DESCRIPTION OF FILE OF MYVALLOX CLOUD CUSTOMER REGISTER

Description of file pursuant to section 10 of the Finnish Personal Data Act (523/99)

1 DATA CONTOLLER

Vallox Oy (Finnish business ID 0672350-9)
Myllykyläntie 9-11
32200 Loimaa, FINLAND

2 THE CONTACT PERSON

Petri Koivunen
Myllykyläntie 9-11, FI-32200 LOIMAA, FINLAND
petri.koivunen@vallox.com
+358 10 7732 200

3 DATA FILE

Customer Register of the Data Controller’s customer data in MyVallox Cloud –service (hereinafter the “Service”)

4 THE PURPOSE FOR PROCESSING THE PERSONAL DATA

The primary purpose of processing personal data is to maintain personal data file of MyVallox Cloud customers (hereinafter “Customers”) for the use of customer service and marketing department in Vallox Oy. The register contains personal data of Customers logged into the MyVallox Cloud service of Vallox Oy.

Personal data is processed for the following purposes:

• To manage and develop the client relationship;
• To provide and develop the Service;
• To prevent and investigate fraud and other misuses;
• To protect rights of Vallox and/or property of Vallox;
• To operate and improve products and services of Vallox;
• For marketing;
• For payment control;
• For analytics and statistics;
• For opinion and market research;
• To personalize user experience; and
• For other comparable purposes.

Customer is able to lock/delete/suspend his/her profile at any time, after which his/her information is no longer available for marketing / customer relationship management purposes of Vallox Oy. More information concerning privacy policy of Vallox can be found from Privacy Policy.

5 DESCRIPTION OF THE DATA SUBJECTS

The Data File includes personal data of the Customers of the Service.

The Data File may include the following groups of data:

• Age and gender of the person
• First name and surname
• Address information
• Contact information (telephone, e-mail)
• Personal identification number
• Identity information (citizenship)
• Photo
• Invoicing information
• Other collected data from the ventilation unit

6 REGULAR DATA SOURCES

Online registration form of the Service and updates to the user information of the Service updated by the Customers.

7 REGULAR DISCLOSURE OF DATA AND TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

Personal Data may be disclosed to other companies in the same group of companies as the Data Controller. Personal Data is disclosed only in compliance with national and international laws, regulations and instructions issued by the authorities.

Personal data in the Data File shall not be regularly disclosed to third parties. Personal data can however be disclosed to a third party in service and maintenance purposes of the Service.

No data is disclosed or transferred outside of the European Union or the European Economic Area.

8 THE PRINCIPLES OF PROTECTION OF THE DATA

All Data is in the electronic form and stored in a data system of the Data Controller. Thus there are no manual archives.

Customers have access to only his/her individual Data in the data system that is protected by user ID and password.

Data stored in the data system is stored centrally in a locked and monitored server room of the Data Controller, which is protected with a firewall and other technical means. The data is only accessible to employees of Data Controller who have signed a non-disclosure agreement; access to the system requires a personal user ID and password.