social plugins may be used in some cases on the Hexa-X website, e.g. from the Facebook, Twitter, YouTube or Google+ social networks. If you open a page of the Hexa-X website in your web browser containing such a plugin, your web browser will create a direct connection to the servers of the respective provider in the country concerned.	Website and service analysis, performance and improvement	a) To support our legitimate interests in managing our business and providing and improving services, provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent – which you may withdraw at anytime.
Social media analysis if you link your Social Media or your third-party accounts to us We may keep a record of your social media handle, and the other information that is made available to us according to your social media account settings. You can adjust these settings within your own account	To improve the visitor experience to our website.	Legitimate interest. It is important to us that you get the best experience.
Technical information about your phone, laptop, or device on how you use our website	To protect and improve our website making your browsing experience even better. Ensure and maximise website functionality. We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our site and app, and developing new products and services.	Legitimate interest. It is important to us that you get the best experience.
Supplier details	Managing provision of services, assessment of our suppliers or parties who tender to provide goods or services to us.	Performing a contract with our supplier who you work for or represent (ii) ensuring the protection of our systems and premises and (iii) assessing our suppliers or tenderers, provided such interests are not overridden by the rights and interests of the data subjects concerned.
Contact details and technical data	For the prevention and detection of fraud, or for the purpose of responding to a binding request from a public authority or court.	To comply with our legal obligations
Personal and statistical data	Where required, transferring information to third parties, including to our own service providers.	(a) To support our legitimate interests in managing and improving our business and services and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned; or (b) to comply with our legal obligations.
Contact details	Providing newsletters and marketing communications. Facilitating social sharing, for personalised services. Marketing our services and events.	(a) To support our legitimate interests in organising events, managing our business and providing and improving services, provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent – which you may withdraw at anytime.

Where we process information on the basis that it is important for us as a business to do it, we will consider your interests also. We will weigh up our business interests with your interests to ensure they are fairly balanced. You can contact us for further information on this.

How we secure your information

We take great care to ensure the security of our websites and your personal information. To ensure that we keep your information secure we use technical security measures such as encryption, access controls, firewalls and logging, and organisational security controls such as security policies and procedures, awareness training for employees and 3rd party vendor assessments.

To take full advantage of all security features you should use an up-to-date browser. To further ensure your personal information is safe, please note, we will never ask a customer to confirm any debit or credit card details via email.

Who do we share your personal information with?

We may share your information internally within the Hexa-X Consortium. The participants in the Hexa-X Consortium are as follows:
- Hexa-X Consortium
  - Nokia Solutions and Networks GmbH & Co. KG
  - Nokia Oyj
  - Ericsson AB
  - Aalto-korkeakoulusäätiö sr, P.O Box 11000 (street address Otakaari 1), 00076 AALTO, Finland, VAT FI 22283574
  - Atos Spain SA
  - B-COM
  - Chalmers Tekniska Högskola AB
  - Commissariat à l’énergie atomique et aux énergies alternatives
  - Ericsson Araştırma, Geliştirme ve Bilişim Hizmetleri A.Ş.
  - Ericsson Magyarország Kommunikációs Rendszerek Kft
  - Institute for Computer Science and Control (SZTAKI)
  - Intel Deutschland GmbH, am Campeon 10-12, 85579 Neubiberg, Germany
  - Nextworks S.R.L.
  - Orange
  - Politecnico di Torino
  - Qamcom Research and Technology AB
  - Siemens Aktiengesellschaft
  - Technische Universität Dresden
  - Technische Universität Kaiserslautern
  - Telecom Italia S.p.A.
  - Telefónica Investigación y Desarrollo S.A.U.
  - Universidad Carlos III de Madrid
  - University of Oulu
  - University of Pisa
  - Wings ICT Solutions PC
Data is only shared on a need to know basis when required for our business to function.
We may share your information externally with our core service providers when required for our business to function. These include for example companies who help us provide our websites and customer support services.
We may need to share personal data in order to protect ourselves against fraudulent claims and to manage insurance and legal claims.
We may need to share personal data to support our IT system providers to keep our systems secure. Each of the external companies we work with has been selected by us for their ability to provide what we need to our required specification, including their ability to handle sensitive data (like your personal information) securely and appropriately.
We may need to share personal data when we receive requests for information from government departments, the police and other enforcement agencies. If this happens, and there is a proper legal basis for providing your personal information, we will provide it to the organisation asking for it.
We may share your information with other partners when we have your consent to do so.
In some cases, Nokia Solutions and Network OY may be required to report certain anonymised statistical information to the European Commission (EC), such as website traffic.

Transfers of your information

Our third-party service providers who process your information on our behalf may transfer your information outside the European Economic Area (EEA). Where such transfers occur, it is our policy that: a) they do not occur without our prior written authority; and b) that an appropriate transfer agreement is put in place to protect your information. If you would like to find out more about any such transfers, please contact Pablo Serrano (see below).

How long do we keep your information for?

We keep personal data for a variety of purposes and for a variety of time periods. The general guidelines for how long we keep personal data are based on what is necessary and proportionate in our business, taking into consideration how and why we collected it and with reference to legal obligations that apply to our business.

Where there is no legally defined time period for keeping data, we will keep your information for a time period based on relevant industry standards.

Where there is no relevant industry standard, we will use a time limit that allows us to serve you as customers but also ensures we don’t keep your personal information for longer than we need to.

What rights do you have?

You can ask us for a copy of the personal information we hold about you.
You can ask us about how we collect, share and use your personal information.
You can ask us to update and correct your personal details.
You can request that we restrict processing of your personal data in certain circumstances.
You can object to processing that is carried out where we have decided that it is important for us as a business (legitimate interests).
In certain circumstances, you may ask us to delete your personal information.
You have a right to move your information (your right to Portability). Where you have provided information in a structured, commonly used and machine-readable format we can share a digital copy of your information directly with you or another organisation.
You can object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
You have a right to request access to your personal information.
You can change your mind wherever you give us your consent and withdraw that consent, such as for direct marketing.

You can exercise any of these rights by contacting our Data Protection Officer on [email protected].

When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

You also have a right to lodge a complaint with a supervisory authority. In Finland The Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) is the local supervisory authority. You can contact them via their website.

If you are not a resident of Finland you can find contact details for the relevant supervisory authority for your country of residence here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Links to third party sites

From time to time we may provide links to other sites. This privacy policy only covers our Website and any website that we own and control. It does not cover links to other sites nor information collected by parties that own and control those sites or their use of cookies when you visit another site.

Changes to the Privacy Policy

Our Privacy Policy may change from time to time and any changes to the statement will be communicated to you by way of an e-mail or a notice on our website.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.