Updated (12 April 2026)
1. Data controller
Name: The Riitta and Jorma J. Takanen Foundation.
Business ID: 1937654-2.
Postal address: Haikolantie 20, 85410 Sievi.
2. Name of the register
Riitta and Jorma J. Takasen Foundation grant system.
3. Contact person of the data controller
The Foundation’s contact person is the Managing Director, Jarmo Rankinen.
Email: asiamies(at)rjtsaatio.fi.
Telephone: +358 40 588 5511.
4. Purpose and legal basis for processing personal data (GDPR)
The personal data collected are processed for the purposes of receiving, administering, assessing and deciding on grant applications; paying awarded grants; communicating with applicants and other data subjects; and monitoring the use of the electronic service (the “Service”), ensuring information security and developing the Service.
The register contains personal data submitted in grant applications and their attachments, as well as personal data related to the payment of awarded grants and to follow-up, interim and final reporting of the research or project.
The Service collects contact details and other relevant information relating to the grant applicant (data subject) and members of the working group. Personal data are obtained from applicants. The applicant may also name referees; the referee details stored in the Service are provided by the applicant.
In addition, the Service processes personal data relating to grant payments and payment transactions, as well as technical and usage data (such as event logs) necessary for ensuring information security, troubleshooting and developing the Service. Messages exchanged within the Service between the data subject and the data controller are also stored.
The legal bases for processing are, as applicable: (i) the data subject’s consent (GDPR Article 6(1)(a)); and/or (ii) the data controller’s legitimate interests (GDPR Article 6(1)(f)) in carrying out the Foundation’s grant activities and maintaining the Service. Where the applicant provides personal data relating to other persons (e.g., working group members or referees), the applicant must ensure that the persons concerned have been informed of such disclosure and, where required, that a valid consent has been obtained.
In order to submit an application for processing, the applicant must provide the personal data requested in the application form and required attachments. If the required personal data are not provided, the application may be rejected or left unprocessed.
The minutes of the Foundation’s Board meetings include basic information about the applicant (however, not the personal identity code nor payment-related data), basic information about the application, as well as the decision regarding the application. To this extent, the legal basis is compliance with a legal obligation (GDPR Article 6(1)(c)), i.e., the obligation under the Foundations Act (3:6 §) to draw up minutes of the Board meeting. In addition, under section 4(1)(3) of the Finnish Data Protection Act, personal data may be processed in accordance with GDPR Article 6(1)(e) where processing is necessary for scientific or historical research purposes, subject to appropriate safeguards (including GDPR Article 89, where applicable).
5. Categories of recipients of personal data
Personal data are processed by the Foundation’s Managing Director, referees named by the applicant, evaluators separately designated by the Foundation, the Foundation’s Board, designated users responsible for payments, and auditors. In addition, personal data may be processed by technical support personnel and external service providers acting as processors on behalf of the Foundation. Personal data are made available only to the extent necessary for the duties of each recipient group.
6. Security of processing (GDPR Article 32)
Access to the register requires a personal user account.
The administrator also determines the level of access granted to users.
Logging into the system requires a personal password, and the system is used via an encrypted SSL connection. Use of the register and logins are monitored. Data are stored in the service databases, which are protected by various technical and organizational measures. The cloud service servers are located in secured facilities, and access to the data is restricted to certain pre-defined persons. Access rights are granted on a need-to-know basis and are subject to confidentiality obligations.
Processing and storage of grant applications as well as storage of Board meeting minutes take place in the systems of external service providers. Such service providers process personal data on behalf of the Foundation as processors, based on applicable data processing agreements.
7. International transfers (transfers outside the EEA)
As a rule, the Foundation processes personal data within the European Economic Area (EEA). If, however, personal data are transferred outside the EEA (for example, through the use of service providers), the Foundation ensures that an appropriate transfer mechanism and safeguards under GDPR Chapter V are in place (such as an adequacy decision by the European Commission or the European Commission’s Standard Contractual Clauses, as applicable) and that data subjects’ rights remain protected.
8. Retention period of personal data
User accounts and related personal data:
- User accounts are retained if users have applications that have not been marked as completed.
- If, at the time of review, a user account has not been used for more than two years and the applicant has no active applications, the user account will be deleted from the system.
Draft applications:
- The applicant may delete draft applications from the system themself.
- The Foundation deletes draft applications within 12 months of the end of the application period.
Application evaluation data:
- Evaluation data are deleted within 3 months after the grant decisions have been made.
Rejected applications:
- The Foundation deletes or anonymizes applications that have received a negative decision within two years of the decision date, unless otherwise stated below. In anonymization, all personal data are removed from the application data.
- Information recorded in the minutes of the Foundation’s Board meetings is retained permanently in order to comply with the requirements set by the Foundations Act.
Granted applications with attachments as well as follow-up/reporting data:
- The Foundation deletes bank account numbers and personal identity codes related to granted applications within two years after the grant usage plan/report has been approved.
