Privacy statement

Framework of the Privacy Policy

This Privacy Policy is based on the European Union’s new General Data Protection Regulation (EU) 2016/67 (GDPR) and Finland’s Data Protection Act (1050/2018).

In its operations, the Foundation is committed to complying with effective legislation relating to the processing of personal data and data protection. The Finnish Parkinson Foundation functions as a controller as referred to in legislation governing the processing of personal data and data protection.

Data subjects:

1. anyone who fills in and submits the contact form (contact register);
2. newsletter subscribers (contact register);
3. donors (donor register);
4. grant applicants and grant recipients (grant application process, grants database);
5. related parties of the Foundation (related party register);
6. individuals on the Foundation’s payroll and elected officials (Foundation’s HR administration).

The Foundation does not process sensitive personal data. The Foundation’s website does not allow visitors to leave comments or upload their own content.

Cookies

The website does not collect user statistics or user analytics, nor does it use cookies to identify site visitors. The website does not allow visitors to log in or leave comments as guest users.

Content embedded from other sites

Articles on this website may contain embedded content (such as video clips, images, articles, etc.). Opening any embedded content from other websites is comparable with visiting a third-party website. Such websites may collect data about you, use cookies, embed third-party tracking cookies and monitor your interactions with embedded content.

Processing of personal data in registers

Visitors’ contact register

1. Register generated from contact forms. The Foundation uses Gravity Forms to create forms allowing visitors to submit a contact request to the Foundation (collecting names and e-mail addresses) or provide data on setting up a collection of fund-raising donations, in which case the data collected includes names, addresses, telephone numbers, name of the collection and time of the event. The contact forms will be destroyed once the Foundation has taken the matter under consideration and they will not be stored on the Foundation’s servers.
2. Register generated from newsletter subscribers. For delivery of newsletters, the Foundation uses Mailjet, a European e-mail delivery service, which takes the requirements of the EU’s General Data Protection Regulation into account comprehensively and has obtained ISO 27001 certification for information security management. Newsletters collect subscribers’ names and e-mail addresses for the register. Newsletters may be exclusively targeted at grant applicants and grant recipients. Their names and e-mail addresses will be collected. View Mailjet’s Privacy Policy.
3. Donor register. The Foundation maintains a register of the names and addresses of those people who have made donations to the Foundation for its personalised communications. Donors may refuse communications and public disclosure of their details. By entering their names in the message field on the donation form, donors give their consent for publication of their names in the Foundation’s printed and digital communications. For one-off donations, this information is published once. The information is retained in the printed annual report and the corresponding electronic version. This increases openness concerning the nature of the Foundation’s operations. It is based on legitimate interest.

Register generated during the grant application process: grant applicants and grant recipients.

Processing of personal data during the grant application, decision-making, payment and reporting stages.

Grant applications are filled in using Visma Sign webforms. Grant applicants’ data is processed by the General Secretary during the preparation stage, by three expert members of the Foundation’s Board of Trustees during the assessment stage, and by the members of the Board of Trustees during the decision-making stage.

After the decision has been made, grant recipients will submit their payment details (name, address, personal identity code, bank account number) electronically on another Visma Sign webform. Payments are processed by the General Secretary alongside the accounting firm Fiscales Ltd. The accounting software is online, and it is managed by Netvisor as the accounting firm’s service provider.

Data collection:

Application periods for grants are announced in December every year and each application period runs from 1 to 31 January. Advertisements for grant applications are published on the Foundation’s website, in Suomen Lääkärilehti (Finnish Medical Journal) and Duodecim Journal, and on the mailing lists of associations operating in the field, etc. Application instructions and details of assessment criteria are available on the Foundation’s website.

Grant applications are submitted electronically using Visma Sign webforms (www.vismasign.fi). Digital signature requires strong identification with online banking access codes or MobileIDs.

The following personal data is collected on the application form: the applicant’s name, year of birth, degree, official post or position, employer, address, telephone number, e-mail address, details of grants awarded, pending grant applications, and most important publications.

Data collected on the research team on the application form includes its leader’s name, degree and position, and the names and degree titles of other team members.

In addition to the applicant, the application form is to be digitally signed by the director of the place of research, whose name and e-mail address will be collected.

On the application form, applicants give their consent for their names to be published online if they are awarded a grant. On the application form, applicants give their consent for details of the grant awarded to them, including the amount of the grant, to be disclosed to any other foundation from which they have applied for a grant. The information is disclosed to the presenting officer of the foundation concerned.

The application form will be electronically stored in the personal Visma Sign archives of the applicant and the director of the place of research for a period of 30 days. Applications will also be stored in the Foundation’s Visma Sign archive.

Automated profiling or automated processing is not used to process applications.

