SIEVI GROUP'S PRIVACY POLICY

1. General

The Sievi Group (hereinafter Sievi), which includes Sievin Jalkine Oy, Sievi Marketing Oy, Sievi AB, Sievi AS, Sievi GmbH and Sievi-Tools Oy, complies with current legislation on personal data pro-cessing and data protection when carrying out its activities. This Privacy Policy describes Sievi's data protection policies for personal data processing. It takes into account the requirements of the EU Data Protection Regulation (2016/679) and national data protection legislation, and the guidelines issued by the data protection authority.

2. Basis for personal data processing

Collecting and processing of personal data is always based on the consent of the person or the legislation in force.

3. What personal data is collected

The personal data collected by Sievi consists of information transmitted by individuals with their own consent and information received by Sievi on the basis of legislation. The personal data col-lected includes information on job applicants, staff and customers.

Data protection reports have been prepared for Sievi's personal data registers.

4. How personal data is used

Sievi uses personal data only for purposes that comply with the person's consent or with legisla-tion.

5. How personal data is retained

Sievi will only keep personal data for the required time or the time provided by law, after which data will be disposed of in a secure way.

6. Transfer of personal data

Sievi will not transfer personal information to third parties without the consent of the person or without a legally justified reason. Information will also not be transferred outside the EU or the EEA.

If information is transferred to a third party on the basis of the above criteria, Sievi requires the data recipient to comply with legislation on the processing of personal data and data protection and to comply with Sievi's Privacy Policy or equivalent privacy principles.

7. Personal data protection measures and destruction of data

Electronic data is protected by technical security measures such as firewalls, security software, usernames and password protection. Manual data is stored in locked premises. Personal data is processed only by persons whose tasks require them to do so. Access to personal data by other persons is restricted by technical protection measures and by storing hard copy material in locked premises.

8. Risk assessment of personal data processing

Sievi has assessed the risks associated with the processing of personal data and has taken the necessary measures to minimise them. Assessing data processing and data protection risks is an ongoing process in Sievi.

9. The necessity and correctness of the register information

Sievi collects and retains only the necessary personal information, and strives to keep the infor-mation in the register up to date. The deficiencies and errors found in the registry information are corrected.

10. Checking and rectifying the data

A person included in the register has the right to check the Sieve register for information about him/her and to request to have incorrect information rectified. More detailed instructions on checking and rectifying data are provided in the privacy statement or in the person file description.

11. Privacy policy changes

Sievi is actively following changes in data protection legislation and, updates its privacy policy as necessary to comply with current data protection legislation, as well as with the requirements for good personal data processing and data protection.

This Privacy Policy was last updated on 25 May 2018.

SIEVI GROUP

Korhosenkatu 24
FI-85310 SIEVI AS, Finland
FINLAND

Tel. +35884881
info@sievi.com
www.sievi.com