1. Controller Name: The Riitta and Jorma J. Takanen Foundation (the Foundation). Business ID: 1937654-2. Postal address: Haikolantie 20, 85410 Sievi.
2. Name of the register Grant applicant register of The Riitta and Jorma J. Takanen Foundation.
3. Person in charge of the register CEO of the Foundation Jarmo Rankinen. E-mail address: asiamies(at)rjtsaatio.fi. Phone number: +358 40 588 5511.
4. Purpose of processing personal data and legal basis The register is for grant decision-making, processing awarded grants and contacting applicants as well as monitoring and developing electronic services relating to the application process. Information provided in grant applications and data related to grant payments and the progress of research projects and their final reports are filed in the register. Details of applicants and applicant groups provided by applicants are filed in the register. Applicants may nominate also referees and information regarding these referees given by applicants is filed in the register. In addition to this, information related to payments as well as data regarding applicants´ activity in the grant portal, technical and log information and communication between an applicant and the controller over the portal are filed in the register. The legal basis of the filing and handling of the information in the register is an applicant´s consent to this procedure and statutory obligations of the controller. Also filing of information regarding other persons is based on consents given by these persons. Applicants must check from their referee in advance whether data on their personal data as a referee may be recorded in the system. To process an application an applicant has to provide information mentioned in the application form and its appendices. If this is not the case, the application is not processed further.
5. Recipients of personal data Personal data will be disclosed to CEO and the board of the Foundation, referees nominated by an applicant, evaluators of grant applications nominated by the Foundation, persons giving technical support, persons executing grant payments and auditors of the Foundation. The information is disclosed on the need to know basis only.
6. Protection of the register The user right to the system requires a personal user ID. The administrator provides each user a relevant access level of the register. To log to the register a personal password is needed. The connection is encrypted by a SSL-protocol. The process to log in and to use the register is monitored. The information is gathered to databases that are protected by different kind of technical methods. The servers of cloud services are located in locked-up premises to which access is controlled. Only certain pre-authorised persons have access to the data.
7. Data retention periods User IDs and personal data related to them: • User IDs will be retained as long as an applicant has unfinished applications. • If a user ID has been unused for more than two years and a user has no active applications the user ID will be deleted from the register. Unfinished applications: • Unfinished applications may be deleted from the register by an applicant herself/himself • The controller will delete unfinished applications from the register in 12 months after the relevant application period has ended. Evaluation information regarding applications: • Evaluation information will be deleted in three months after the decisions on a grant has been made. Rejected applications: • The controller delete or anonymize rejected applications in two years after the decision has been made. When anonymizing all the personal data will be deleted. Approved applications with appendices and additional information: • The controller deletes account numbers and social security numbers in two years after a report on usage of a grant has been approved. • Other information will be stored perpetually for the Foundation´s history and statistics purposes. Messages: • Messages related to an application will be removed when a relevant application is removed or a message is regarded unnecessary.
8. Data subjects´ right to access their personal data Users´ user IDs: An applicant is entitled to access the register and view all the information the applicant has provided in the register by previewing the application form. All the contact information may be viewed and updated, if needed, in Settings – Personal Data Grant applicants and grant recipients are entitled to have inaccurate personal data corrected in the Foundation’s register. The request for rectification must be made in writing and duly specified to CEO of the Foundation using an internal message of the application system or by e-mail. However, an applicant has no right to get information regarding an application evaluation process or data or information gathered for statistics purposes. An applicant has a right to cancel an application, and if this is a case the application process is stopped. If a decision on an application has already been made, all the information will not be deleted from the An applicant may take a pdf-copy of an application for personal purposes. If a data subject considers that her/his personal data is not processed legally, she/he has the right to file a complaint with the supervisory authority.
9. Disclosure of data Personal data may be disclosed to authorities, such as the Finnish Tax Administration and the Farmers’ Social Insurance Institution Mela, only within the limits permitted by law. The controller notifies the Tax Administration of detailed information on the grantee and the grant as annual notifications. The awarded grantees, grants and possibly a summary of a research may be published on the Foundation´s website and in the Foundation´s annual report. The controller may also disclose personal information related to awarded grants to foundations and other institutions awarding grants.