SFS Finnish Standards Privacy Policy – SFS Comment Portal

This Privacy Policy describes how SFS Finnish Standards (SFS) as the responsible data controller processes your personal data when you use the SFS Comment Portal.

1. Personal Data That We Collect

When you register as a user in the SFS Comment Portal, SFS will collect your name, job title, email address and, where applicable, the organisation or interested party you represent.

SFS will obtain this information directly from you upon registration. SFS will also collect any information you provide when submitting comments.

When you use the SFS online services, we may also collect data related to your use of these services. Such data is described in more detail in the SFS Privacy Policy concerning customer and marketing data.

2. Purpose and Legal Basis of Collecting Personal Data

The SFS Comment Portal allows users to comment on and vote on draft standards. SFS will collect and process the above-mentioned personal data based on a legitimate interest for the purpose of user registration. Registration is necessary for SFS to verify the comments submitted and to monitor compliance with the terms of use of the comment portal.

With your consent, SFS may also send you email notifications regarding published standards.

Additionally, SFS may process your personal data in order to market its products or services. SFS may do this either with your consent or, if you represent an organisation, based on a legitimate interest. However, you are always entitled to object to the use of your personal data for marketing purposes, and with respect to electronic direct marketing by SFS requiring consent, you may withdraw your consent at any time.

If necessary, SFS may also process your data based on a legitimate interest when protecting itself against legal claims or when presenting such claims related to, for example, any outstanding payments.

3. How We Disclose and Transfer Your Personal Data

SFS employs external service providers for the implementation of the SFS Comment Portal. These parties may include companies from which SFS buys IT services such as server space or server room services. These technical service providers act as data processors on behalf of SFS. Agreements between SFS and these service providers ensure the safe processing of your personal data in such circumstances.

Additionally, when processing comments submitted in the portal, SFS may disclose your personal data in relation to a comment you have submitted to parties participating in the development of a standard. Such parties may include members of the standardization group in question and the standards writing body overseeing the group.

As part of the above-mentioned actions, it may be necessary to disclose or transfer your personal data to non-EU/ETA countries (third countries), that do not have equivalent privacy laws. In general, SFS will only transfer personal data to third countries when the level of data security has been deemed sufficient by the European Commission. If this is not the case, SFS will fulfil its legal obligations in ensuring the safe processing of data in third counties. This may be achieved by entering into a contract with the receiving party drafted according to the model contract clauses of the European Commission that ensure safe data processing in third countries.

4. Storage Period of Your Personal Data

SFS will store data related to your registration for as long as your user account in the SFS Comment Portal remains active. SFS will also store any comments you have submitted and the related data for a period of five years in order to review the collated comments on a standard as necessary.

Where applicable, data may also be stored for longer than the above-mentioned five years. This may be necessary due to accounting legislation or other legal requirements. Data may also be stored for a longer period of time if SFS has sufficient grounds to believe that this may be necessary in light of a potential legal dispute.

When the stated storage period ends, your personal data will either be deleted or anonymised in such a way that you can no longer be identified based on it.

5. Your Rights Pursuant to Data Protection Law

Pursuant to the applicable data protection regulations and regarding your personal data as defined above, you have the right to:

(a) access your personal data stored by SFS and, in certain cases, request a copy of your data or for it to be transferred to another data system;
(b) request the correction of incorrect or incomplete data;
(c) request the deletion of outdated or unnecessary data from SFS systems;
(d) request for the processing of your data to be temporarily limited until another request related to your data has been resolved;
(e) object to the use of your data for direct marketing purposes or, if necessitated by your personal circumstances, for safeguarding the legitimate interests of SFS.

Whenever the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. However, this will not affect the legality of actions carried out before your consent was withdrawn.

If you are dissatisfied with how SFS has processed your personal data, you can also file a complaint with a competent data protection authority. In Finland this means the Office of the Data Protection Ombudsman (see tietosuoja.fi/en).

6. Contacts

If you have any questions regarding this privacy policy or your personal data, you can contact SFS using the following contact details:

SFS Finnish Standards
Malminkatu 34, 00100 Helsinki, Finland
PO Box 130, 00101 Helsinki, Finland Tel. +358 9 149 9331
Email: standardeista@sfs.fi

7. Changes

SFS may update this policy from time to time. We will notify users of any material changes to the policy.