English Svenska Suomeksi

Privacy Policy Statement

Privacy Policy Statement
Date: 08/02/2022

Register name
Register of grant applicants

Data controller
Minerva Foundation
VAT no: FI01272083
Tukholmankatu 8
FI-00290 Helsinki

Data processor
Utdelningsstiftelsen för Svenska kulturfonden sr. (VAT no: FI23793568)
Georgsgatan 27
FI-00100 Helsingfors

Utdelningsstiftelsen för Svenska kulturfonden sr. uses the following data processors
• Amazon Web Services, for sending e-mails to registered users of the application system
• NETS, for the identification of people requesting payment of grants
• Telia Cygate / Telia, all information in the register is stored on Telia’s servers

Data protection officer’s contact information
Patrik Lerche
Agent
patrik.lerche@minervafoundation.fi

The controller’s legitimate interest
The processing of data in the register is based on a legitimate interest. Personal data is being processed in order to realise the purpose of the foundation. Processing of data entailing specific risks, for example identity numbers and bank account details, is done to as limited an extent as possible.

Aim of personal data processing
Register of grant applicants:
- In order to process prize and grant applications submitted to Minerva Foundation.

Register of grant recipients:
- Used for payment and follow-up of grants and to make necessary grant reports to authorities.

Register of applicant response provided in conjunction with the application process:
- Used to develop the usability and functionality of the application system
- The register has no impact on the processing of the applicant’s applications

Register data content
The register is used to preserve information about the applicant or the contact person, which has primarily been provided by the applicant.

Compulsory personal data when submitting an application:
- information that identifies the applicant (such as name, address, telephone number, e-mail address, identity number/VAT number)

The personal information provided by the applicant in the application, such as:
- resume or list of qualifications
- grades from school and higher education
- work certificates
- other documents and information attached by the applicant in support of their application
- possible recommendations obtained with the applicant’s consent
- other information that is necessary for the application

If the applicant is approved a grant, the following information about the applicant will also be saved in the electronic register, such as:
- account number
- information regarding requisition and payment transactions
- information about when decisions have been made
- information about possible changes to the grant or reclamation of grants
- the recipient’s statement of use of grant

How long the data is stored for
The applicant’s application and data is stored in perpetuity. The application documents, for approved and rejected applications alike, also have a major cultural history value for future research in the Minerva Foundation’s support activities, and give the foundation a chance to evaluate the effect of and develop its activities.

Regulated disclosure of data
- The applications are processed by the secretariat of the Minerva Foundation, the board of the foundation and external experts.
- All persons with access to the data are bound by professional secrecy.
- The persons who evaluate the applications have only limited access to the parts of the material that they need to see in order to carry out their duties, and the access to the data is for a defined time period, meaning that the persons can no longer access the data after completing their duties.
- The right to view and update personal data is limited both in terms of persons and time through the processor’s internal, centrally administered, rights.
- Data relating to approved grants can be disclosed in (rejections are not published):
  • Publications
  • Website
  • Social media
- Data can, where necessary, be disclosed to other foundations and trusts in order to promote information exchange.

Transfer of data to countries outside the European Union (EU) or the European Economic Area (EEA)
- Data is not disclosed to countries outside of the EU or EEA.

The principles to publish decisions regarding grants and personal data
The controller publishes the following information about all grant recipients:
- name
- the purpose for which the grant was approved
- place of residence
- size of the approved grant
- decision date
- category

The information is published in order to maintain public trust in the funding system and to avoid overlap in approving grants for specific purposes.

The controller protects the integrity of applicants, experts and persons who have given recommendations and therefore does not disclose comments on applications.

Principles for protecting the register
- When processing applications and data, the privacy of the applicants shall not be put at undue risk. The documents are only handled by persons whose duties require it. Persons with access to personal data are under professional secrecy.
- Rimbert is an application and processing system for grants, which is maintained and owned by Utdelningsstiftelsen för Svenska kulturfonden sr. Minerva Foundation has a right to license the programme. The license does not include access to the programme code, nor does it allow transfer of use to a third party. The right to use also does not entail a right to make changes to the system.
- Applications, data, and application appendices shall be protected by Utdelningsstiftelsen för Svenska kulturfonden sr. from unauthorised access.
- The applicants’ connections to the web service for the application and processing of grants is protected by SSL encryption which Utdelningsstiftelsen för Svenska kulturfonden sr. is responsible for.
- Utdelningsstiftelsen för Svenska kulturfonden sr. has an agreement with Telia Cygate / Telia who is responsible for storing the service and register in cloud service with security based on industry standards such as PCI-DSS. Password protected administrator access to the register is only given to named individuals by Utdelningsstiftelsen för Svenska kulturfonden sr.

Automatic processing
Minerva Foundation does not use automatic decision-making processes.

Right to access data
- Persons have a right to check if they are registered in the Minerva Foundation’s register.
- Persons have a right to access their data in the register.
- A request to access such data must be submitted in writing and signed by the person whose data is being requested. A user of the application system can also log in and, under “Personal data” choose to download all stored data that relates to the account.
- The controller may ask the person requesting access to their data to prove their identity.
- The controller protects the integrity of applicants, experts and persons who have given recommendations and therefore does not disclose comments on applications.
- Requests are answered within one month of being received.
- Requests shall be sent to:
Minerva Foundation
Agent Patrik Lerche
Jätkäsaarenkuja 14 F 245
00220 Helsinki

Right to request correction of data
- incorrect information in the register shall be corrected upon specific request by a registered person
- requests shall be sent to: patrik.lerche@minervafoundation.fi

Right to object
The data subject person may object to personal data being processed when applying, but this means that the processing of the application is disrupted.

Right to request erasure
The data subject has the right to request the erasure of his or her personal data if:
- The data subject objects to the processing and there is no justified reason or legal grounds for continued processing of the data.
- The data processing is illegal.
Pursuant to legislation, Minerva Foundation is often required to store personal data in order to, for example, fulfil its legally mandated responsibilities or handle legal claims.

Right to transfer data
The data subject is not entitled to have their data transferred to another controller.

Right to file a complaint
The data subject may file a complaint with the supervisory authority if they feel that the processing of personal data is in contravention of the General Data Protection Regulation.