Kone Foundation’s Rules and Privacy Policy Statements

Kone Foundation is an independent foundation registered in the Finnish Patent and Registration Office. The Foundation is a legal person. The rules of the Foundation can be found through the link below. Kone Foundation has two privacy policy statements. The first statement covers the Foundation’s filing systems, which are 1) Grant Applicant Filing System 2) Grant Recipient Filing System 3) Contact Information Filing System and 4) List of Participants at Events. The second statement is about camera surveillance in the areas of the Lauttasaari Manor and the Saari Manor. Both privacy policy statements can be found on this page.

Kone Foundation’s Rules

Kone Foundation is an independent foundation registered in the Finnish Patent and Registeration Office. Kone Foundation is a legal person.

Further information such as register extract, rules, and financial statement of the foundation can be found on the Virre Information Service maintained by the Finnish Patent and Registeration Office.

The rules of the foundation can be read here.

Privacy policy statement covering Kone Foundation’s filing systems

Compiled on: 21 May 2018 (Updated 11 October 2022)
The EU General Data Protection Regulation (GDPR) 2016/679

1. Controller

Kone Foundation (registered foundation)
0213537-1
Otavantie 10, 00200 Helsinki
koneensaatio@koneensaatio.fi, +358 (0) 9 260 0617

2. Contact person in matters concerning the filing systems

Head of Finance Tiina Toivonen
tiina.toivonen@koneensaatio.fi

3. Names of the filing systems

1) Grant Applicant Filing System
2) Grant Recipient Filing System
3) Contact Information Filing System
4) List of Participants at Events

4. The purpose of processing personal data, i.e. the purpose of use and legal basis of the filing systems

1) Grant Applicant Filing System
A filing system for grant applications addressed to Kone Foundation for the purpose of processing grant applications, deciding on grant recipients, statistics and research.

2) Grant Recipient Filing System
For the payment of the grants awarded and for monitoring the payments, reporting the grant applications, making notifications of grant payments to the authorities and for statistics and research.

3) Contact Information Filing System
For communicating about the Foundation’s activities and opportunities of obtaining a grant and communicating with interest groups.

4) List of Participants at Events
For organising events and creating the conditions for participants’ networking.

The legal basis for the processing of the data in the above-mentioned filing systems is legitimate interest. Personal data is processed in order to make it possible for the Foundation to achieve the purpose of its operations.

5. Data content of the filing systems

1) Grant Applicant Filing System
Basic information about the grant applicant (such as name, contact information and date of birth/business ID), basic information about the grant or residency being applied for, end use and type of grant, potential work group, the amount of grant applied for, other financing applied for or received for the same purpose and the details of potential recommenders. In addition, any appendices sent by the applicant, such as work plans, degree certificates, CVs, portfolios and annual reports. The different parts of the application are described in the section ‘for grant applicants’ on the foundation’s website.

2) Grant Recipient Filing System
In addition to the same data as in the Grant Applicant Filing System, the Grant Recipient Filing System contains the grant recipient’s identification number, bank account number, the day the grant was awarded, grant sum and payment details for the grant.

3) Contact Information Filing System
The person’s basic data, such as name, professional title, organisation, email address, language and in some cases also postal address and phone number, as well as any prohibition to contact the person.

4) List of Participants at Events
The person’s basic data, such as name, professional title, organisation, email address and in some cases also postal address and phone number, as well as short descriptions of themselves written by the applicants and any additional data relating to the theme of the event, depending on the event. In connection with the registration, we ask the person for their permission to share the information with the other participants or people who have registered.


6. Regular sources of information

1) Grant Applicant Filing System
The data is received from the grant applicant. In addition, on the request of the applicant, the information in the references from the recommenders is received as confidential. Information about previously awarded grants is also obtained from the Kone Foundation’s grant system.

2) Grant Recipient Filing System
The data is received from the grant recipient. In addition, the grant recipient database contains information about the sums and awarding dates of grants awarded as well as their payment history.

3) Contact Information Filing System
The Foundation’s grant applicants and recipients are added into the filing system. If the applicants or recipients so choose, they can order the Foundation’s newsletter. The Foundation also adds people into the filing system itself from among the interest groups covered by the Foundation’s activities when it wants to communicate to them about its grants and activities. The data is received from the person themselves, for example when meeting them in person, from their business card and email messages. Data may also be collected from newspapers, publications, publicly available Internet sources, external service providers and corresponding filing systems and sources, colleagues, seminars and sector-specific meetings.

4) List of Participants at Events
The data is received from the participant of the event themselves in connection with their registration.

7. Regular disclosure of data

1) Grant Applicant Filing System
In addition to the Kone Foundation’s staff and persons elected to a position of trust, grant applications are processed by external evaluators who are experts in their field. These expert evaluators have no access to the applicant’s identification number or contact information, and the evaluators’ access is limited to the period of assessing the applications. The data may be disclosed for the purposes of performing an impact study or other research, in which case a confidentiality agreement will be made. If necessary, an applicant’s data may be disclosed to another foundation or sponsor in order to avoid overlapping grants.

