Privacy Statement, 12 December 2022
Controller: Finnish Parkinson Foundation, Business ID: 1568053-9
Address: Itäinen pitkäkatu 27 B 31, FI-20700 Turku, Finland
Contact person and data protection officer: Terhi Pajunen-Mäkelä, General Secretary
E-mail: saatio ( at ) parkinsonsaatio.fi, tel. +358 400 824 438
Created on 22 May 2018, updated 12.12.2022
This Privacy Statement is based on the European Union’s new General Data Protection Regulation (EU) 2016/67 (GDPR), Finland’s Personal Data Act No. 523/1999, sections 10 and 24, and Government Proposal No. 9/2018 for complementary legislation to the EU General Data Protection Regulation.
In its operations, the Foundation is committed to complying with effective legislation relating to the processing of personal data and data protection. The Finnish Parkinson Foundation functions as a controller as referred to in legislation governing the processing of personal data and data protection.
- grant applicants and grant recipients (grant application process, grants database);
- individuals on the Foundation’s payroll and elected officials (Foundation’s HR administration);
- related parties of the Foundation (related party register);
- donor register (contact register).
The Foundation does not process sensitive personal data.
Processing of personal data in registers
Register generated during the grant application process
Processing of personal data during the grant application, decision-making, payment and reporting stages.
Grant applicants’ data is processed by the General Secretary during the preparation stage, by three expert members of the Foundation’s Board of Trustees during the assessment stage, and by the members of the Board of Trustees during the decision-making stage. The grant application is a digital webform created by Visma Sign (https://vismasign.com/).
Grant recipients submit their payment details (name, address, personal identity code, bank account number) by Visma Sign webform. Payments are processed by the General Secretary alongside the accounting firm Fiscales Oy. The accounting software is online and it is managed by the accounting firm’s service provider.
Opportunities to apply for grants are announced on Decemberan the call for applications is during 1 till 31 January each year. Advertisements for grant applications are published on the Foundation’s website, Suomen Lääkärilehti (Finnish Medical Journal), Duodecim Journal, on the mailing lists of associations operating in the field, etc. Application instructions and details of assessment criteria are available on the Foundation’s website.
The application for the grant is electronic and is carried out using the Visma Sign webforms (www.vismasign.fi). The signature uses strong identification, which requires banking codes or MobileID´s.
The following personal data is collected on the application form: the applicant’s name, year of birth, degree, official post or position, employer, address, telephone number, e-mail address, grants awarded, pending grant applications, and most important publications.
Data collected on the research team on the application form include its leader’s name, degree and position, and the names and degree titles of other team members. In addition to the applicant, the application form is signed digitally by the director of the place of research.
On the application form, applicants give their consent for their names to be published online if they are awarded a grant. On the application form, applicants give their consent for details of the grant awarded to them, including the amount of the grant, to be disclosed to another foundation from which they have applied for a grant. The information is disclosed to the presenting officer of the foundation concerned.
The application form is stored electronically in the personal Visma Sign archive of the applicant and the director of the performance site and is kept there for 30 days. Applications are also archived in the foundation's Visma Sign archive.
Automated profiling or automated processing is not used to process applications. During the assessment process, individuals assessing the applications use a web-based application with an encrypted connection and secure access codes.
Decisions made on applications are stored in the database. Positive decisions are also sent by post.
The recipient of the grant will be notified of the award of the grant by e-mail. The registered recipient of the grant reports the use of the grant using online forms (Microsoft Forms).
Storage of and public access to data:
Approved applications are stored in a Visma Sign archive in electronic format, up until receipt of their reporting details. Rejected applications are erased from the online service within approximately one month of the announcement. Reports are removed from the online service once the Board of Trustees has been informed of them.
Electronic copies of approved application forms are stored in the Foundation’s database for a maximum period of 10 years. Reports are stored in electronic format for a maximum period of 10 years. These are neither public nor disclosed to any third parties.
Applicants’ names and degree titles, places of research, grants awarded or negative decisions are retained as part of the details of the minutes of the Foundation’s Board of Trustees until further notice. The reason for the above-mentioned practice is the public-interest nature of the Foundation; this is to establish that the Foundation is a grant-awarding foundation, which is fulfilling its purpose.
