Kone Foundation’s Rules and Privacy Policy Statements

Kone Foundation is an independent foundation registered in the Finnish Patent and Registration Office. The Foundation is a legal person. The rules of the Foundation can be found through the link below. Kone Foundation has two privacy policy statements. The first statement covers the Foundation’s filing systems, which are 1) Grant Applicant Filing System 2) Grant Recipient Filing System 3) Contact Information Filing System and 4) List of Participants at Events. The second statement is about camera surveillance in the areas of the Lauttasaari Manor and the Saari Manor. Both privacy policy statements can be found on this page.

Kone Foundation’s Rules

Kone Foundation is an independent foundation registered in the Finnish Patent and Registeration Office. Kone Foundation is a legal person.

Further information such as register extract, rules, and financial statement of the foundation can be found on the Virre Information Service maintained by the Finnish Patent and Registeration Office.

The rules of the foundation can be read here.

Privacy policy statement covering Kone Foundation’s filing systems

Compiled on: 21 May 2018 (Updated 11 October 2022)
The EU General Data Protection Regulation (GDPR) 2016/679

1. Controller

Kone Foundation (registered foundation)
0213537-1
Otavantie 10, 00200 Helsinki
koneensaatio@koneensaatio.fi, +358 (0) 9 260 0617

2. Contact person in matters concerning the filing systems

Head of Finance Tiina Toivonen
tiina.toivonen@koneensaatio.fi

3. Names of the filing systems

1) Grant Applicant Filing System
2) Grant Recipient Filing System
3) Contact Information Filing System
4) List of Participants at Events

4. The purpose of processing personal data, i.e. the purpose of use and legal basis of the filing systems

1) Grant Applicant Filing System
A filing system for grant applications addressed to Kone Foundation for the purpose of processing grant applications, deciding on grant recipients, statistics and research.

2) Grant Recipient Filing System
For the payment of the grants awarded and for monitoring the payments, reporting the grant applications, making notifications of grant payments to the authorities and for statistics and research.

3) Contact Information Filing System
For communicating about the Foundation’s activities and opportunities of obtaining a grant and communicating with interest groups.

4) List of Participants at Events
For organising events and creating the conditions for participants’ networking.

The legal basis for the processing of the data in the above-mentioned filing systems is legitimate interest. Personal data is processed in order to make it possible for the Foundation to achieve the purpose of its operations.

5. Data content of the filing systems

1) Grant Applicant Filing System
Basic information about the grant applicant (such as name, contact information and date of birth/business ID), basic information about the grant or residency being applied for, end use and type of grant, potential work group, the amount of grant applied for, other financing applied for or received for the same purpose and the details of potential recommenders. In addition, any appendices sent by the applicant, such as work plans, degree certificates, CVs, portfolios and annual reports. The different parts of the application are described in the section ‘for grant applicants’ on the foundation’s website.

2) Grant Recipient Filing System
In addition to the same data as in the Grant Applicant Filing System, the Grant Recipient Filing System contains the grant recipient’s identification number, bank account number, the day the grant was awarded, grant sum and payment details for the grant.

3) Contact Information Filing System
The person’s basic data, such as name, professional title, organisation, email address, language and in some cases also postal address and phone number, as well as any prohibition to contact the person.

4) List of Participants at Events
The person’s basic data, such as name, professional title, organisation, email address and in some cases also postal address and phone number, as well as short descriptions of themselves written by the applicants and any additional data relating to the theme of the event, depending on the event. In connection with the registration, we ask the person for their permission to share the information with the other participants or people who have registered.


6. Regular sources of information

1) Grant Applicant Filing System
The data is received from the grant applicant. In addition, on the request of the applicant, the information in the references from the recommenders is received as confidential. Information about previously awarded grants is also obtained from the Kone Foundation’s grant system.

2) Grant Recipient Filing System
The data is received from the grant recipient. In addition, the grant recipient database contains information about the sums and awarding dates of grants awarded as well as their payment history.

3) Contact Information Filing System
The Foundation’s grant applicants and recipients are added into the filing system. If the applicants or recipients so choose, they can order the Foundation’s newsletter. The Foundation also adds people into the filing system itself from among the interest groups covered by the Foundation’s activities when it wants to communicate to them about its grants and activities. The data is received from the person themselves, for example when meeting them in person, from their business card and email messages. Data may also be collected from newspapers, publications, publicly available Internet sources, external service providers and corresponding filing systems and sources, colleagues, seminars and sector-specific meetings.

4) List of Participants at Events
The data is received from the participant of the event themselves in connection with their registration.