2) Grant Recipient Filing System
The grants awarded are published on Kone Foundation’s website, in the Foundation’s annual report and its social media. As well as the title and recipient of the grant, a summary of the application will be published and, in some cases, the website address provided by the recipient. Paid grants are notified to the Tax Administration and the Farmers’ Social Insurance Institution Mela, which handles the recipients’ Farmers’ Pension Insurance (MYEL). The data may be disclosed for the purposes of performing an impact study or other research, in which case a confidentiality agreement will be made.

3) Contact Information Filing System
The data is not disclosed to persons outside the Kone Foundation’s staff.

4) List of Participants at Events
The data is disclosed, during the event or directly after it, to those who have registered for the event or those who participated in the event.

5) The Research Information Hub
The information concerning research grants awarded since 2019 (name of the project leader or grantee as well as general information on the project) are transferred by Aspicore Oy to be kept permanently in the Research Information Hub of the Finnish Ministry of Education and Culture. The Ministry and Kone Foundation act as joint controllers of the register. Joint control of registers does not imply that the foundation would store information from other funders.

8. Transferring data outside the EU or EEA

The data is not transferred outside the EU or EEA.

9. Principles of filing system protection

1) Grant Applicant Filing System
Only authorised, named persons have access to the Grant Applicant Filing System, and accessing it requires a user identification and password. The servers on which the filing system is located are maintained by an external service provider. The service provider is responsible for protecting the devices.  Some of the data in the filing system is printed for assessment work. The material is destroyed after the grant processing procedure has been completed.

2) Grant Recipient Filing System
The same principles apply as for the Grant Applicant Filing System; see the section above. The basic information about the grants awarded is printed and the printouts are stored in locked facilities.

3) Contact Information Filing System
Only authorised, named persons have access to the filing system, and accessing it requires a user identification and password.

4) List of Participants at Events
The persons participating in the event or registered for it have access to the list of names and organisations during the event. Other data provided by the participants can only be accessed by the Foundation’s staff who organise the event.

10. Duration of data storage

1) Grant Applicant Filing System
Information concerning the awarded applications is stored for the present, but no less than 10 years. The data permanently stored as appendices to the Board meeting minutes includes the applicant’s name, the purpose of the grant and the sum applied for. The information on unawarded applications is stored for three years.

2) Grant Recipient Filing System
The data is stored for the present, but no less than 10 years from the date of the last payment. The account number and identification number will be erased when the time limit set by law for the retention of accounting records has been reached. The permanent data stored as appendices to the Board meeting minutes includes the applicant’s name, the purpose of the grant and the awarded sum.

3) Contact Information Filing System
The data is stored for the present until it is no longer needed; for example, when the person changes jobs or otherwise moves on professionally to tasks that do not closely relate to the Foundation’s activities. Kone Foundation makes sure that the filing system is regularly updated and that unnecessary data is erased from it. Personal data may be collected, stored and updated also from controllers offering address, updating and other corresponding services.

4) List of Participants at Events
Data about participants is stored after the event has taken place for statistical and communication purposes.

11. Right of access

The data subject has the right to check the data concerning themselves.

1) Grant Applicant Filing System
A grant applicant may check the data concerning themselves by logging in to the online service for grants. The data subject may also request that the Foundation’s contact person in matters concerning the filing systems check their data.

However, the data subject does not have the right to receive information about the contents of the references sent directly by recommenders, nor about the notes made by the experts assessing the applications while performing the assessment. The confidentiality of this information protects the recommender’s and application evaluator’s privacy and ensures the value of the reference and assessment notes to the controller.

2) Grant Recipient Filing System
A grant recipient may check the data concerning themselves by logging in to the online service for grants and the payment request service. The data subject may also request that the Foundation’s contact person in matters concerning the filing systems check their data.

However, the data subject does not have the right to receive information about the contents of the references sent directly by recommenders, nor about the notes made by the experts assessing the applications while performing the assessment. The confidentiality of this information protects the recommender’s and application evaluator’s privacy and ensures the value of the reference and assessment notes to the controller.

The data that applicants convey about themselves by applying for Kone Foundation research funding are entered into a personal data register held by the Foundation. The registrar’s rights to collect, store, use and otherwise handle personal data are regulated by law. These general legal provisions are contained in the Data Protection Act.

Every “data subject” (i.e., the person to whom the personal data pertains) has the right to access and inspect the data relating to themselves. According to Finnish privacy protection laws, regulations must not infringe upon the right of persons to obtain knowledge as to whether personal data pertaining to them is stored in a personal data register, and if so in what manner. The registrar must respond to any requests for access to one’s own personal data by informing the person concerned of the sources of information in question. The registrar must also inform the person concerned as to how their personal data is used and of any third parties to which it is regularly released.

The right of access can be withheld in certain situations regulated by privacy protection laws and to which the right of access does not apply; i.e., to information collected for purely scientific and statistical purposes.

