Processing of external users’ personal data related to accounts in Valmet systems

External users’ personal data is controlled and processed by Valmet Oyj for ensuring secure access to Valmet information systems and data

The legal basis for the processing is legitimate interests pursued by the controller. The data items processed include username, IP addresses, used communication protocol, and connection and disconnection times.

The data may be accessed by relevant personnel within the Valmet group, as well as data processors Valmet is contracting for supporting its business. By default, the data will be stored in the EU and relevant regional services. However, when needed, the data may be accessed by Valmet personnel from outside of the EU. EU Model Clauses are used as appropriate safeguards for the access from outside of the EEA.  The usage logs will be stored for 3 months, the account information will be maintained until the account is deleted according to Valmet security policies.

Valmet will support the applicable data subject’s rights. This includes their rights of access to, rectification of, or erasure of personal data or restriction of processing concerning the data subject or to object to processing including direct marketing. The data subject has the right to lodge a complaint with a supervisory authority (data protection authority).