Insider Management, processing personal data

Privacy statement, insider management

Updated 18 December 2018

1. Controller

Kojamo plc, (0116336-2), Mannerheimintie 168a, 00130 Helsinki, Finland (hereinafter referred to as “Kojamo”)

2. Data protection officer’s contact information

Kojamo Group’s data protection officer
Mannerheimintie 168a
FI-00130 Helsinki, Finland
tietosuoja@kojamo.fi

Data subjects should contact the [person/address] above in writing in all matters relating to the processing of personal data and the exercise of the rights of the data subject.

3. Name of file

Kojamo plc’s insider management

4. Purpose of processing personal data and its legal basis

Kojamo or a party acting on its behalf or account has the obligation to maintain a list of persons with access to inside information and who work for Kojamo on a contractual basis or otherwise perform tasks through which they have access to inside information. The processing of personal data for this purpose is required for complying with Kojamo’s statutory obligations.

Kojamo insider management – management transactions and event-based insiders:

The purpose of processing the personal data of persons discharging managerial responsibilities (PDMRs) and persons closely associated with them is compliance with the provisions of Article 19 of the Market Abuse Regulation (MAR; EU 596/2014) regarding transactions by persons discharging managerial responsibilities and persons closely associated with them as well as the laws, rules, regulations and guidelines by which Kojamo is bound.

All persons who have access to project-related inside information and who work for the company or perform tasks for the company which give them access to project-related inside information will be entered in the event-based insider list.  The purpose of processing personal data is compliance with the provisions of Article 18 of the Market Abuse Regulation (MAR; EU 596/2014) regarding transactions by such persons as well as the laws, rules, regulations and guidelines by which Kojamo is bound.

Kojamo’s insider management – other:

Kojamo does not maintain a permanent insider list, but it keeps a list of persons subject to trading restrictions. The list contains information on the person’s name, employer, email address and the start and end date of the person’s insider status.

Kojamo maintains a whistleblower system in compliance with Chapter 12, Section 3 of the Securities Market Act, containing information on the informer and the person implicated as well as a description of the act and the time and date of its occurrence.

The processing of personal data for theses purposes is required for complying with Kojamo’s statutory obligations.

5. Contents of the file

The list of persons discharging managerial responsibilities and persons closely associated with them involves the processing of the following personal data:

  • nationality
  • first name and family name
  • national ID and date of birth
  • home address, email address and telephone numbers
  • employer’s name and address
  • the first name, family name, postal address, email address and telephone number of the person authorised by the person entered in the list or a contact person
  • the PDMR’s position in the organisation
  • for persons closely associated with PDMRs, the grounds for being regarded as “closely associated”
  • the start and end date of PDMR status or status as a person closely associated with a PDMR (date and time)
  • received transaction notifications

The following personal data is processed in the list of persons entered in the event-based insider list:

  • first name and family name
  • national ID and date of birth
  • home address, email address and telephone numbers
  • employer’s name and address
  • the first name, family name, postal address, email address and telephone number of the person authorised by the person entered in the list or a contact person
  • reason for insider status and the start and end date of insider status (date and time)
  • received transaction notifications

6. Regular sources of information

Personal data is collected from the data subjects and the persons closely associated with them, any proxies or contact persons authorised by them and public sources of information (e.g. the Trade Register and the YTJ Business Information System).

7. Regular destinations of disclosed data

Personal data may be disclosed within the limits permitted and required by currently valid laws to parties with a statutory right to access the information, or if the establishment, exercise or defence of a legal claim requires the disclosure of personal data. Data may be disclosed to the parties specified in the MAR and in regulations issued based on the MAR, for example, such as the Financial Supervisory Authority, ESMA and the Police.

Personal data may also be transferred to Euroclear Finland Ltd, which processes personal data on Kojamo’s behalf in accordance with a confidentiality obligation and a binding data privacy contract as prescribed by law. Kojamo event-based insider lists are kept in Euroclear Finland Ltd’s electronic insider system.

Data will not be transferred outside the European Union or the European Economic Area.

8. Retention period for personal data

Personal data will be stored for as long as necessary to fulfil an obligation imposed on Kojamo by a law, decree or other official source. As a rule, the retention period is five years from the registration of personal data or its last update.

9. Data protection

Manual materials pertaining to the data file are stored in a locked space that can only be accessed by restricted personnel.

Data contained in the file that is processed electronically is stored on a system maintained by Euroclear Finland Ltd in such a way that the data file can only be accessed by restricted personnel.

Only the designated employees of Kojamo and the companies operating commissioned by Kojamo and on its behalf who have signed a non-disclosure agreement have access to the information in the data file with an individual access right granted by Kojamo.

10. Rights of the data subject

The right of access to personal data

Data subjects have the right to be informed by Kojamo whether their personal data is being processed and to inspect what personal data concerning them is contained in the data file. The data subject also has the right to obtain a copy of the processed personal data. The access request shall be sent to Kojamo in accordance with section 2 and it must be in writing and signed. The access request may also be submitted personally by visiting Kojamo. The access right may be refused on legal grounds. As a rule, exercising the access right and delivery of the copy are free of charge, but Kojamo may charge a reasonable fee for their implementation based on the administrative costs if the data subject repeatedly requests copies or the requests are apparently groundless or unreasonable.

The right to request the rectification or erasure of personal data and the restriction of the processing of personal data

Kojamo will correct, erase or supplement any personal data in the data file that is incorrect, unnecessary, incomplete or outdated for the purposes of processing either at its own initiative or at the data subject’s request (by contacting Kojamo in accordance with section 2). The data subject also has the right to request Kojamo to restrict the processing of their personal data in circumstances such as when the data subject is waiting for Kojamo’s answer to a request to rectify or erase their personal data.

The right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a competent supervisory authority if Kojamo has not complied with the applicable data protection laws in its operations.

Page updated 15 July 2019