Rannís Privacy Policy

Rannís is committed to respecting your privacy and protecting your personal information

Rannís emphasizes that the handling of your personal information is done in a safe and secure manner. We will be transparent about the information we are collecting and what we will do with it. In summary, here is how Rannís processes your personal information:

  • Rannís will provide you with details about the information we are gathering and what we will do with it.
  • Rannís will put in place measures and use methods to keep your information secure and protected.
  • Rannís will make sure your data protection rights are respected and to give you more control over your own information.
  • Rannís will use the information you give us for the purposes described in our Privacy Policy. These purposes include evaluating your application for a grant and issuing your grant if accepted.
  • Rannís will not send you any marketing material. However, we may send you important updates and information relevant to your grant application or previous correspondence with us.

Below, you can read our Privacy Policy in more detail. Reading the Privacy Policy will give you a better understanding of how your personal information is used, what types of information we collect, how it is collected, what purposes it will be used for and who it may be shared with.

Please keep in mind that the summary above, and the Privacy Policy below, are not contractual and do therefore not form part of your contract with us, without prejudice to your rights under applicable laws.

Details about the data controller of your personal information

Where Rannís processes your personal information under this Privacy Policy, it is considered to be the “data controller” of your personal information under European Union and Icelandic data protection law. Our address is as follows:

Rannís – The Icelandic Centre for Research
Borgartúni 30
105 Reykjavík
Iceland

Rannís has appointed a Data Protection Officer, whom you can reach by e-mailing [information  available soon] or writing to the above address.

Whenever you apply for a grant through Rannís, but some parts of the application process involve separate research centres or partners directly involved in the process, then those additional research centres or partners will be considered separate “data controllers” under European Union data protection law. In that case, Rannís and any other research centres will be joint controllers of your personal information.

When does this policy apply?

The Privacy Policy of Rannís applies when we collect, use or otherwise process your personal information when you apply for grant related to any of our various funding schemes. Additionally, the Privacy Policy applies when you contact us directly or through a third party in relation to any of our services.

Where we reference that others are data controllers in the sections 'Controller of Personal Information' and 'Who do we share your personal information with?' you should consult their privacy policies for further information.

For further information on the applicability of privacy policies, such as when there are additional “data controllers” as described in the section “Details about the data controller of your personal information” or when we share your personal information, as described in the section “In which cases and with whom do we share your personal information?” we advise that you refer to their privacy policies for additional details.

Additional Terms and Conditions or policies may apply if your application is accepted. Please refer to the relevant funding scheme to see whether any such Terms and Conditions or policies apply.

What is personal information?

Whenever information provides details which identify your person or could be used for the same purpose, it is considered to be personal information. An example might be your name, your contact details, your national ID, or your work or study details. Details on how you use our websites may also be personal information.

In which cases do we process and from whom might we receive your personal information?

Whenever you apply for any of our grants, contact us via e-mail or give us a call, we collect your personal information. The same applies when these services are provided by third parties or agents acting on behalf of Rannís. Please be aware that if you do not wish to provide us with personal data which is necessary for the evaluation of your grant application or which we have a legal obligation to process, we may not be able to evaluate your application or provide you with the grant you have applied for.

Furthermore, we may receive your personal information from third parties, such as:

  • When a separate research centre transfers your information to us.
  • When our staff is contracted by the original recipient of your grant application to participate in the evaluation of your application.

To see which types of personal information Rannís processes about you, please see the section “What types of personal information do we process?”

What types of personal information do we process?

To evaluate your research grant applications and, if accepted, to pay your grant, we will need to process your personal information. Further processing may take place for statistical analysis of applicants and to comply with legal obligations placed upon Rannís.

Rannís processes the following types of personal information:

  • Information that you provide which is used to evaluate if your application for a research grant will be accepted.
    • For example, your name, address, email, contact details, date of birth, gender.
    • Your current job, previous research, works, references, education and achievements.
    • Information about other members of your team, if applicable.
    • Details of your research project.
    • Other information relevant to your application.
  • Information needed to pay your grant.
    • Your bank details, such as your account details and payment information
  • Information about grants that you have previously been paid.
    • Reports describing previous research, amounts paid by Rannís and others.
  • Information about our previous interactions. 
    • We will retain information if you have contacted us regarding grant applications, inquiries about grants or funding schemes or other services of Rannís.

When and why do we collect ‘sensitive personal data'?

In some cases, Rannís may process your personal information which is considered to be sensitive. Specific categories of personal information, such as on religion, health or ethnicity require additional safeguards under European Union and Icelandic data protection law. These categories are referred to as “sensitive personal data”. Rannís will only process these categories of data in specific circumstances.

Following are examples where we may process “sensitive personal data”:

  • Applicants who have disabilities may, in certain cases, be eligible for special or additional grants. In order for Rannís to evaluate applications for such additional grants, applicants will need to provide information about their disabilities.
  • Some grant applications involve artistic or cultural programmes, where the application progress may involve writing essays or descriptions about works of art or literature. In some cases, applications may be suggestive or explicit about an applicant's religious or political beliefs. If an applicant provides Rannís with such details, they will need to be processed as part of the grant application process.

For which purposes do we process your personal information?

