Updated 13 October  2023

1. Purpose of this notice and data controller

The purpose of this notice is to give you information regarding how we at Kamux Corporation (business ID 2442327-8) process personal data related to market abuse regulation and related party matters:

• list of Persons Discharging Managerial Responsibilities (“PDMR”) and their Closely Associated Persons and Undertakings (“PCAs”) under Market Abuse Regulation (EU No 596/2014);
• PDMR’s and PCA’s transactions;
• IAS 24 Related parties register;
• IAS 24Transactions Related parties’ transactions;
• Project specific insider registers; and
• List of persons acting in the information core of Kamux Corporation.

If you have any questions related personal data processing and/or this notice, please contact Data Protection Officer: privacy@kamux.fi 

2. Contact details in privacy matters

As a data subject you may contact Kamux in all privacy matters using following contact information:

Kamux Corporation / Privacy matters
Parolantie 66
FI-13130 Hämeenlinna, Finland

Contact details of Data Protection Officer: privacy@kamux.fi 

3. For what purpose is your personal information collected  and what type of information is collected and where?

Required by the Market Abuse Regulation (EU No 596/2014)

• maintaining the company's insider list;
• maintaining a list of executives subject to the disclosure obligation and persons and entities closely associated with them; as well as
• monitoring and reporting transactions of the company's shares and other financial instruments by the company's executives subject to disclosure obligation and persons and entities closely associated with them, as well as publishing register information.

Required by obligations by Limited Liability Companies Act, Accounting regulation including the Finnish Accounting legislation and International Accounting Standard 24 (“IAS 24”) as well as the Finnish Corporate Governance Code.

• maintaining the company's list of related parties;
• maintaining a list of executives and their related parties subject to the disclosure obligation under IAS 24; as well as
• monitoring and reporting transactions of the company's shares and other financial instruments by the company's executives and their related parties subject to disclosure obligation under IAS 24.

The information collected and processed is enclosed as Appendix 1.

Regular sorces of information are the company, the data subjects themselves and their authorized parties, book-entry system, Financial Supervision Authority, other public databases.

4. Who do we share your personal information and may information be transferred outside the EEA?

The company is obliged by law to disclose the information in the insider register to the competent authorities upon request.

In addition the company is obliged by law to disclose to the competent authorities the information on transactions in the company's shares reported by the executives subject to disclosure obligation and persons closely associated with them, and to publish the transactions reported by them, and keep the information visible on the company's website. The information published on the website does not include personal identification numbers and home addresses.

The data in stored and maintained in a cloud-based service provided by InsiderLog AB. InsiderLog applies appropriate technical and organizational security measures to maintain integrity and confidentiality of the data. Only people whose work-related tasks require them to process the personal data can access the data.

Personal data is not transferred outside the EEA.

5. How your personal information is protected and how long we process information

We apply physical, technical, and administrative protection measures to protect personal data. We make data processing agreements with all subcontractors that process personal data in order to ensure appropriate data protection. Data is stored five years after it is drawn up or updated and IAS 24 data is stored ten years after each financial year after which they will be permanently erased.

6. Your rights as a data subject

You can make a request for data subjects' rights by contacting our customer service via e-mail asiakaspalvelu@kamux.fi or phone +3589 8560 4000, or by sending a request  to the address mentioned in section 2.

As a data subject, you have the following rights:

• Right of access, rectification and erasure
  • As a data subject you are entitled to obtain information of your personal data processed by Kamux. You have also a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of your data.
• Right to ask for the restriction or object the processing
  • You have the right to ask for the restriction or object your personal data processing.
• Right to lodge a complaint with a supervisory authority
  • If you consider that the processing of personal data relating to you infringes the data protection regulation, you have the right to lodge a complaint with a supervisory authority. You may lodge your complaint in the EU Member State of your habitual residence, place of work or place of the alleged infringement.