NORDIC 247 SERVICES OY

PRIVACY POLICY

Date: August 16th 2017

Customer register databases at Nordic 24/7 Services Oy

1 NAME OF REGISTER

Customer register database for Nordic 247 Services Oy (Nordic 247 from here on), consisting of following

parts:

- customer register

- register for sending newsletters, invitations and bulletins

- project database

2 REGISTER OWNER

Nordic 247 Services Oy

Luomannotko 3, 02200 Espoo FINLAND

https://www.nordic247.com

3 RESPONSIBLE PERSON FOR REGISTER

The person responsible for the register is CFO Kenneth Rantala.

His responsibilities for ensuring that the register is used for intended purposes include:

• check access rights frequently

• ensure proper security measures (including security updates)

• ensure that database users have adequate instructions for using the register

4 RESPONSIBLE PERSON FOR REGISTER DETAILS

The person responsible for register details is CFO Kenneth Rantala. His responsibilities are to maintain

access rights for users, give out information about the register and inform customers about their rights for

checking and updating their data stored in the register.

5 THE PURPOSE OF THE REGISTER

The register contains a database of Nordic 247s customers and partners, both companies and persons for

maintaining business relationships. The register is used for producing services for customers and partners.

The register data is also used for marketing and dissemination targeting companies and persons. The data

will not be shared with third parties. Anonymous usage data is used for research and statistics.

6 REGISTER DATA

The data stored in the register consists of the following details:

- first and last names

- title

- company or organisation and department name

- profile data (eg. company industry)

- grouping data (mailing lists etc.)

- address details

- phone numbers

- fax numbers

- email addresses

- internet addresses

- target language

- any additional details given by the customer

- customer history, log data (eg. date of last contact)

- subscription status (eg. unsubscription for emails)

The register consists of several parts and not all parts contain the previous details.

7 REGISTER DATA SOURCES

The data is received directly from customers: companies, organisations and private persons. Additionally,

public databases may be used as source.

8 PERSONAL DATA SHARING GUIDELINES

Personal data will not be shared with third parties otherwise than permitted by current legislation. The data

is stored in both EU/ETA server facilities as well as facilities in the Unites States. Nordic 247 maintains model

contract clauses with all of its service providers outside EU/ETA countries. Anonymous data (excluding

names and identifying details) may be exported for research purposes.

9 REGISTER USAGE

The register is accessed, maintained and edited by Nordic 247personnel. Access to the register is restricted

and only available with a personal account and password combination. The account username is granted

when access to the register is opened and will be closed when the employees contract is terminated or if

the employee is assigned to a different role in Nordic 247.

10 THE REGISTER IN RELATION TO OTHER PERSONEL REGISTERS

The register is solely for Nordic 247s use. Any updates will be performed by data submitted by customers

or data available via public access.

11 SECURITY

All data in the register is used only by Nordic 247. No social security numbers (or similar details) are stored.

Several service providers provide servers and storage space where the register is stored. Servers are located

in high security facilities with no unauthorized access. Register data is regularly backed up.

12 STORAGE OF PERSONAL DETAILS, REGISTER DATA, ARCHIVING AND DISPOSAL OF DATA

Register data is stored on a usage basis, archiving is not in use. The data is stored for the period for which

the data is needed for the register. Any expired data is deleted manually.

13 INFORMING REGISTERED PERSONS

In connection with signing up for events, newsletters or providing personal details through a webform, the

customer is informed of their rights to their data that is stored into the register. This Privacy Policy is

accessible on the nordic247.com website.

14 RIGHT TO INSPECT PERSONAL DATA

Persons have the right to inspect their stored data by request to the register owner. The right to inspect

their data is then granted by the person responsible for the register. Response time for such requests is

within a week. If the person requesting to inspect their data wants to inspect their data on location, such

requests will be carried out immediately if the person can be identified and the person responsible for the

register is available at that time. The register does not have classified person data.

15 CORRECTING OR REMOVING REGISTER DATA

Person data is usually validated when entered (either through public databases or other public sources).

Companies or persons can request correcting their data at any time by request to the register owner.

16 RIGHT TO NON-DISCLOSURE

No data is exported or disclosed from the register without written consent from the customer company or

person.

17 REGISTER MANAGEMENT

CFO Kenneth Rantala is the owner and maintainer of the register.

The CFO is responsible for

- maintaining the Privacy Policy and description of the register

- usage policy and data model of the register, granting access rights, informing registered

persons, responding to requests for data inspection and maintaining data integrity

- technical administration of the register

- security, archiving and backups, also any data deletions

- naming any additional responsible persons for the register

The register data is maintained collectively by Nordic 247 personnel.

18 INTERNAL INSTRUCTIONS AND TRAINING

Internal usage guidelines are maintained separately. Training is provided regularly.