Privacy Policy, Supplier register Description of the file Personal Data Act (523/1999) section 10 Date of drafting: 24.5.2018 Updated: 15.08.2019 Rockrobot Oy Supplier register Controller Rockrobot Oy org nr/VAT ID: FI25831337 Visitor address: Skaffarinkatu 7, 32800 KOKEMÄKI, FINLAND Postal address: Vesimyllynkatu 2, 33310 TAMPERE, FINLAND The person in charge and contact person: Petri Lehtinen Tel. +358 40 588 2755 info@stonepower.fi The purpose for processing the personal data The purpose for processing the personal data / the purpose for the use of this register is to develop and maintain logistics. This is based on the following prerequisites in the personal data act 523/1999 8§ Content of the register This supplier register may include one of the following data or all of them: the name of a person, the name of a company that he/she represents, phone numbers, addresses (visitor, postal, work area, delivery, e-mail, social media addresses), title, contact type (present/potential supplier etc), description of supplier related tasks and equipment. Regular sources of information Regular sources of information are company related contacts with a present or a potential supplier (meetings, phone, e-mail, social media, Outlook, Messenger and other similar messaging applications, contacts using web contact sheet). Regular destinations of disclosed data We don’t deliver supplier register data to other organizations or individuals. But see “Third party privacy policies” in Stonepower privacy policy to find out which third party applications, that we use, share personal data. Data is transferred outside the European Union and the Europen Economic Area, because most of the equipment and applications are manufactured and controlled outside the European Union. For example mobiles, that are used to contact suppliers, have applications, which use servers outside the Europe and which may read address book, pictures and other information in the phone. Data may be transferred during updates due to backups. The principles how the data file/register is secured A. Manual register Manual register is held in a locked storage cabinet. Only the authorized people in the company can access the cabinet. B. Data register Communication devices, that are used to contact the supplier, read or process the personal data, have a password or a PIN enquiry or another means of restricting unauthorized users to access the data. They are connected only to known networks, that have a firewall enabled. The communication devices have a security software installed. The supplier register server is located in Finland in premises that fulfill the requirements set by Finnish Communications Regulatory Authority according to 48A/2003 concerning “Important premises”. It defines the demand for physical protection of communication network against fire, water and burglary. The network is also protected by a firewall. CRM, web and email server is also located in Finland. The server is protected by a firewall and the server lies in Level 2 segmented network. Only the authorized people can access these servers. Most of the devices and the installed applications are manufactured and controlled outside the European Union (for example using updates or other applications). The right of subject access This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. Concerning this supplier register you can do that by sending a written request to register’s contact person (see 2. in this file) including your full name, address and contact telephone number; any information used by the organisation to identify you (account numbers, unique ID’s etc), details of the specific information you require and any relevant dates, for example emails in a specified time frame. The right to demand correction of failures in your personal data You have the right to demand the correction of incorrect or inaccurate data related to you in this register. Concerning this supplier register you can do that by sending a written correction request to register’s contact person (see 2. in this file) including your full name, address and contact telephone number; any information used by the organisation to identify you (account numbers, unique ID’s etc), details of the specific information you require to be changed, a correction and any relevant dates. The right to deny the use of your personal data to any purpose that is not mandatory due to Finnish legislation You can deny partly or entirely the use of your personal data for example for marketing.