1 DATA PROCESSOR AND DATA CONTROLLER

Supplier / “Data Processor”

Apix Messaging Oy, Sinikalliontie 7, FI-02630 Espoo (Business ID 2332748-7)

The Supplier referred to in this data processing policy is a contractual party that has committed to supply the Customer with the messaging service detailed in the supply agreement, as well as to provide related maintenance of the service.

The name of the messaging service is Apix Messaging Service. The Supplier acts as the Data Processor on behalf of the Customer.

Customer / “Data Controller”

The Customer referred to in this policy is a contractual party that has concluded a Service Agreement with the Supplier for the use and related maintenance of the Apix Messaging Service (hereinafter referred to as Service).

The customer shall act as the data controller for its own personal data (“the Customer’s personal data”).

Concerning matters related to this person register, please contact the Data Protection Officer and/or main user at your company.

The Customer shall inform its personnel and its own customers of its data protection policies according to its own policies.

The contact information of the Supplier’s Data Protection Officer can be found Apix Messaging Oy’s official website at www.apix.fi/gdpr/en/

3 PURPOSE OF THE SERVICE AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA

All person registers and the contents thereof have been established in order to implement the Service Agreement between Supplier and Customer.

The Supplier will not process the Customer’s data for any other purpose than that which has been agreed on in the Service Agreement, and only to the extent that is necessary in order to fulfill the Customer’s Service Agreement.

4 PROCESSING OF PERSONAL DATA IN THE SERVICE

The Service processes and records Personal data only from the routing information includes in the material sent by the Customer to the service or received from the service. This information is the address data included in the material, which typically consists of names and addresses. Any other Personal data enclosed within the material sent or received by the service will not be processed without Customer’s requests and instructions.

Typical Personal Data

Personal data are generally used only to a limited extent in Service because the use of the applications does not require broader processing of personal data. The personal data typically used include name and address information, as well as possibly e-mail address, telephone numbers and bank account information.

The Supplier’s support service personnel processes Customer’s data only when solving error conditions. The group of personnel who has privileges to access Customer’s data is very restricted and all of them have signed separate non-disclosure agreement.

Storage period

The data of the Customer hall be stored in the Service for at least the duration of the contractual relationship. If the data is to be deleted during the contractual relationship, the Customer will be responsible for removing the data in the legal framework.

5 DISCLOSURE OF PERSONAL DATA

The Supplier will not disclose personal data to third parties or use it for other purposes than the fulfillment of the Customer’s supply agreement

6 GENERAL PRINCIPLES OF PERSONAL DATA USE AND PROTECTION

The Customer’s personal data shall be handled only by the Supplier’s employees who are responsible for fulfilling the Customer’s supply agreement. The Supplier’s privilege management is carried out using a role-based user management process in which each employee is given only those privileges required for their task and job description. All data concerning the Customer can be accessed only using the personal usernames and passwords of authorized employees

Subcontractors

The up-to-date list of subcontractor can be found at: www.apix.fi/gdpr/en/subcontractors.

7 RIGHTS OF DATA SUBJECTS

According to the current data protection legislation, the Customer’s personal data comprise a person register, and the data subjects have rights to their data as provided for in regulations and laid down in the legislation.

Rights of data subjects to access the data concerning them (inspection rights), to request the correction or removal of data, or to limit the processing of the data

The person whose Personal data is included in the Customer’s material processed with the Service must contact the Data Protection Officer or main user of the Customer if they wish to exercise their legal rights.

The Supplier is not directly responsible for the inquiries or requests received by the Customer concerning the rights of the person mentioned in the header of this subsection, as all Personal data saved in the Service is based on service request’s or material submitted and updated by the Customer.

8 CONTACTS

For all unclear questions regarding the handling of personal data as described in this policy, the Customer must contact the Data Protection Officer of the Supplier whose contact information can be found at: www.apix.fi/gdpr/en/. If necessary, the Supplier may ask the Customer to provide additional information or specifications to their request in writing.