Grant recipients’ names, degree titles and places of research are also publicly available on the Foundation’s website, in the Foundation’s management report and in its annual report, which is made available online alongside a printed publication. A press release is drawn up on grant recipients every year and their details are announced annually at the spring meeting of the founder of the Foundation, the Finnish Movement Disorders Association. The right to be omitted mainly applies to the online environment.
Once grant decisions have been made, the Foundation is obliged to declare the grant recipients’ personal details and amounts of grants to the pension insurance company and the Finnish Tax Administration.
Register of employees and elected officials
The payroll administration generates a register on employees and elected officials, which includes names, addresses, personal identity codes and bank account numbers, as well as information received from the Tax Administration. The data is appropriately processed by the Foundation’s General Secretary and the Chair of its Board of Trustees, as well as the payroll officers appointed by the accounting firm Fiscales Oy for this purpose. The payroll administration will submit the information required by law to the relevant authorities. Personal data will be stored for the period specified in the Accounting Act. The data is stored in electronic format.
Related party register
The Foundations Act requires the Foundation to identify the individuals deemed to be its related parties in its decision-making and financial processes. In this respect, the Foundation maintains a list of the names of its Trustees, General Secretary and auditor, as well as the members and deputy members of the Executive Committee, Executive Director and auditor of its founder, the Finnish Movement Disorders Association.
The name data on the list of related parties is processed by the Foundation’s General Secretary and Trustees, grant recipients and the Foundation’s partners, in order to verify the related party relationship according to the Foundations Act when dealing with the Foundation.
The Foundation maintains a register of the names and addresses of those who have made donations to the Foundation for its personalised communications. Donors may refuse communications and public disclosure of their details. By entering their names in the message field on the donation form, donors give their consent for publication of their names in the Foundation’s printed and digital communications. For one-off donations, this information is published once. The information is retained in the printed annual report and the corresponding electronic version. This increases openness concerning the nature of the Foundation’s operations.
The Foundation has organised its document management in order to fulfil the requirements of the General Data Protection Regulation for processing grant applications, limiting the number of processors and storing data throughout the processing period. With regard to outsourced services, the Foundation trusts the contracts signed with its partners and compliance with the General Data Protection Regulation.
The Foundation’s own information management system is not located on an external server. Data is stored in a locked area and backed up regularly. Data access rights are only held by designated individuals. Access to the data requires a username and password. Paper archives are stored in a locked area and in a locked cabinet. With regard to document retention periods, the Foundation complies with relevant laws and its Code of Conduct.
Rights of data subjects and disclosure of data
Data subjects have the statutory right to access their own personal data and the right to request rectification or erasure of such data or restriction of its processing, or to object to its processing, as well as the right to data portability within the limits of the law. Data subjects have the right to have incomplete personal data completed.
Registered grant applicants have the right to receive copies of any data on themselves, but the Foundation does not disclose any information on comments made by those assessing or issuing opinions on grant applications to applicants.
The right of access can be refused in certain situations laid down in the Personal Data Act and there is no right of access to data collected solely for scientific research purposes or statistical purposes, for example.
The right of access is provided free of charge no more than once a year (12 months), and requests should be made in writing in the form of a signed letter addressed to the General Secretary of the Foundation and sent to the address mentioned in the Privacy Statement.
The Foundation will notify the data subject of the measures taken as a result of the request within one month of receipt of the request. With regard to complex and extensive requests, the specified period may be extended by no more than two months.
Data subjects have the right to lodge a complaint with a supervisory authority.
Registered grant applicants, employees and elected officials are required by law to submit their personal data to make it possible to pay salaries or grants, while also submitting information relating to taxation and pension insurance to the relevant authorities.
Information on a grant awarded to a registered grant recipient may be disclosed to another foundation from which the recipient has applied for a grant, provided that the recipient has given consent to this on the application form.
Collection of the names of data subjects’ related parties is based on the Foundations Act.
No data on data subjects will be disclosed to any third party for marketing or other purposes according to section 30 of the Personal Data Act.
No data on data subjects is disclosed or transferred to countries outside the EU or EEA.
As a controller, the Foundation is obliged to notify data protection authorities and data subjects of any breaches of personal data held by the Foundation.