The EU General Data Protection Regulation has come into effect on 25 May 2018. Frame Contemporary Art Finland (the Frame Foundation) has surveyed its operations and services to ensure they follow the new regulations.
The aim of the GDPR is, among other things, to reinforce the rights and freedoms of individuals, to acknowledge the global reach of privacy protection and to enforce the implementation of privacy legislation.
We have documented and updated our data processing procedures and the person registers we manage, updated our privacy protection and security practices, and appointed a data protection manager. We have created a clearly documented internal process and protocol for the processing of personal data. In the future, we will follow the principles of the GDPR in our operations.
Frame’s essential operations include grants and communications, which is why we must manage related person registers. Frame is committed to following the GDPR and to continue to collect only the data we need, only store it for the necessary length of time and report without delay any data security breaches in our registers. Personal data is processed only by the relevant personnel and the processing leaves a trace in our data system. Everyone currently in our registers will have the opportunity to access information about themselves, alter the information and be removed from the register if they so wish and there is no legal basis to store the data for, for example, archiving purposes.
You may send an inquiry to firstname.lastname@example.org after which we will deliver a report about your information in our registers within a month of your inquiry. Please mention your name and your connection to the Frame Foundation in your message. The report is free of charge.
If you have applied for a grant from the Frame Foundation, you may access your data via the grant application service. If you want to alter or remove information in the grant application system register, please contact email@example.com
In the future, we will request permission to process the data from new contacts as transparently and clearly as possible. When requesting the permission, we will provide information about why we collect data, how we use it, how long it will be stored and the rights of the data subject. We secure the permission using a two-stage verification process.
Person registers managed by Frame Contemporary Art Finland
The Frame Foundation manages six registers: the grant register, the person register, the contact register, the recruitment register and the open call register and the statistics register. Below you will find the privacy statements of all the registers we manage. The statements explain why the data in each register is collected or stored, how the data is processed, who processes it, the rights of the data subject and how the register’s data security is maintained.
Data subject rights
The Foundation collects only the necessary information from registered data subjects. Unless there are legal grounds for storing the data, each data subject has the right to their own data, to know who has processed their data, the right to correct false information and the right to be forgotten.
The data subject has the right to be notified about any data breach involving their data. The data subject has the right to receive the report on their data within a month of their request.
The data subject has the right to issue a complaint to the supervising authorities if they suspect their personal data has been processed erroneously.