Description of the file, management transactions

[25.5.2018]

Privacy Notice – Management Transactions

  1. Data Controller

Kojamo Plc (business ID 0116336-2), Mannerheimintie 168a, 00130 Helsinki, Finland (hereinafter Kojamo)

  1. Contact Information of the Data Protection Officer

Data protection officer of the Kojamo Group
Mannerheimintie 168a
00130 Helsinki, Finland
tietosuoja@kojamo.fi

In case of questions related to the processing of personal data and situations related to the exercise of the data subject’s rights, the data subject must contact the above [person / address] in writing.

  1. Name of the Register

The Kojamo Group’s list of managers as referred to in the Market Abuse Regulation (MAR; EU 596/2014) and persons closely associated with them as well as their transactions

  1. Purpose of and Legal Basis for Processing Personal Data

The purpose of the processing of personal data is to comply with the legislation under Article 19 of the Market Abuse Regulation (MAR; EU 596/2014) concerning transactions of managers and persons closely associated with them, and with other acts, rules, regulations and instructions.

The processing of personal data is necessary for the compliance with Kojamo’s statutory obligations.

  1. Data Content of the Register

The following personal data are processed in the register:

  • nationality
  • first and last name
  • national personal identification number and date of birth
  • home address, e-mail address and phone numbers
  • name and address of the employer
  • first name, last name, postal address, e-mail address and phone number of the person who is authorised by or acting as a contact person for person on the list
  • position of the manager in the organisation
  • grounds for being a closely associated person
  • commencement and end of the status as a manager or a closely associated person (date and time)
  • received notifications of transactions
  1. Regular Sources of Data

Personal data are collected from managers and persons closely associated with them and from any parties and contact persons authorised by them as well as from public information sources (e.g. the Finnish Trade Register, the Finnish Business Information System).

  1. Regular Disclosures of Data

Personal data can be disclosed, within the limits permitted and required by the legislation in force from time to time, to parties that have the right to obtain data in accordance with the legislation, or if the establishment, exercise or defence of a legal claim requires that personal data be disclosed. Data can be disclosed to, for example, the parties designated in the MAR and in the rules issued under it (such as the Finnish Financial Supervisory Authority, ESMA and the Finnish Police).

Personal data can also be transferred to Euroclear Finland Ltd that processes personal data on behalf of Kojamo under the obligation of confidentiality and a binding data processing agreement.

Data are not transferred outside the European Union or the European Economic Area.

  1. Storage Period of Personal Data

Personal data are stored for as long as this is necessary to fulfil Kojamo’s obligations under acts, decrees or any other authority sources. As a rule, the storage period is five years from the registration of personal data or their latest update.

  1. Protection of the Register

The manual data set concerning the register is stored in a locked room to which only designated persons have access.

The electronically processed data included in the register are stored in a system maintained by Euroclear Finland Ltd in such a way that only designated persons have access to the register data.

Only designated employees of Kojamo and the companies operating at its request and on behalf of it and have signed a confidentiality agreement have access to the data included in the register under an individual right of use issued by Kojamo.

  1. Rights of the Data Subject

Right to access data concerning you

The data subject has the right to obtain confirmation from Kojamo of whether personal data concerning him/her are processed and to know what personal data concerning him/her are stored in the register. The data subject has also the right to obtain a copy of the personal data being processed. The access request must be sent to Kojamo in accordance with Section 2, and it must be in writing and signed. The access request can also be made in person at Kojamo’s office. The access request can be declined based on the grounds provided by law. The exercise of the right of access and the provision of a copy are usually provided free of charge; however, Kojamo may charge a reasonable fee based on administrative costs of taking the action requested, if the data subject requests copies repeatedly or the requests are manifestly unfounded or excessive.

Right to request rectification, erasure or restriction of processing of personal data

Kojamo will rectify, erase or complete any personal data in the register that is inaccurate, unnecessary, incomplete or obsolete for the purpose of the processing, either on its own initiative or at the request of the data subject (the data subject can contact Kojamo in accordance with Section 2). The data subject has also the right to demand Kojamo to restrict the processing of his/her personal data, for example, in a situation where the data subject is waiting for Kojamo’s response to the request concerning the rectification or erasure of the data.

Right to lodge a complaint with a supervisory authority

The data subject is entitled to lodge a complaint with the competent supervisory authority if Kojamo has not complied with the data protection regulations applicable to its operations.