7. Regular disclosure of data

1) Grant Applicant Filing System
In addition to the Kone Foundation’s staff and persons elected to a position of trust, grant applications are processed by external evaluators who are experts in their field. These expert evaluators have no access to the applicant’s identification number or contact information, and the evaluators’ access is limited to the period of assessing the applications. The data may be disclosed for the purposes of performing an impact study or other research, in which case a confidentiality agreement will be made. If necessary, an applicant’s data may be disclosed to another foundation or sponsor in order to avoid overlapping grants.

2) Grant Recipient Filing System
The grants awarded are published on Kone Foundation’s website, in the Foundation’s annual report and its social media. As well as the title and recipient of the grant, a summary of the application will be published and, in some cases, the website address provided by the recipient. Paid grants are notified to the Tax Administration and the Farmers’ Social Insurance Institution Mela, which handles the recipients’ Farmers’ Pension Insurance (MYEL). The data may be disclosed for the purposes of performing an impact study or other research, in which case a confidentiality agreement will be made.

3) Contact Information Filing System
The data is not disclosed to persons outside the Kone Foundation’s staff.

4) List of Participants at Events
The data is disclosed, during the event or directly after it, to those who have registered for the event or those who participated in the event.

5) The Research Information Hub
The information concerning research grants awarded since 2019 (name of the project leader or grantee as well as general information on the project) are transferred by Aspicore Oy to be kept permanently in the Research Information Hub of the Finnish Ministry of Education and Culture. The Ministry and Kone Foundation act as joint controllers of the register. Joint control of registers does not imply that the foundation would store information from other funders.

8. Transferring data outside the EU or EEA

The data is not transferred outside the EU or EEA.

9. Principles of filing system protection

1) Grant Applicant Filing System
Only authorised, named persons have access to the Grant Applicant Filing System, and accessing it requires a user identification and password. The servers on which the filing system is located are maintained by an external service provider. The service provider is responsible for protecting the devices.  Some of the data in the filing system is printed for assessment work. The material is destroyed after the grant processing procedure has been completed.

2) Grant Recipient Filing System
The same principles apply as for the Grant Applicant Filing System; see the section above. The basic information about the grants awarded is printed and the printouts are stored in locked facilities.

3) Contact Information Filing System
Only authorised, named persons have access to the filing system, and accessing it requires a user identification and password.

4) List of Participants at Events
The persons participating in the event or registered for it have access to the list of names and organisations during the event. Other data provided by the participants can only be accessed by the Foundation’s staff who organise the event.

10. Duration of data storage

1) Grant Applicant Filing System
Information concerning the awarded applications is stored for the present, but no less than 10 years. The data permanently stored as appendices to the Board meeting minutes includes the applicant’s name, the purpose of the grant and the sum applied for. The information on unawarded applications is stored for three years.

2) Grant Recipient Filing System
The data is stored for the present, but no less than 10 years from the date of the last payment. The account number and identification number will be erased when the time limit set by law for the retention of accounting records has been reached. The permanent data stored as appendices to the Board meeting minutes includes the applicant’s name, the purpose of the grant and the awarded sum.

3) Contact Information Filing System
The data is stored for the present until it is no longer needed; for example, when the person changes jobs or otherwise moves on professionally to tasks that do not closely relate to the Foundation’s activities. Kone Foundation makes sure that the filing system is regularly updated and that unnecessary data is erased from it. Personal data may be collected, stored and updated also from controllers offering address, updating and other corresponding services.

4) List of Participants at Events
Data about participants is stored after the event has taken place for statistical and communication purposes.

11. Right of access

The data subject has the right to check the data concerning themselves.

1) Grant Applicant Filing System
A grant applicant may check the data concerning themselves by logging in to the online service for grants. The data subject may also request that the Foundation’s contact person in matters concerning the filing systems check their data.

However, the data subject does not have the right to receive information about the contents of the references sent directly by recommenders, nor about the notes made by the experts assessing the applications while performing the assessment. The confidentiality of this information protects the recommender’s and application evaluator’s privacy and ensures the value of the reference and assessment notes to the controller.

2) Grant Recipient Filing System
A grant recipient may check the data concerning themselves by logging in to the online service for grants and the payment request service. The data subject may also request that the Foundation’s contact person in matters concerning the filing systems check their data.

However, the data subject does not have the right to receive information about the contents of the references sent directly by recommenders, nor about the notes made by the experts assessing the applications while performing the assessment. The confidentiality of this information protects the recommender’s and application evaluator’s privacy and ensures the value of the reference and assessment notes to the controller.

The data that applicants convey about themselves by applying for Kone Foundation research funding are entered into a personal data register held by the Foundation. The registrar’s rights to collect, store, use and otherwise handle personal data are regulated by law. These general legal provisions are contained in the Data Protection Act.

Every “data subject” (i.e., the person to whom the personal data pertains) has the right to access and inspect the data relating to themselves. According to Finnish privacy protection laws, regulations must not infringe upon the right of persons to obtain knowledge as to whether personal data pertaining to them is stored in a personal data register, and if so in what manner. The registrar must respond to any requests for access to one’s own personal data by informing the person concerned of the sources of information in question. The registrar must also inform the person concerned as to how their personal data is used and of any third parties to which it is regularly released.

