Logo

 

PRIVACY POLICY STATEMENT

29.5.2026

1. Data controller

Sakari Alhopuron säätiö sr (Sakari Alhopuro Foundation)
Business ID: 3097088–4

2. Name of register

Grant system of the Sakari Alhopuro Foundation

3. Contact person

Carita Rantanen, Managing Director of the Foundation, shall serve as contact person.
E-mail address: firstname.lastname (at) sakarialhopuronsaatio.fi
Telephone: +358 40 5039 609

4. Intended use of personal data and legal justification

Personal data is collected and processed for the purpose of facilitating the grant activities of the Foundation. The personal data is used for the processing of and correspondence related to grant applications and awarded grants, and as a means of facilitating and developing the monitoring of the use of the online service. The legal justification for the processing of personal data is the applicants’ consent regarding the storage and processing of their personal data and the legitimate interest of the Foundation for the purposes of carrying out its activities as a grant-awarding foundation. The legal justification for the storage and processing of personal data concerning individuals other than the applicants is the legitimate interest of the Foundation as a grant-awarding foundation as well as the legitimate interest of the applicant as a possible grant recipient.

The information given in the grant application, including personal data, is saved in the register. The register also contains information regarding the payment of awarded grants and the progress and final report concerning the research or project in question. The data collected for the system also includes the contact information of the grant applicant, the members of the work group and the authorised representative of the working organisation. This information, including personal data, is collected from the grant applicants and recipients themselves.

Additionally, the collected data includes payment information, information on applicants' activities in the grant application portal and technical information associated with the use of the portal, such as event logs. The collected data also contains the system’s internal communications between each registered individual and the data controller.

In order for the application to be accepted for processing, the applicant must provide the personal data requested in the application form and required attachments. If sufficient personal data is not provided, the application may not be processed.

5. Recipient groups for personal data

The personal data is processed by the Managing Director of the Foundation, assessors named separately by the Foundation, possible references named by the applicant, the Board of Directors of the Foundation, persons providing technical support, named users representing the accounting firm, auditors, and possible other providers of grants and subsidies. All efforts will be made to ensure that the personal data is disclosed only to the extent that is necessary for the purposes of the specific recipient group.

6. Register protection

The grant system can only be accessed by specifically named individuals. Access to the register requires a personal username. The primary user also determines the level of access granted to each user. A personal password is required in order to log in to the system and the use of the system is enabled through an SSL encrypted connection. The use of the register and log-in activities are monitored. The data is stored in the service databases, which are protected by firewalls and other technical measures. The servers on which the register is located are maintained by an external service provider. The service provider is responsible for the protection of the hardware. The grant system is located on a Microsoft Azure Cloud service platform in the Netherlands. The databases are located in locked and guarded facilities, and the data can only be accessed by persons specified in advance.

7. Storage of personal data

Usernames and related personal data
  • Grant recipients’ usernames will be deleted if they are not utilised in four (4) years.
  • Usernames related to rejected grant applications will be deleted one year from their latest utilisation.
Incomplete applications
  • Incomplete applications can be removed by the applicants themselves.
  • The Foundation will remove any incomplete applications and related usernames within one year from the end of the grant application period.
Applications and their attachments
  • The Foundation will store those grant applications that have resulted in a positive decision, together with the related attachments and processing information, for the purposes of archiving, statistics and common-good research for as long as is necessary in order to facilitate the activities of the Foundation, and for a minimum of ten (10) years.
  • Information regarding the rejected grant applications will be removed within one year from the submission of the application, except for the information required for statistical and scientific or historical research purposes.
Payment information
  • The data will be stored for as long as is necessary with consideration of reporting to authorities and the required storage periods related to accounting and auditing.
Report information
  • The data will be stored long term for statistical and research purposes.
Material from Board meetings
  • Each applicant's name, the purpose of the grant, the sums requested and granted, as well as the report received will be stored permanently as attachments to the material from Board meetings.

8. Registered individuals’ right of access to data, including personal data

A grant applicant/recipient can log in to the system and, by opening the preview of the application form, access all the information they have submitted to the register. Current contact information can be viewed and modified under Settings > Personal information.

A grant applicant/recipient has the right and obligation to rectify incorrect data. Any requests and questions can be sent to the Foundation by using the system's internal messaging function. An individual has the right to request the correction, removal or restricted use of their personal data or to object to the processing of this data or its transfer from one system to another. In this case, the application can no longer be processed.

A grant applicant has the right to withdraw their consent to the storing and processing of their personal data as part of the process of handling grant applications. In this case, the application can no longer be processed.

A grant applicant/recipient, however, has no right of inspection to the saved information concerning the assessment of their application or to data collected for statistical purposes. The personal data saved within the assessment information is identical to the data supplied in the application form.

A grant applicant/recipient may transfer their application form electronically from the system to themselves in PDF format.

A grant applicant has the right to withdraw an application, in which case the application will not be assessed. If a decision has already been made regarding the application, it is not possible to completely remove the application information from the system.

A grant applicant/recipient also has the right to file a notice of appeal with the supervisory authority, if they feel that their personal data has been inappropriately processed.

9. Disclosure of information, including personal data

Information concerning grants paid to natural persons is disclosed to the Farmers’ Social Insurance Institution of Finland (Mela) and the Finnish Tax Administration.

The recipients and amounts of the awarded grants and, possibly, also the research/project summaries are published on the Foundation’s website and in its annual report. The Foundation may disclose information to other providers of grants/subsidies.

Information is disclosed to the Ministry of Education and Culture to be stored in the National Research Information Hub (including metadata and abstracts for publications and other research outputs, metadata and descriptions of research data, research infrastructure and research actor information, metadata and abstracts for research projects and research funding, researcher information and information on their other research activities and merits; Research Information Hub Act 1238/2021, Sections 3 and 4). The basis for processing the data is the legal obligation referred to in Article 6(1)(c) of the EU General Data Protection Regulation. The Research Information Hub’s Privacy Policy is available at https://research.fi/en/privacy.

10. Use of artificial intelligence

The system uses Microsoft Azure AI services in the EU region for the following purposes: administrator guidance assistance, language translations, summarising evaluators' assessment texts, generating response suggestions to applicant messages, and classifying applications with tags. Applicant messages are pseudonymised before processing. No automated decision-making within the meaning of Article 22 GDPR is carried out. Processor: Microsoft Ireland. AI evaluation summaries are retained no longer than the original evaluations; AI-generated tags for as long as the application is retained; technical logs up to 12 months; session content is not stored permanently.

Read more