2. Data subjects
- Applicants of AIFF’s grants, programs and other support services
- Funders, partners and other collaborators
3. Basis and purpose of keeping the register
Personal data is processed based on the registered applicant or cooperation relationship. The data is collected and processed with applicant’s or collaborators consent, or for the implementation of the contract with applicant or collaborator.
Personal data is only processed for predefined purposes, which are as follows:
- Managing the applicant or cooperation relationship
- Marketing and sharing information about our services and activities
4. Data content of the registry
The registry can contain following details:
Applicants: name, e-mail address, telephone number, address, social security, username and password, details of applied or granted funding or support, bank account details
Collaborators: company name, Y-ID, contact person name, email address, telephone number, address, details of offered support and ways of collaboration, bank account details
5. Data subject’s rights
In matters related to processing personal information or exercising the data subject’s rights, please contact the data controller representative.
Requests pertaining to the right of access or the realization of other data subject rights must be submitted to the controller in writing by email or by post. The request may also be presented in person at the office of the controller.
The controller may request the data subject to sufficiently clarify which information or processing the request relates to.
In order to ensure that personal information is not disclosed to persons other than the data subject, the controller may request that the data subject sign the request. The controller may also ask the issuer of the request to verify their identity with an official identification card or other reliable means.
Right to access their data
Data subjects have the right to request access to their personal information in order to determine the processing thereof.
As a general rule, the data subject has the right to know what information the customer register contains on them. The controller may request the data subject to sufficiently clarify which information or processing the request relates to.
The data subject’s right of access may be restricted or refused on the basis of the General Data Protection Regulation if the disclosure would adversely affect the rights and freedoms of others. Such rights include, for example, the controller’s business secrets and third-party personal data. National legislation (the Data Protection Act etc.) may also impose restrictions on the data subject’s right.
Right to data rectification
Data subjects have the right to request that the controller rectify any inaccurate or incorrect personal information without undue delay.
Direct marketing ban
The data subject has the right to prohibit the use of data for direct marketing.
Right to data erasure
The data subject has the right to request the erasure of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the controller may have a statutory or other right not to delete the requested information.
Cancelling the consent
If the processing of the data subject’s personal data is based only on consent, and not e.g. on applicant or collaboration relationship, the data subject can withdraw the consent.
The data subject can appeal the decision to a competent regulatory authority.
The data subject has the right to demand that we limit the processing of disputed data until the matter is resolved.
Right to lodge a complaint with a regulatory authority
Data subject has the right to lodge a complaint with a competent regulatory authority if the data subject feels that the controller has not complied with the applicable data protection regulations.
6. Sources of personal information
The controller receives the personal data directly from the data subject and authorities. Data is also collected by using Google Analytics and Google Signals.
7. Recipients or recipient categories of personal data
Register data is not disclosed outside AIFF or ISFI. Some of the external service providers used by them may store data outside the EU or the European Economic Area. Information may be disclosed to authorities on the basis of requests based on the law.
8. Duration of processing
As a general rule, personal data is processed as long as the relationship between data subject and registrant is valid.
9. Processors of personal data
The controller and its employees process personal data. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.
10. Automatic decision making
Automated individual decisions (Article 22 of the EU Data Protection Regulation) are not made.