The right of access can be withheld in certain situations regulated by privacy protection laws and to which the right of access does not apply; i.e., to information collected for purely scientific and statistical purposes.

Requests for access to the personal registry data are to be sent to Kone Foundation in writing or made in person at the Kone Foundation office. The required information must be provided without undue delay in an intelligible form and, if requested, in writing. If carried out only once per year, the right of access is free of charge.

3) Contact Information Filing System
The data subject may request that the Foundation’s contact person in matters concerning the filing systems check their data.

4) List of Participants at Events
The data subject has access to the list of participants for as long as the list is stored in connection with organising the event.

12. The right to request the rectification of data

The data subject has the right to request the rectification of any inaccurate data concerning themselves. The request for rectification is made to the Foundation’s contact person in matters concerning the filing systems. We will reply to the request within a month of receiving it, or we will notify the person making the request of any extension to the time limit and the reason for the delay.

13. Other rights relating to the processing of personal data

The data subject has the right to request that data concerning themselves be erased, the right to object to the processing of their personal data and the right to file a complaint to the supervisory authority.

14. Automatic decision-making

The filing systems will not be used as the basis for decision-making without asking separately for the data subject’s consent.

Data file description of the recording CCTV in the Lauttasaari Manor and the Saari Residence area

1. Controller

Kone Foundation (registered foundation)

0213537-1

Otavantie 10, 00200 Helsinki, Finland

koneensaatio@koneensaatio.fi, +358 9 260 0617

2. Data protection officers responsible for matters concerning the filing systems of the recording CCTV

Lauttasaari Manor (Otavantie 10, 00200 Helsinki, Finland)
Manor Manager Jan Laaksonen
jan.laaksonen@koneensaatio.fi

Saari Residence (Saaren rantatie 21, 23140 Hietamäki, Finland)
Estate Manager Heidi Lapila
heidi.lapila@koneensaatio.fi

3. Names of the filing systems

Filing system of the Lauttasaari Manor recording CCTV

Filing system of the Saari Residence recording CCTV

4. Purpose of the filing systems

The purpose of CCTV surveillance is to protect the property of the controller, prevent crimes, assist in the detection of already committed crimes and ensure and increase the security of the area.

5. Data content of the filing systems

The image material filmed of the outside areas of the manors by the cameras (external walls of the buildings) belonging to the CCTV surveillance systems of the Lauttasaari Manor and the Saari Residence properties. The private areas surrounding the manor areas have been taken into account in the configuration of the camera systems’ recordings by masking them as required by law.

6. Regular sources of information

The image material transmitted by the cameras belonging to the recording CCTV surveillance systems of the Lauttasaari Manor (Otavantie 10, 00200 Helsinki) and the Saari Residence (Saaren rantatie 21, 23140 Hietamäki).

7. Regular disclosure of data

In cases of suspected crime, the controller may disclose recordings to the police or another competent authority.

8.  Disclosure of data outside the EU or EEA

Data is never disclosed outside the EU or EEA.

9. Principles of filing system protection

Data recorders and the recorded material are located in locked facilities to which only designated persons have access rights. Only designated persons have the right to handle the material. Access to the data is protected by a password combination. Recorded image material is destroyed by recording new material on top of the recordings.

10. Duration of data storage

Data is stored for a maximum of 3 months.

11. Notifying the relevant persons about the recording of image material for the filing systems

There are stickers announcing the use of CCTV surveillance cameras in the immediate vicinity of the CCTV devices. The data file description of the CCTV surveillance is available in electronic form on the Kone Foundation’s website. A paper version of the data file description will be printed on request. Please send your request for a paper form of the data file description to Manor Manager Jan Laaksonen (Lauttasaari Manor) or Estate Manager Heidi Lapila (Saari Residence); you will find their contact details above.

12. Right of access

If a person who has resided in the properties of the Lauttasaari Manor or the Saari Residence wishes to inspect the recordings of themselves, they shall send a written and personally signed request for access to one of the data protection officers in charge of the filing systems of the controller’s recording CCTV system: Jan Laaksonen (Kone Foundation, Otavantie 10, 00200 Helsinki, Finland) or Heidi Lapila (Saari Residence, Saaren rantatie 21, 23140 Hietamäki, Finland). The controller will reply to the request within a month of receiving it, or will notify the person making the request of any extension to the time limit and the reason for the delay.

Any viewing of the CCTV recordings shall take place at the controller’s premises. The person whom the image material recorded by the CCTV system concerns has the right to request the destruction of the recording. If the controller has a legitimate reason for storing the recording, they may refuse the request to destroy it.