PRIVACY STATEMENT / Marketing

1. DATA CONTROLLER
Name: Newsec Asset Management Oy
Newsec Advice Oy
Newsec Valuation Oy
Each as an independent data controller

Address: Mannerheiminaukio 1 A
FI-00100 Helsinki
Telephone: +358 20 742 0400
E-mail: laura.kautto@newsec.fi
Contact person: Laura Kautto

2. PURPOSE OF USE OF PERSONAL DATA
The register handles personal data on the data controller's customers and marketing contacts, and personal data on contact persons employed by such entities (hereinafter referred to as the Data Subjects). The personal data are used for sending Newsec newsletters, event invitations and other marketing communications and enquiries, announcing services and events, contacting current and potential customers, and maintaining and developing customer relations.

3. GROUNDS FOR PROCESSING PERSONAL DATA
The basis for processing personal data is consent or a potential assignment from the Data Subject, performance of legitimate interests of Newsec, or implementation of an agreement to which the Data Subject is a party.

4. PERSONAL DATA PROCESSED
The register processes the personal data and contact details of Data Subjects, and other information that is necessary for marketing. This information includes:

• forename and surname
• title
• employer
• employer's place of business and address, country
• department
• work phone number
• e-mail address

5. REGULAR DATA SOURCES
Data are collected from the Data Subject in person from such sources as agreements concluded with the data controller or at the time of oral or written contact. Details of participants are collected at events, seminars and training sessions. Details may also be collected and updated from the registers of a data controller providing an address, updating or similar service, and by collecting data from sources in the public domain. Details of individuals may also be collected via websites with their consent.

6. PROTECTION OF PERSONAL DATA AND DATA SECURITY
No materials are maintained manually.

Electronically processed register data are protected using firewalls, passwords and other necessary technical means that are generally approved in the security industry at the time.

7. REGULAR RELEASES AND TRANSFERS OF PERSONAL DATA
The data controller may only release personal data on Data Subjects to service providers for purposes that do not conflict with the foregoing purposes of handling personal data. A data processing agreement (DPA) has been concluded between the data controller and the data processor.

8. TRANSFERS OF PERSONAL DATA OUTSIDE OF THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
No data will be released from the register to a party outside of the European Union or European Economic Area unless such release is necessary for the technical performance of data processing.

9. RIGHTS OF THE DATA SUBJECT
In accordance with applicable data protection legislation, Data Subjects shall be primarily entitled to:

- information on the processing of their personal data;
- access their own data;
- require correction of inaccurate and incorrect personal data;
- require processing restrictions or deletion of personal data; and
- withdraw consent and oppose the processing of their personal data insofar as the said processing is based on the consent of the Data Subject and has no other foundation.

The Data Subject must submit a written request to the data controller concerning implementation of the foregoing right. The data controller may ask Data Subjects to specify their requests and verify their identity before processing the request. A data controller may refuse to implement a request pursuant to applicable statutes.

Every Data Subject shall be entitled to submit an appeal to the competent supervisory authority or to the supervisory authority of the Member State of the European Union where the Data Subject lives or works if the Data Subject considers that his or her personal data has not been processed in accordance with applicable data protection legislation.

10. AMENDMENTS TO THIS PRIVACY STATEMENT
This privacy statement may be updated from time to time, for example when legislation changes. This privacy statement was most recently updated on 15 May 2018.