Skip to content

Applications for Orion Research Foundation grant

INFORMATION NOTICE

Record of Processing Activities

General Data Protection Regulation (2016/679), Articles 13, 14 and 30

Date of drafting: March 22nd, 2018

We may update or revise this Information Notice/ Record of Processing Activities at any time, with any notice to you as may be required under applicable law. Your right to data portability and/or restriction of processing, if applicable, will become applicable as of May 25th, 2018.

Controller / Company

Orion Research Foundation sr (Company Identification Number: 0564489-2)

c/o Orion Co

Orionintie 1

02200 Espoo Finland

Tel. 010 4261

2. The person in charge / contact person

Anu Imppola

Manager, Orion Research Foundation sr Orion Corporation

Orionintie 1A 02200 Espoo

Tel. 010 426 3803

e-mail: anu.imppola@orion.fi

3. Name of the data file

Applications for Orion Research Foundation grant

4. The purpose for processing the personal data / recipients (or categories of recipients) of personal data / the legal basis for processing the personal data

The purpose for use of this data file is to receive and manage grant applications.

We may share your information with third parties, such as for statutory purposes with tax authorities and Mela for arranging pension and occupational accident insurance and those who assist us by performing technical operations such as data storage and hosting.

The legal basis for processing of the personal data is consent of the data subject (EU General Data Protection Regulation Article 6.1.a).

5. Content of the data file

Applicants’s first name and surname, sum of the grant, personal grant, date of birth, gender, occupation, post or position, date of public examination of doctoral dissertation, workplace / university place, work address, home address, phone number, email address, name of supervising professor, adviser or superior, year, foundation or applicaple, purpose and amount of previous grants minimum of 3.000 € received in the past last three years and pending applications, Curriculum Vitae, publications and research plan.

6. Source of information

When applying grant via the Internet, the applicant enters data about himself/herself.

7. Transfers of personal data to countries outside the European Union or the European Economic Area

Personal data from the register is not transferred to other countries outside Finland.

8. Protection of the transferred personal data

Personal data from the register is not transferred to other countries outside Finland.

9. Retention period of the personal data

The personal data shall be retained by the controller for a period of six (6) calender years. / The criteria used for determining the period of retaining of the personal data is the following: Finnish law for accounting (Kirjanpitolaki, KPL, 30.12.1997/1336).

10. The principles how the data file is secured

A.  Manual data file

The manual data shall be stored in an area with restricted access, available only for the authorized persons who need the data for performing their work.

B.   Electronic information

The electronic data shall be stored in a proof area in One Drive with restricted access, available only for the authorized persons who need the data for performing their work.

11. Right of access and right to data portability

The data subject shall have the right of access, after having supplied sufficient search criteria, to the data on himself/herself in the personal data file, or to a notice that the file contains no such data. The controller shall at the same time provide the data subject with information on the sources of the data, on the uses for the data in the file, and the destinations of disclosed data.

The data subject shall have the right to data portability, i.e. the right to receive his or her personal data, which the data subject has provided to the controller and that is being processed by automated means, in a structured and machine readable format and the right to transmit those data to another controller, where the basis for processing is consent or the fulfilment of a contract between the controller and the data subject.

The data subject who wishes to have access to the data on himself/herself, as referred to above, shall make a request to this effect to the person in charge at controller by a personally signed or otherwise comparably verified document and by verifying his or her identity by attaching a copy of an official identification document.

12. Right to withdraw consent / Right to object to processing

In case the legal basis for processing the personal data is the consent of the data subject, the data subject has the right to withdraw the consent.

In case the legal basis for processing the personal data is the legitimate interests of the controller, the data subject has the right to object to processing on grounds relating to his or her particular situation. The data subject always has the right to object to processing of the personal data for direct marketing purposes.In case the data subject wishes to use its above-mentioned rights, he or she shall make a request to this effect to the person in charge at the data controller by a personally signed or otherwise comparably verified document in writing to the representative of the data controller named under section 2. hereinabove.

Withdrawal of consent does not render the processing of personal data performed prior to such withdrawal unlawful.

13. Rectification, restriction of processing and erasure

A controller shall, on its own initiative or at the request of the data subject, without undue delay rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.

Under specific circumstances, the data subject has the right to obtain from the controller restriction of processing of his or her personal data.

If the controller refuses the request of the data subject of the rectification of an error, a written certificate to this effect shall be issued. The certificate shall also mention the reasons for the refusal. In this event, the data subject may bring the matter to the attention of the Data Protection Ombudsman.

The controller shall undertake reasonable measures to notify the erasure to the controllers to whom the data has been disclosed and who are processing the data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Requests for the above uses of data subject’s rights shall be made by contacting the representative of the controller named under section 2 hereof.