English Suomeksi

Privacy policy

Privacy Policy Statement
Date: 02/03/2020

Register name 
Register of grant applicants 

Data controller
Foundation to Support Research Effectiveness sr (3000075-7)
Mariankatu 5A
FI-00170 Helsinki

Data processor
Stiftelsen för utbildning och kultur på svenska i Finland (2379356-8)
Georgsgatan 27
FI-00100 Helsingfors

Stiftelsen för utbildning och kultur på svenska i Finland uses the following subsuppliers:
• Amazon Web Services, for sending e-mails to registered users of the application system
• Signicat, for the identification of people requesting payment of grants
• Telia-Inmics Nebula Oy, all information in the register is stored on Telia-Inmics Nebula’s servers

Data protection officer’s contact information
Petro Putanen
Data protection officer
petro.poutanen@vaikuttavuussaatio.fi
+358 40 767 1631

The controller’s legitimate interest
The processing of data in the register is based on a legitimate interest. Personal data is being processed in order to realise the purpose of the foundation. Processing of data entailing specific risks, for example identity numbers and bank account details, is done to as limited an extent as possible.

Aim of personal data processing
Register of grant applicants:
- In order to process grant applications submitted to the Foundation to Support Research Effectiveness.
Register of grant recipients:
- Used for payment and follow-up of grants and to make necessary grant reports to authorities.
Register of applicant response provided in conjunction with the application process:
- Used to develop the usability and functionality of the application system
- The register has no impact on the processing of the applicant’s applications

Register data content
The register is used to preserve information about the applicant or the contact person, which has primarily been provided by the applicant.
Compulsory personal data when submitting an application:
- information that identifies the applicant (such as name, address, telephone number, e-mail address, VAT number)
The personal information provided by the applicant in the application, such as:
- resume or list of qualifications
- grades from school and higher education
- work certificates
- other documents and information attached by the applicant in support of their application
- possible recommendations obtained with the applicant’s consent
- other information that is necessary for the application
If the applicant is approved a grant, the following information about the applicant will also be saved in the electronic register, such as:
- account number
- information regarding requisition and payment transactions
- information about when decisions have been made
- information about possible changes to the grant or reclamation of grants
- information about TUPAS identification in connection with requisitions
- the recipient’s statement of use of grant

How long the data is stored for
The applicant’s application and data is stored in perpetuity. The application documents, for approved and rejected applications alike, also have a major cultural history value for future research in the Foundation to Support Research Effectiveness support activities, and give the fund a chance to evaluate the effect of and develop its activities.
The digital material is transferred to passive storage after 20 years, meaning that only a small number of staff members have access to older information. Stiftelsen för utbildning och kultur på svenska i Finland regularly reviews and adjusts the storage time for application materials.

Regulated disclosure of data
- The applications are processed by the representative of the Foundation to Support Research Effectiveness, the board of the foundation, and possible external experts. Foundation to Support Research Effectiveness finance-personnel are also authorised to handle the information. 
- All persons with access to the data are bound by professional secrecy.
- The persons who evaluate the applications have only limited access to the parts of the material that they need to see in order to carry out their duties, and the access to the data is for a defined time period, meaning that the persons can no longer access the data after completing their duties.
- The right to view and update personal data is limited both in terms of persons and time through the processor’s internal, centrally administered, rights.
- Data can, pursuant to the General Data Protection regulation and other data protection legislation, mainly be disclosed to:
  • The Finnish Tax Administration
- Data relating to approved grants can be disclosed in (rejections are not published):
  • Publications
  • Website 
  • Social media
- Data can, where necessary, be disclosed to other foundations and trusts in order to promote information exchange.

Transfer of data to countries outside the European Union (EU) or the European Economic Area (EEA)
- Data is not disclosed to countries outside of the EU or EEA.

The principles to publish decisions regarding grants and personal data
The controller publishes the following information about all grant recipients:
- name
- the purpose for which the grant was approved
- size of the approved grant
- decision date
- category

The information is published in order to maintain public trust in the funding system and to avoid overlap in approving grants for specific purposes.

The controller protects the integrity of applicants, experts and persons who have given recommendations and therefore does not disclose comments on applications.

Principles for protecting the register
- When processing applications and data, the privacy of the applicants shall not be put at undue risk. The documents are only handled by persons whose duties require it. Persons with access to personal data are under professional secrecy.
- Rimbert is an application and processing system for grants, which is maintained and owned by Stiftelsen för utbildning och kultur på svenska i Finland. The Foundation to Support Research Effectiveness has a right to license the programme. The license does not include access to the programme code, nor does it allow transfer of use to a third party. The right to use also does not entail a right to make changes to the system.
- Applications, data, and application appendices shall be protected by Stiftelsen för utbildning och kultur på svenska i Finland from unauthorised access.
- The applicants’ connections to the web service for the application and processing of grants is protected by SSL encryption which Stiftelsen för utbildning och kultur på svenska i Finland is responsible for.
- Stiftelsen för utbildning och kultur på svenska i Finland has an agreement with Telia-Inmics Nebula Oy who is responsible for storing the service and register in a Nebula Cloud 9 service with security based on industry standards such as PCI-DSS. Password protected administrator access to the register is only given to named individuals by Stiftelsen för utbildning och kultur på svenska i Finland.

Automatic processing
The Foundation to Support Research Effectiveness does not use automatic decision-making processes.
 
Right to access data

- Persons have a right to check if they are registered in the Foundation to Support Research Effectiveness' register.
- Persons have a right to access their data in the register.
- A request to access such data must be submitted in writing and signed by the person whose data is being requested. A user of the application system can also log in and, under “Personal data” choose to download all stored data that relates to the account.
- The controller may ask the person requesting access to their data to prove their identity.
- The controller protects the integrity of applicants, experts and persons who have given recommendations and therefore does not disclose comments on applications.
- Requests are answered within one month of being received.
- Requests shall be sent to:

Foundation to Support Research Effectiveness
Data protection officer Petro Poutanen
Mariankatu 5 A
FI-00170 Helsinki

Right to request correction of data
- incorrect information in the register shall be corrected upon specific request by a registered person
- requests shall be sent to: petro.poutanen@vaikuttavuussaatio.fi

Right to object
The data subject person may object to personal data being processed when applying, but this means that the processing of the application is disrupted.

Right to request erasure

The data subject has the right to request the erasure of his or her personal data if:
- The data subject objects to the processing and there is no justified reason or legal grounds for continued processing of the data.
- The data processing is illegal.
Pursuant to legislation, the Foundation to Support Research Effectiveness is often required to store personal data in order to, for example, fulfil its legally mandated responsibilities or handle legal claims.

Right to transfer data
The data subject is not entitled to have their data transferred to another controller.

Right to file a complaint
The data subject may file a complaint with the supervisory authority if they feel that the processing of personal data is in contravention of the General Data Protection Regulation.