Privacy Policy PRIVACY STATEMENT FOR THE REGISTER OF CUSTOMERS AND COOPERATION PARTNERS 1. CONTROLLER Digitaika Ltd Tiililinnankatu 2 C 69 20100 Turku VAT No. 2814371-6 (hereinafter referred to as “we” or “Digitaika” or “Automate.video”) 2. CONTACT PERSON FOR REGISTER-RELATED MATTERS Sami Granfors [email protected] 3. NAME OF THE REGISTER Register of customers and cooperation partners 4. WHAT IS THE LEGAL BASIS FOR AND PURPOSE OF PROCESSING PERSONAL INFORMATION? The basis for processing personal information is the company’s legitimate interest and/or a customer relationship or the execution of an agreement. The purpose of the processing of personal information is delivery of our products and services, user management, handling of customer relationships and invoicing, development of our products and services, implementation of customer service and communication with customers, fulfilment of our promises and obligations, whether related to contracts or not, analysis and profiling of the behaviour of customers or other registered persons, electronic marketing, direct marketing and arranging of events, ordering commissions, focusing of advertising in online services of our company and other parties. The information on purchases and customer interaction in the register can also be used for profiling and making marketing and customer communications more interesting to registered persons. Personal information is also processed in connection with sending newsletters and participating in events and other marketing procedures. 5. WHAT KINDS OF INFORMATION DO WE PROCESS? In connection with the customer register, we process the following types of personal information: basic information on the registered person, such as name*, customer number, user name and/or other unique identifier, password, service language, contact information* of the registered person, such as e-mail address, telephone number, address information, information on companies and their contact persons, such as VAT numbers and names and contact information of contact persons, information on customer relationships and contracts,* such as information on past and present contracts and orders, correspondence, information on participants in events and other information related to events, such as a special diet, possible refusal of, or consent to, direct marketing possible other information collected specifically with the consent of the registered person. The data content of the register of the Digitaika tool consists of the user accounts of the tool, information on customers and their contact persons and information on the use of the service. The register contains the following types of information: name, title, company and VAT number, postal address, e-mail address, telephone number customer history (e.g. customer feedback, contacts, chat conversations, orders, information on invoicing and debt collection) information on service use by identified customers (e.g. timestamp and IP address of most recent login, number of queries and query elements, statistical information related to use) Information on website visitors is collected with cookies and other similar techniques (e.g. language selection, address from which the visitor arrives, pages loaded, browser type, operating system, date and time, IP address) bans on and consents to directmarketing and other possible information given by the customers themselves. Giving the personal information marked with an asterisk (*) is a precondition for a contractual relationship and/or customer relationship. We cannot deliver products and/or services without the required personal information. 6. WHERE DO WE OBTAIN INFORMATION? As a rule, the information in the register is collected from the registered persons themselves by telephone, online, in meetings or in some other similar way. Personal information can be collected and updated from generally available data sources, such as companies’ websites, the Finnish Trade Register or other public and private registers. 7. WHO DO WE TRANSFER OR DISCLOSE INFORMATION TO? DO WE TRANSFER INFORMATION OUTSIDE THE EU OR EEA? We do not disclose information from the register to outside parties. In the processing of personal information, we make use of subcontractors working for us. We have outsourced IT management and communications technology to outside service providers, and personal information is saved on servers administered and protected by these. We have taken steps to protect your privacy by preparing a data processing agreement on the processing of personal information by our subcontractors. We have also ensured that the subcontractors have similar contracts with their own subcontractors. We have also outsourced the processing of your personal information to companies located outside the European Union and the European Economic Area, such as the United States. Among other things, these companies process your personal information to offer infrastructure and IT services and other services. In these kinds of cases, sufficient data security and processing of the register are governed by the EU–US Privacy Shield or handled contractually by using standard contractual clauses approved by the European Commission. 8. HOW DO WE PROTECT THE INFORMATION AND HOW LONG DO WE KEEP IT? Only those of our employees who have the right to handle customer information as part of their job are entitled to use the system containing personal information. All users have their own user account and password in the system. The information is collected in databases protected by firewalls, passwords and other technical means. The databases and their backup copies are kept in safe locations, and the data can only be accessed by particular named persons. We only keep your personal information as long as is necessary for using the information. Personal information is erased from the register when a person whose information is in the register asks for it to be erased. We assess the necessity of preserving information regularly, taking into account the applicable legislation. In addition, we take such reasonable measures as are necessary to ensure that personal information that is incompatible, outdated or erroneous for the purposes of the processing is not kept in the register. We correct or erase this kind of information immediately. 9. WHAT ARE YOUR RIGHTS AS A REGISTERED PERSON? As a registered person, you have the right to check the information saved on you in the register and demand that inaccurate information be erased or rectified. You also have the right to cancel or change your consent. As a registered person, you have the right under the Data Protection Regulation (from 25 May 2018) to oppose the processing of your information or ask the processing to be limited, and the right to lodge a complaint on the processing of personal information to the supervisory authority. For special personal reasons, you also have the right to oppose profiling and other processing of your personal information when the basis for the processing is our legitimate interest. When making your demand, you must specify the situation based on which you oppose processing. We can only refuse to carry out a request concerning opposition on grounds given in law. As a registered person, you also have the right to oppose processing at any time and free of charge, including profiling related to direct marketing. 10. THIRD-PARTY SERVICES We may enable you to link your account with a valid account on a third party social networking, email or content service such as Facebook, Google, Instagram, YouTube, or Twitter, (such service, a “Third-Party Service” and each such account, a “Third-Party Account”) by allowing us to access your Third-Party Account, as is permitted under the applicable terms and conditions that govern your use of each Third-Party Account. When linking your account to a Third-Party Account, your use will be subject also to the privacy policy of that third party. For linking with Google and YouTube, your use will also be subject to Google Privacy Policy, which can be found at http://www.google.com/policies/privacy. With respect to Google and YouTube, you can revoke our right to access your data at any point from your Google account control panel at https://security.google.com/settings/security/permissions. 11. WHO CAN YOU CONTACT? All contact and requests concerning this privacy statement shall be made in writing or in person to the contact person named in section two (2). 12. CHANGES TO THE PRIVACY STATEMENT If we make changes to this privacy statement, we will display the dated changes in the record. If the changes are significant, we may also inform you about them in other ways, such as by e-mail or by placing a notice on our website. We recommend that you visit our website regularly and pay attention to any possible changes in the statement. Company