PRIVACY POLICY CONCERNING THE POLIS SERVICE

1  Controller

The Finnish Innovation Fund Sitra (Business ID 0202132-3).

Address:       Itämerenkatu 11–13
P.O. Box 160, FI-00181, Helsinki, Finland

Telephone:   +358 29 461 8991
Email:           kirjaamo@sitra.fi

Data Protection Officer:

Janika Skaffari
Administration Specialist
kirjaamo@sitra.fi

2  Purpose of the processing of personal data

Using the Polis service as a tool for engagement. The engagement of target groups in the Polis service is based on anonymity. The Polis platform collects the participant’s IP address, which allows one participant to participate in a single survey only once from one device.  The IP address cannot be directly linked to the participant.

User accounts are used in the maintenance of surveys carried out in the Polis system. Personal data is processed when maintaining the user accounts.

3  Legal basis for the processing

Public interest

4  Processed personal data

The participant’s IP address is collected for the technical functionality of the service. The IP address cannot be directly linked to the participant.

The user account username and the associated email address of service administrators are processed in addition to their IP address.

5  Regular sources of information

Personal data is collected from the data subjects

6  Retention period of personal data

The administrator’susername and email address will be deleted no later than two (2) months after the survey closes. [JS1] The IP address data recorded from the use of the service is stored for one (1) month.

7  Disclosure of personal data

Personal data is not regularly disclosed to third parties.

8 Data transfer and countries outside the EU or EEA

The controller transfers personal data to processors, such as service providers. Personal data included in the register may be transferred outside the EU or EEA. The transfer of personal data is based on the European Commission’s standard contractual clauses or the Commission’s decision on an adequate level of data protection.

9  Principles of data protection in the register

Databases containing personal data are stored on servers in locked premises to which only designated persons who are authorised to use the data due to their work tasks have access. The servers are protected by appropriate firewalls and technical protection.

Access rights and authorisations to information systems and other storage platforms have been arranged in such a way that only persons necessary for their processing can view and process the data.

10  Automated decision-making

Processing of personal data does not include automated decision-making or profiling

11  Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

• right to access personal data concerning them

• right to request the erasure of their data

• right to rectification

• right to restriction of processing

• right to request the transfer of their personal data from one controller to another

• right to object to the processing of their personal data

Requests concerning the exercise of the aforementioned rights should be addressed to Sitra’s Registry Office at kirjaamo@sitra.fi

In addition, data subjects have the right to lodge a complaint with the Data Protection Ombudsman if they believe that their personal data is being processed in violation of the EU General Data Protection Regulation.