in content lists or on the content page.Processing of personal data in the operations of Sitra’s Registry
1 Controller
The Finnish Innovation Fund, Sitra (business ID 0202132-3).
Address: Itämerenkatu 11-13, PO Box 160, 00181 Helsinki
Phone: +358 294 618 991
Email: kirjaamo@sitra.fi
Data Protection Officer:
Janika Skaffari
Administrative Specialist
2 Purpose of personal data processing
We process personal data in order to handle information requests and access rights requests, and handle other contacts processed by Sitra’s Registry.
Personal data is not processed by means of automated decision-making.
3 Legal basis for processing
Personal data is processed on the basis of legitimate interest.
4 Processed personal data
We may process the following personal data:
- name
- contact details
- organisation
5 Source of the personal data
Personal data is primarily collected from the data subject.
6 Personal data retention period
The data collected in the register is retained only for as long as necessary and to the extent required for the original or compatible purposes for which the personal data was collected.
The information on data subjects contained in the register is deleted once a year, unless it is necessary to retain it for a longer period of time in an individual case in order to respond to a request for information or access rights, and to fulfil other obligations related to requests.
7 Regular disclosure of personal data
Data is not regularly disclosed to external parties or organisations.
8 Transfer of data outside the EU or EEA
Personal data contained in the register may be transferred outside the EU or EEA. Any such transfer shall comply with the European Commission’s standard clauses or otherwise ensure that the transfer is carried out in accordance with the General Data Protection Regulation.
9 Data protection principles
The databases containing personal data are located on servers that are kept in locked, secure facilities and can only be accessed by authorised individuals whose duties require such access. The servers are protected by a firewall and other appropriate technical safeguards.
Any physical data material containing personal data is kept in locked, secure facilities and can only be accessed by authorised individuals whose duties require such access, and who process this personal data as part of the performance of their duties.
The databases and systems can only be accessed with separately issued personal user usernames and passwords. Sitra has restricted the access rights and the authorisations to data systems and other storage media so that the data can only be accessed and processed by individuals whose duties require it for lawful processing purposes. In addition, the database and system transactions are registered in the logs of Sitra’s IT systems.
Sitra’s employees and other personnel are bound by a confidentiality obligation and are required to keep confidential any information received in connection with the processing of personal data.
10 Rights of the data subject
The data subject has the following rights under the EU General Data Protection Regulation:
- right to obtain information on the processing of their personal data
- right of access to their data
- right to rectification of their data
- right to erasure of their data
- right to restrict the processing of their data
- right to object to the processing of their personal data
Requests concerning the implementation of the data subject’s rights should be directed to Sitra’s registry by email at kirjaamo@sitra.fi
The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that the processing of their personal data infringes the EU General Data Protection Regulation.
11 Changes to privacy policy
We reserve the right to update this privacy policy by notifying any changes on our website. The updates may, for example, be based on changes in legislation.