1. The company details of who is handling your data.

Niemco Management Oy
Company ID: 2231451-0
Address: Kutomotie 16, 00380 Helsinki
Email:  info@niemcowork.fi

2. The person in charge of data privacy (the Data Protection Officer).

Name: Miika Niemi
Email: miika.niemi@niemco.fi

3. The name of the register.

The customer and marketing register of Niemco Management Oy.

4. Whose data do we collect?

We collect the data of our current customers or those in a contractual relation, as well as the information of our potential
customers. Moreover, we collect information based on other legitimate reasons or with the expressed consent of the data
subject.

5. Why do we collect your data?

We use the data for the fulfilment of contractual or statutory obligations. The information may be used to communicate
with the data subject and other parties necessary to enter into a contractual relationship, deliver newsletters or
information, in marketing of products and services, conducting a market analysis and general development of processes.

6. How long do we store your data?

The data will be stored for an indefinite period in accordance with applicable law and only for as long as is necessary to
fulfil the purposes described in this privacy statement. The data can also be retained after the termination of the
customer relationship due to accounting or other mandatory legislation in accordance with the provisions of the relevant
law as well as on other basis for the processing of personal data.

7. What data do we collect?

We collect the data which you provide us. Depending on the situation, the name and necessary contact information of
the registrar, such as the address, telephone number, e-mail address, company ID, position in the organisation,
birthdate, social security number, the information of ordered products and services as well as their delivery and billing
can be stored. Furthermore, messages, comments and materials, consents, prohibitions and customer feedback
between the controller and the data subject or other parties necessary to perform the contractual relationship can be
stored. Cookies can be used on our website to collect data on the usage of services. Other information can be also
collected – such as the IP address, location, online services used, information about the device and operating system
used, browser types and the external sites from which the user has arrived or to which the user proceeds from the
registrar online service.

8. Where do we get the data from?

The information stored in the register is obtained from the data subject – from the use of the data online and
electronic services, analytical services provided by third parties (such as Google Analytics), public data sources or public
contact service providers.

9. Do we share your data with an external third party?

Personal information is not shared with external parties as according to the rules. However, personal information may be
disclosed for legitimate use. Personal information will not be shared outside of the EU nor the ETA. In cases where the
information is shared outside of these areas, the registrar is in charge of maintaining a sufficient level of data privacy.

For example: By agreeing on the confidentiality and processing of personal data as required by law.
The data may be selectively disclosed to a targeted third-party marketing campaign commissioned by the registrar.
Ownership of the data will not be transferred from the registrar and no third party will have the right to use the data
beyond the scope of the commission.

10. How do we protect your data?

We restrict access to the register solely to those of our staff who need it in order to perform
their work tasks. The registry information is protected from external parties with the use of technical solutions and
applications. We use a secure Internet connection and a firewall.
SSL-secured connection is used to collect and transfer confidential information, such as bank-
and credit card information. Manual material is stored in a locked state and discarded once it has been digitized. Digital
material is protected as required by law. The registrar is obliged to notify
of any breaches of security directly to the authorities or the user in accordance with
current legislation.

11. What are your data protection rights?

You have the right to request copies of your personal data, have our company correct any information you believe is
inaccurate, request from our enterprise to complete information
which you believe is incomplete and to erase your personal data if you find it to be unnecessary
for our mission.
You have the right to request our company to restrict and object to the processing
of your personal data as well as the use of your data in direct marketing activities.
Please note that online advertising (Google, Facebook etc.) is not direct marketing,
but is based on cookies.
You have the right to request your data to be transferred digitally to another service provider.
If you feel that we are violating applicable data protection laws, you have the right to file a complaint to the Data
Protection Officer. The website visitor may clear or block cookies,
which may, however, impair the user experience of the website or cause malfunctions.
Requests for inspection etc. are to be addressed with the Data Protection Officer