Successful applicants will be informed of the award of a grant by e-mail. Registered grant recipients report on use of grants using online forms (Microsoft Forms).

Storage of and public access to data:

Approved applications are stored in a Visma Sign archive in electronic format, up until receipt of their reporting details. Rejected applications are erased from the online service within approximately one month of the announcement. Reports are removed from the online service once the Board of Trustees has been informed of them.

Electronic copies of approved application forms are stored in the Foundation’s database for a maximum period of 10 years. Reports are stored in electronic format for a maximum period of 10 years. These are neither made public nor disclosed to any third parties. The practice is based on legitimate interest.

Applicants’ names and degree titles, places of research, grants awarded or negative decisions are retained as part of the details of the minutes of the Foundation’s Board of Trustees until further notice. The reason for the above-mentioned practice is the public-interest nature of the Foundation; this is to establish that the Foundation is a grant-awarding foundation, which is fulfilling its purpose.

Grant recipients’ names, degree titles and places of research are also publicly available on the Foundation’s website, in the Foundation’s management report and in its annual report, which is made available online alongside a printed publication. A press release is drawn up on grant recipients every year and their details are announced annually at the annual general meeting of the founder of the Foundation, the Finnish Movement Disorders Association. The right to be omitted mainly applies to the online environment.

Once grant decisions have been made, the Foundation is obliged to declare the grant recipients’ personal details and amounts of grants to the pension insurance company and the Finnish Tax Administration.

Related party register

The Foundations Act requires the Foundation to identify the individuals deemed to be its related parties in its decision-making and financial processes. In this respect, the Foundation maintains a list of the names of its Trustees, General Secretary and auditor, as well as the members and deputy members of the Executive Committee, Executive Director and auditor of its founder, the Finnish Movement Disorders Association.

The name data on the list of related parties is processed by the Foundation’s General Secretary and Trustees, grant recipients and any individuals and entities engaged in financial transactions with the Foundation, in order to verify the related party relationship according to the Foundations Act when dealing with the Foundation.

Register of employees and elected officials

The payroll administration generates a register on employees and elected officials, which includes names, addresses, personal identity codes and bank account numbers, as well as information received from the Tax Administration. The data is appropriately processed by the Foundation’s General Secretary and the Chair of its Board of Trustees, as well as the payroll officers appointed by the accounting firm Fiscales Ltd for this purpose. The payroll administration will submit the information required by law to the relevant authorities. Personal data will be stored for the period specified in the Accounting Act. The data is stored in electronic format. The practice is based on legitimate interest.

Document management

The Foundation has organised its document management so as to fulfil the requirements of the General Data Protection Regulation for processing grant applications, limiting the number of processors and storing data throughout the processing period. With regard to outsourced services, the Foundation trusts the contracts signed with its partners and their compliance with the General Data Protection Regulation.

The Foundation’s own information management system is not located on an external server. Data is stored in a locked space and backed up regularly. Data access rights are only held by designated individuals. Access to the data requires a username and password. Paper archives are stored in a locked space and in a locked cabinet. With regard to document retention periods, the Foundation complies with relevant laws and its Code of Conduct.

Rights of data subjects and disclosure of data

Data subjects have the statutory right to access their own personal data and the right to request rectification or erasure of such data or restriction of its processing, or to object to its processing, as well as the right to data portability within the limits of the law. Data subjects have the right to have incomplete personal data completed.

Registered grant applicants have the right to receive copies of any data on themselves, but the Foundation does not disclose any information on comments made by those assessing or issuing opinions on grant applications to applicants.

The right of access can be refused in certain situations laid down in the Data Protection Act and there is no right of access to data collected solely for scientific research purposes or statistical purposes, for example.

The right of access is provided free of charge no more than once a year (12 months), and requests should be made in writing in the form of a signed letter addressed to the General Secretary of the Foundation and sent to the address mentioned in the Privacy Policy.

The Foundation will notify the data subject of the measures taken as a result of the request within one month of receipt of the request. With regard to complex and extensive requests, the specified period may be extended by no more than two months.

Data subjects have the right to lodge a complaint with a supervisory authority.

Registered grant applicants, employees and elected officials are required by law to submit their personal data to make it possible to pay salaries or grants, while also submitting information relating to taxation and pension insurance to the relevant authorities.

Information on a grant awarded to a registered grant recipient may be disclosed to another foundation from which the recipient has applied for a grant, provided that the recipient has given consent to this on the application form.

Collection of the names of data subjects’ related parties is based on the Foundations Act.

No data on data subjects will be disclosed to any third party for the purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, public registers or genealogical research.

No data on data subjects is disclosed or transferred to countries outside the EU or EEA.