Requests for access to the personal registry data are to be sent to Kone Foundation in writing or made in person at the Kone Foundation office. The required information must be provided without undue delay in an intelligible form and, if requested, in writing. If carried out only once per year, the right of access is free of charge.

3) Contact Information Filing System
The data subject may request that the Foundation’s contact person in matters concerning the filing systems check their data.

4) List of Participants at Events
The data subject has access to the list of participants for as long as the list is stored in connection with organising the event.

12. The right to request the rectification of data

The data subject has the right to request the rectification of any inaccurate data concerning themselves. The request for rectification is made to the Foundation’s contact person in matters concerning the filing systems. We will reply to the request within a month of receiving it, or we will notify the person making the request of any extension to the time limit and the reason for the delay.

13. Other rights relating to the processing of personal data

The data subject has the right to request that data concerning themselves be erased, the right to object to the processing of their personal data and the right to file a complaint to the supervisory authority.

14. Automatic decision-making

The filing systems will not be used as the basis for decision-making without asking separately for the data subject’s consent.

Privacy Policy of the recording camera surveillance of Lauttasaari Manor and Saari Residence area

1. Controller

Kone Foundation (registered foundation)

0213537-1

Otavantie 10, 00200 Helsinki, Finland

koneensaatio@koneensaatio.fi, (09) 260 0617

2. Persons in charge of recording camera surveillance register matters

Lauttasaari Manor (Otavantie 10, 00200 Helsinki)

Manor Manager Jan Laaksonen

jan.laaksonen@koneensaatio.fi

Saari Residence (Saari Manor, Saaren rantatie 21, 23140 Hietamäki, Finland)

Estate Manager Heidi Lapila

heidi.lapila@koneensaatio.fi

3. Names of registers

Lauttasaari Manor’s CCTV register

Saari Residence’s CCTV surveillance register

4. Data to be processed

 The camera surveillance register contains data on persons in the camera surveillance area (the area under the control of Kone Foundation). In addition to the footage, information on the time of recording is stored. No sound is recorded.

5. Purposes and legal basis for processing personal data

The purpose of camera surveillance is to protect the controller’s property, prevent crime, help solve crimes that have already occurred, and ensure and increase security in the area. Camera surveillance has been announced in the areas where the cameras are located.

In carrying out camera surveillance, the legitimate interest is:

  • Ensuring the safety of Kone Foundation employees and other visitors to the premises, as well as the general public
  • Protection of property
  • Prevention of crime and vandalism
  • Investigating aforementioned situations.


6. The register’s data content

The data content of the registers consists of footage taken by the cameras of the surveillance systems of the Lauttasaari Manor and the Saari Residence properties from the exterior areas and the interior of the main building of the Saari Manor. The camera systems’ recordings have been analysed taking into account the private areas surrounding the estate areas by masking (covering) them as required by law.

7. Regular disclosure of data

The controller of the register processes the personal data itself, and only the designated security personnel process personal data from camera surveillance. We will only transfer personal data to third parties in the cases set out below;

  • We may disclose the customer’s personal data as required by the legal authorities, or as necessary to investigate criminal offences, misconduct, accidents, or incidents, in accordance with the legislation in effect at present time.
  • The data may be disclosed to an insurance company for the purpose of settling a claim.

8. Disclosure of data outside the EU or EEA

No data will be disclosed outside the EU or EEA.

9. Grounds for the protection of the register

 The recorders and the recorded material are located in locked premises with access rights reserved for designated persons. Only designated persons have the right to process the material. Access to the data is protected by a password combination. Stored visual data is destroyed by overwriting the recordings with new recordings.

10. Duration of data storage

Data will be kept for a maximum of one month, unless a longer period is necessary for the preparation, presentation or defense of a possible legal claim or other investigation of criminal offences, misconduct, accidents or incidents.

11. Information on registration

 Recording camera surveillance is indicated by signs in the immediate vicinity of the surveillance cameras. The register description of camera surveillance is available on Kone Foundation’s website. If necessary, a paper copy of the register description will be printed out for the enquirer. A request for a paper copy should be addressed to Jan Laaksonen (Lauttasaari Manor) or Heidi Lapila (Saari Residence), see contact details above.

12. Right of access

If a person who has been on the premises of Lauttasaari Manor or Saari Residence wishes to inspect the recording concerning them, they must submit a written and signed request for inspection to the controller or the register responsible for the recording camera surveillance, Jan Laaksonen (Kone Foundation, Jan Laaksonen, Otavantie 10, 00200 Helsinki) or Heidi Lapila (Saari Residence, Saaren rantatie 21, 23140 Hietamäki). The controller will reply to the request within one month of receiving the request or will inform the applicant of any extension of the deadline and the reason for the delay.

Any viewing of the camera recording shall take place at the premises of the controller. The subject of the recording has the right to demand its destruction. If the controller has a justified reason for keeping the recording, it may refuse to comply with the request for its destruction.