fi
 en
 sv

Privacy Policy

Invention Foundation sr, hereinafter referred to as “Foundation”
Business ID: 0201458-8

Register and Data Protection Statement

This is the Foundation’s register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR).
Prepared on 02.06.2022. Last updated on 07.10.2022.

1. Data Controller

Invention Foundation sr c/o MM Business Services Oy
Vartiotie 3
45100 KOUVOLA, Finland

2. Contact Person for Register Matters

Chairperson of the Board. Contact details as above.

3. Names of Registers

  • Customer Register (individuals and companies that have applied for or received funding or services from the Foundation)
  • Employee and Trustee Register
  • Marketing and Stakeholder Register
  • Partner Register
  • Online Service User Register

4. Legal Basis and Purpose of Personal Data Processing

The legal basis for personal data processing under the GDPR is:

  • The individual’s consent (documented, voluntary, specific, informed, and unambiguous)
  • A contract in which the registered individual is a party
  • Performance of a public task
  • The legitimate interest of the data controller (e.g., pre-contractual customer relationship, employment relationship, membership)

The purpose of processing personal data includes communication with registered individuals, maintaining customer relationships, marketing, etc.

  • Customer Register: Managing the funding granted by the Foundation and providing services.
  • Employee and Trustee Register: Managing employment relationships and trustee-related activities.
  • Marketing and Stakeholder Register: Communicating about the Foundation’s services and activities.
  • Partner Register: Maintaining and fostering cooperation with network partners.
  • Online Service User Register: Enabling online services, statistical analysis, and service usage measurement.

The information is collected based on legitimate interest.

The Information Register is maintained for informing stakeholders.

5. Register Contents

The registers primarily contain contact information, including:

  • Name
  • Position
  • Company/organization
  • Contact details (phone number, email address, postal address)
  • Website URLs
  • IP address of network connections
  • Social media profiles and identifiers

The Customer Register and Employee and Trustee Register also contain:

  • Personal identification number
  • Information about ordered services and their modifications
  • Billing details
  • Other data related to ordered services, customer relationships, and trustee relationships

Website visitors’ IP addresses and cookies essential for service functionality are processed based on legitimate interest, e.g., for security and visitor statistics. If third-party cookies are used, separate consent is obtained when necessary.

Customer register data is retained permanently, while other registers are periodically reviewed, and outdated information is deleted.

6. Regular Data Sources

Information stored in the register is obtained from customers through:

  • Online forms
  • Email
  • Mail
  • Phone
  • Social media services
  • Contracts
  • Customer meetings
  • Other situations where a customer or partner provides their information

7. Regular Data Disclosures and Transfers Outside the EU/EEA

Data is not regularly disclosed to third parties. Data may be published as agreed with the customer.

Data may be transferred outside the EU/EEA at the discretion of the data controller. The Foundation uses free Google services for non-profits, where data storage locations cannot be selected due to cost reasons.

8. Principles of Register Security

Data processing is conducted with due care, and information systems are appropriately secured. When data is stored on internet servers, appropriate physical and digital security measures are implemented.

The data controller ensures that stored data, server access rights, and other critical personal data security information are treated confidentially. Only Foundation employees and trustees whose duties require it have access to personal data.

Representatives of stakeholders and customers have limited access to certain information related to project preparation.

All individuals handling data are bound by appropriate confidentiality obligations or agreements with the Foundation.

9. Right to Access and Correct Data

Each individual in the register has the right to:

  • Check their stored personal data
  • Request corrections to incorrect or incomplete information

Requests must be submitted in writing to the data controller. The data controller may request verification of identity. A response is provided within the timeframe stipulated by GDPR (typically within one month).

10. Other Rights Related to Personal Data Processing

Registered individuals have the right to request the deletion of their personal data (“right to be forgotten”). However, this does not apply to individuals or companies that have received funding from the Foundation.

Additionally, individuals have other rights under GDPR, such as restricting personal data processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may request verification of identity and responds within the GDPR-mandated timeframe (typically within one month).