https://mohnfoundation.no/en/data-protection/

Data Protection Declaration for Trond Mohn Research Foundation

This data protection declaration describes how the Trond Mohn Research Foundation (TMF) collects and uses personal data in its operations and sets out your rights if we hold any of your personal data.

1. Which personal data are processed by TMF?

We collect and process the personal data needed to process applications, fulfil contracts and/or comply with Norwegian law. Personal data are only used for the purpose for which they were collected, and TMF does not sell any personal data to other parties. Personal data are only shared with third parties (see section on Sub-processors) if the third party in question is involved in TMF’s processing of applications and contracts.

TMF deletes personal data when there are no longer any legitimate grounds for holding them.

1.1. Processing of personal data in conjunction with applications

Personal data in applications is received by e-mail and is processed by TMS’s employees. Applications are shared with and processed by peer reviewers, who evaluate the applications both individually and jointly on expert panels.

TMF’s scientific advisory committee and board also process applications and the personal data they contain. In conjunction with processing applications, TMF creates records of the applicants and peer reviewers that contain personal data. This information is stored together with the applications on the servers of TMF’s supplier of data storage services, see Section 2.2. The applications and records may be shared with TMF’s auditor during audits of TMF’s grant allocation process.

The personal data held by TMF vary depending on the role of the person in question. As a general rule, TMF stores the person’s name, e-mail address, job title, date of birth, educational background and employment history, as well as their role in the project for which funding has been requested or granted.

1.2. Processing of personal data in conjunction with signing and managing grant agreements

The vast majority of the grants awarded by TMF are contributions to projects at public research institutions, which are responsible for any hiring decisions and HR, including processing the personal data of the people working on projects receiving funding from TMF.

In order to ensure compliance with contractual obligations, TMF keeps records of its agreements. These records contain contact details such as the name, e-mail address and employer of the project manager. The agreements and records are shared with TMF’s accountant and auditor.

When signing a grant agreement, the recipient undertakes to send annual update reports to TMF. These reports may contain personal data. The reports are processed by TMF’s employees and are also made available to TMF’s scientific advisory committee, board and auditor.

Grant agreements, reports and records are stored with ECIT Solutions DI AS and Admincontrol AS; see sections 2.2.1 and 2.2.2.

1.3 Processing of personal data in conjunction with payroll and HR

Employees, members of the board and scientific advisory committee, peer reviewers and other people who receive salary or remuneration from TMF are recorded in the payroll management system used by TMF’s external accountant. These records are needed to meet contractual and statutory requirements, including reporting to the authorities.

2. Sub-processors

The suppliers used by TMF as sub-processors are listed below. These organisations shall be able to document, with certifications, audits or other relevant documentation, that they have good internal procedures in place for data protection and information security. In the areas where we use sub-processors, we confirm that they are subject to the same obligations with respect to data protection and processing as TMF.

2.1 Sub-processors involved in running TMF’s website – analysis – security

Note that TMF does not use its website to collect personal data from applicants or employees. TMF’s website may contain links to its Facebook and Twitter pages. The use of these services is governed by the data protection declarations of the companies that supply them.

2.1.1 Picapoint AS
Picapoint AS supplies the web hosting and security services for  TMF’s website on the Internet. Picapoint only process and store the data that TMF publishes on its website.

2.1.2 Google Analytics
TMF uses the analysis tool Google Analytics on its website. When someone visits TMF’s website, their IP address is recorded. (An IP address is defined as an item of personal data because it can be traced back to a specific device and thus to an individual.) However, people who visit the website are informed about, and can opt out of, Google Analytics’ use of cookies to collect analytical data.

Google Analytics is designed in such a way that the IP address is only processed anonymously. The information processed is therefore not personally identifiable and cannot be traced back to individuals.

TMF uses Google Analytics to obtain statistical data that it can use to develop and improve the information on its website. The statistical data gives information about the number of people who visit each page, how long their visits last, which websites they have come from, and which browsers and devices (desktop/mobile/tablet) they are using.
www.google.com/analytics/terms/no.html

2.2 Other sub-processors

2.2.1 ECIT Solutions DI AS
The company supplies cloud computing services for running TMF’s office suite and for data storage. TMF uses these services to process and archive personal data electronically. TMF has a data processor agreement with ECIT Solutions DI AS.

2.2.2 Admincontrol AS
Admincontrol AS, Lille Grensen 7, 0159 Oslo is TMF’s supplier of secure document exchange software, which is used to distribute documents that may contain personal data to the Foundation´s board, accountant and auditor. TMF has a data processor agreement with Admincontrol AS.

2.2.3 Fett Økonomi AS
Fett Økonomi AS is a firm of external accountants that supplies accounting services to TMF and hence processes the personal data of anyone who receives a salary, honorarium or any other form of remuneration from TMS. Fett Økonomi AS processes personal data on behalf of TMF in accordance with the applicable legislation and industry standards.  TMF has a data processor agreement with Fett Økonomi AS.

3. Rights

Any person whose personal data is held by TMF has a right to access their own personal data. If the personal data are incorrect or incomplete, or if TMF is processing data that it is not entitled to process, the data subject may demand that the information be corrected, erased or replaced. TMF will respond to any such requests free of charge and within 30 days.

4. Data protection officer

TMF considers that there is no requirement for it to have a data protection officer.

5. Contact details

TMF represented by its Managing Director is the data controller for the organisation’s processing of personal data. TMF’s employees shall respond to questions from people whose data are being processed or may be processed by TMF.

Contact: post [@] mohnfoundation.no

This document was updated on 2. February 2024. Note that we may make changes to our data protection declaration, in which case the new version will be published on our website.