Published May 20, 2025

​​Processing of personal data in Sitra’s stakeholder and marketing work​ 


1   Controller

The Finnish Innovation Fund, Sitra (business ID 0202132-3).  

Address: Itämerenkatu –11-13, PO Box 160, 00181 Helsinki 
Phone: +358 294 618 991 
Email: kirjaamo@sitra.fi 

Data Protection Officer: 

Janika Skaffari
Administrative Specialist 
 

2 Purpose of personal data processing 

We process personal data for the purpose of managing stakeholder and cooperation relationships. The information may be related to the organisation and communication of events, training and trips. We use personal data in stakeholder communications e.g. sending newsletters and in relation to stakeholder cooperation platforms. In addition, the data can be used to implement communication analytics. 

Personal data is not processed by means of automated decision-making. 

3 Legal basis for processing 

Personal data is processed on the basis of legitimate interest. 

The legitimate interest of the controller is based on the relevant relationship between the controller and the data subject. Data subjects are important stakeholder representatives due to their position, role, or connection with one of Sitra’s significant stakeholders. The data subject may also have expressed their willingness to receive stakeholder communications or have participated in an event organised by Sitra.  

4 Processed personal data 

In order to carry out stakeholder and marketing work, we may process the following personal data: 

  • name 
  • contact details 
  • method of address 
  • country 
  • organisation and job title 
  • information related to communication and meetings 
  • photo and video 
  • technical information related to the use of collaboration platforms 
  • personal data collected for the purpose of carrying out the event or trip, such as information on food restrictions, personal data included in the passport and information about the next of kin  
  • personal data collected for statistical and analytics purposes 
  • other personal data provided by the data subject 

5 Source of the personal data 

Personal data of stakeholders and partners is collected from the data subject e.g. in connection with event registration or in connection with the organisation of a meeting. Data may also be collected from external sources, such as publicly available internet sources and registers maintained by external service providers. 

6 Personal data retention period 

The data collected in the register is retained only for as long as necessary and to the extent required in relation to the original or compatible purposes for which the personal data was collected.  

The data collected for the implementation of the event or trip, such as food restrictions, passport information or the information of a close relative, is retained only for as long as is necessary for the implementation of the event or trip in question.  

7 Regular disclosure of personal data  

If necessary, the data is disclosed to other organisations for the purpose of carrying out the trip or event. 

8 Transfer of data outside the EU or EEA 

The personal data contained in the register may be transferred outside the EU or EEA. Any such transfer shall comply with the European Commission’s standard clauses or otherwise ensure that the transfer is carried out in accordance with the General Data Protection Regulation.  

9 Data protection principles 

The databases containing personal data are located on servers that are kept in locked, secure facilities and can only be accessed by authorised individuals whose duties require such access. The servers are protected by a  firewall and other appropriate technical safeguards. 

Any physical data material containing personal data is kept in locked, secure facilities that can only be accessed by authorised individuals whose duties require such access, and who process this personal data as part of the performance of their duties. 

The databases and systems can only be accessed with separately issued personal usernames and passwords. Sitra has restricted the access rights and authorisations to data systems and other storage media so that the data can only be accessed and processed by individuals whose duties require it for lawful processing purposes. In addition, the database and system transactions are registered in the logs of Sitra’s IT systems. 

Sitra’s employees and other personnel are bound by a confidentiality obligation and are required to keep confidential the information received in connection with the personal data processing.  

10 Rights of the data subject 

The data subject has the following rights under the EU General Data Protection Regulation: 

  • right to obtain information on the processing of their personal data 
  • right of access to their data 
  • right to rectification of their data 
  • right to erasure of their data 
  • right to restrict the processing of their data 
  • right to object to the processing of their personal data 

Requests concerning the implementation of the data subject’s rights should be directed to Sitra’s registry by email at kirjaamo@sitra.fi  

The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that the processing of their personal data infringes the EU General Data Protection Regulation.  

11 Changes to the privacy policy 

We reserve the right to update this privacy policy by notifying any changes on our website. The updates may, for example, be based on changes in legislation.