  • To evaluate whether your application for a grant will be accepted or not.
    • Rannís operates on the basis of the Act on public support for research no. 2003/3. In order to fulfill its legal obligations, Rannís will need to process personal information.
    • All applications for a grant will be subjected to certain criteria or requirements relevant to the fund in question. In order to evaluate which applications best serve the purpose of each fund, your personal information needs to be processed.
    • For example, if you have
  • To make grant payments to successful applicants. 
    • If your application has been accepted by Rannís, you may be eligible to receive payment of your grant. For payment to take place, Rannís may need to process your payment information.
  • To carry out and maintain statistical analysis on our activities.
    • We may extract information on you as an applicant or your application in order to make and maintain statistical information about our activities. For example, we may process your age, gender or educational background as part of our statistical analysis.
  • To fulfil our other legal obligations.
    • Rannís is subject to the Icelandic Act no. 77/2014 on public archives. As part of our legal obligations, Rannís may be required to submit your personal information to the National Archives of Iceland.
  • For purposes related to legal claims or disagreements.
    • We may use your personal information to uphold our legal rights or the rights of our employees, e.g. in cases related to illegal activities, fraud or harassment.
  • For management and administrative purposes.
    • We may use and retain your personal information, including your application details, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.

What is our legal basis for processing your personal information?

Your personal information will only be processed by Rannís where there is a legal basis for the processing. The legal basis may differ based on the purpose of the processing of your personal information. In almost all cases, the legal basis will be as follows:

  • Because the processing of your information is necessary for the evaluation and payment of your grant application.
  • Because Rannís needs to process your personal information to comply with legal or regulatory requirements.
  • Because you have given your consent to Rannís for processing your information for a specific purpose.

In cases where the processing of your data is subject to other laws, then the legal basis for processing may be different than stated above. In such circumstances, the processing may be based on your consent in all cases.

Withdrawing your consent

In some cases, we may process your personal information when you have provided your consent for us to do so.

Whenever we process personal information based on your consent, you may withdraw your consent at any time. To do so, please contact Rannís by sending an e-mail rannis@rannis.is, call us at +354 515 5800 or write to us at:

Rannís – The Icelandic Centre for Research
Borgartúni 30
105 Reykjavík
Iceland

For how long do we retain personal information?

Your personal information will be kept as long as it is needed for the purpose it is being processed. For example, we will need to retain information related to your application for as long as it is needed to evaluate and pay your grant after that so that we can respond to claims, inquiries, disputes or questions about the grant.

Rannís actively reviews personal information so that it is not retained longer than there is a legal basis for it being processed. In some cases, it may be anonymized and in other cases, deleted.

In which cases and with whom do we share your personal information?

Rannís may share your personal information with other research centres which participate in the grant, research and education schemes you apply to.

Your personal information may also be shared with the following third parties:

  • Where we contract or hire third parties on the basis of their experience or expertise to evaluate applications for certain grants.
  • In cases where we are legally required to share your information with government and law enforcement agencies.
  • Third party providers which we use to process data in order to provide you with our services. For example, third party providers which are involved in the storage of data, software solutions or consultation.
  • Third parties involved in the conduct of legal claims, such as law firms or courts.
  • Third parties, such as security companies, the police and regulatory authorities, when we may need to safeguard our property and assets, provide safety to our staff and assets or have our rights enforced.

Rannís will not sell your personal information to third parties.

What countries will your personal information be transferred to?

As a public institution operating within the fields of science, education, research, innovation, culture and arts, Rannís has partners located in countries around the world. Rannís may therefore transfer and store your personal information in countries outside the European Economic Area. Rannís may share your information with third parties in countries located outside the European Economic Area in order to provide you with services you have requested or for other legitimate reasons.

Please be aware that this means that your personal information may be transferred to third parties which are located in countries where may have fewer legal rights than provided by your local laws.

How does Rannís safeguard personal information that is transferred to third countries?

According to European Union and Icelandic data protection laws, certain requirements need to be fulfilled when your personal data is transferred to a country outside the European Economic Area. The purpose of these requirements is to make sure your personal information is adequately protected, even when being transferred outside the European Economic Area.

When Rannís transfers your personal information to a third country, one of the following will apply:

  • The transfer is made to a country deemed to provide adequate protection of personal information according to a decision by the European Commission. When data is transferred to the US, transfers may be based on the EU-US Privacy Shield.
  • The recipient of the personal information has approved binding corporate rules which provide an adequate level of protection for your personal information.
  • Rannís and the recipient of your personal information have made contracts regarding the transfer of data using standard contractual clauses which the European Commission has decided provide an adequate level of protection for your personal information.
  • The recipient of the personal information has approved Codes of Conduct which satisfy the requirements of European Union and Icelandic data protection law.
  • The recipient of the personal information has obtained certification issued by an accredited certification body according to European Union and Icelandic data protection laws.

How can I make a request for a copy of my personal information and how do I lodge a complaint?

Under European Union and Icelandic privacy law, you may request a copy of your personal information if it is processed by Rannís. You do not need to pay a fee for this request, unless it is manifestly unfounded or excessive. Rannís will make every effort to respond to your request within 30 days of it being received.

Your request must be in writing and must contain the following information:

  • Your name and postal address.
  • Details of your request.
  • Any details which may help us locate the information which is the subject of your request, for example:
  • Details of an application or correspondence which may be related to the personal information.
  • Your e-mail address, telephone number or other contact details.
  •  Additionally, we require you to provide:
  • A copy of a government issued ID, such as your passport or driving licence. This is necessary so that we can verify who is making the request.
  • Your signature and the date of the request.
  • If you are applying on behalf of another person then signed authority from the individual is required.

Please send your request to:

Rannís – The Icelandic Centre for Research
Borgartúni 30
105 Reykjavík
Iceland

You also have a right to lodge a complaint with The Icelandic Data Protection Authority in. A complaint can be made by writing to:

The Icelandic Data Protection Authority
Rauðarárstígur 10
105 Reykjavík
Iceland









This website is built with Eplica CMS