- Other data are retained long-term for the purposes of collecting the Foundation’s historical information and for statistical purposes.
- Information recorded in the minutes of the Foundation’s Board meetings is retained permanently in order to comply with the requirements set by the Foundations Act.
Messages:
- Messages related to an application are deleted when the application is deleted or when the messages are deemed unnecessary.
9. Rights of the data subject
User accounts:
The grant applicant can log into the system and view the data they have provided in the register by opening the application form preview. The applicant’s current contact details can be viewed and updated under Settings – Personal details.
The applicant has the right and obligation to correct incorrect data. If the applicant has a request or questions regarding the matter, the applicant may contact the Foundation’s Managing Director via the system’s internal message function or by email.
However, the applicant does not have the right of access to stored application evaluation data or to data collected for statistical purposes.
The applicant has the right to withdraw the application, in which case it will not be evaluated.
If a decision has already been made on the application, the application data cannot be deleted in full from the system.
The applicant can download their application form from the system as an electronic PDF file for their own use.
The applicant also has the right to lodge a complaint with the supervisory authority if they consider that their personal data have been processed incorrectly.
In addition to the rights described above, the data subject may, where applicable and subject to statutory limitations, request rectification or erasure of personal data, restriction of processing, object to processing carried out on the basis of legitimate interests, and request data portability (GDPR Articles 16–21). Requests may be submitted using the contact details in section 3.
10. Disclosure of data
Information on grants awarded to natural persons is disclosed to the Farmers’ Social Insurance Institution (MELA) if the duration and amount of the grant exceed the thresholds defined by MELA.
Information on grants paid to natural persons is disclosed to the Finnish Tax Administration.
Recipients and amounts of awarded grants, and possibly also summaries of the research/project, are published on the Foundation’s website and in the annual report.
The Foundation may disclose personal data related to grants it has awarded to other grant/subsidy providers.
The Foundation may also disclose personal data to Finnish Foundations and Funds (Säätiöt ja rahastot ry) and to research institutes and researchers for statistical and research purposes.
WEBSITE PRIVACY NOTICE
The Riitta and Jorma J. Takanen Foundation (the “Foundation”) is committed to protecting your privacy and personal data. The Foundation processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection legislation. This privacy notice concerning the Foundation’s website (“Website”) provides information on how the Foundation and its representatives process personal data related to the Website and the Foundation’s other online services. Please read this privacy notice before using the Website. If you do not accept this privacy notice, please stop using the Website.
Processing of personal data
The Foundation does not collect or store any personal data about you in any section of this Website. The Foundation collects personal data for the purpose of processing grant applications available on the Website, but collection requires that the grant applicant themself completes the grant application form. You can read more about the processing of personal data collected by the Foundation via the grant application in the privacy notice for the Foundation’s grant applicant and recipient register available on the Foundation’s Website.
Cookies
The Foundation uses cookies and similar technologies on the Website to compile statistics about Website use and to develop the Website. Where required under applicable cookie rules, cookies are used on the basis of the user’s consent; otherwise, cookies are used to the extent necessary for the functioning, security and development of the Website. A cookie is a small text file stored on the user’s device. Cookies do not harm users’ devices or files. Users may disable cookies in their browser settings; however, doing so may slow down some services or prevent access to certain parts of the Website. The Foundation uses the Google Analytics visitor tracking service on the Website. With this service, we collect anonymous statistics about Website users with the aim of improving content. The Google Analytics service stores the following information for our use:
- the daily number of visitors to the Website
- visitors’ geographic location
- which sections of the Website users have browsed
- how visitors arrived at the Website
- which devices visitors used to browse the Website (computer, smartphone, tablet)
- the relative share of new and returning visitors on the Website
The Foundation does not collect or store any information about users through Google Analytics that would allow users to be identified or individualised, nor does the Foundation combine data obtained via the Website with data submitted in connection with grant applications. You can prevent visitor tracking using the Google Analytics opt-out function https://tools.google.com/dlpage/gaoptout.
Links and connections to other websites
The Foundation’s Website may contain links and connections to third-party websites. When you open a link, you may allow third-party website cookies to be stored on your device, enabling the administrators of those sites to track use of that website. Third-party websites are subject to the privacy, terms of use and other conditions defined by each website operator. The Foundation has no control over third-party websites, and the Foundation is not responsible for any material published on them or for their use.
Updates to the privacy notices and right of access
These privacy notices were last updated on 12 April 2026. As the Foundation continuously seeks to develop its Website, we reserve the right to amend these notices. We recommend that you check the Website from time to time for any changes to these privacy notices. You may contact the Foundation at any time to check whether we process personal data concerning you and what data we may hold. More information about data subjects’ rights can be found in the privacy notice for the Foundation’s grant applicant and recipient register. Enquiries related to the Website Privacy Notice may be sent to: The Riitta and Jorma J. Takanen Foundation, Haikolantie 20, 85410 SIEVI, asiamies@rjtsaatio.fi.
