Data Protection Statement

1. NAME OF REGISTER

Customer register

2. CONTROLLER

Name: AQVA.IO Oy

Address: Yrjönkatu 10, 28100 Pori, Finland

Other contact details: +358 40 564 1756

3. Contact person in matters related to the register

Name: Kalle Sandelin, CEO

Address: Yrjönkatu 10, 28100 Pori, Finland

Other contact details: kalle(at)aqva.io, +358 40 564 1756

4. PURPOSE OF PROCESSING PERSONAL DATA

Personal data is collected and processed to enable AQVA to serve itscustomers who acquire equipment and/or services from AQVA.

Data is processed in order to identify users of AQVA’s digital services andto ensure that the right people are using the services and only access theservices they are entitled to use and only see the data they are entitled tosee.

Data may also be used for the implementation of AQVA’s digital services,for customer service, and for service-related communications to users.

The legal grounds of processing are: customer relationship management,fulfilling legal obligations and our legitimate interests. For the processingof some personal data we may also request the data subject’s consent.

5. DATA CONTENTS OF THE REGISTER

For service users:– first name and surname,– username,– email,– telephone number,– usage role (admin or monitor user),-information on the company, its apartments, the property managerand maintenance company,– invoicing details like name, address, meter number, number of theplace of use, consumption,– information indicating acceptance of terms and conditions (EULA),– IP address collected automatically for debugging purposes,– water consumption usage and history

For API users:– API interface usage and requests including IP address and API commands,

Information concerning customer communications, marketing and othercommunications, including– mailing lists (such as the customer magazine, newsletter andmonthly report)– interests of the contact person and other information provided bythe contact person themselves

Information on the customer relationship, contracts, orders and deliveries,including– quotes, orders, contracts, billing, complaints, feedback and othercontact history with the customer-purchased products and services and the reasons for their purchase– details of the seller/buyer

6. REGULAR SOURCES OF DATA

We collect information on our customers’ contact persons from thefollowing sources:– Data is collected from users of AQVA’s digital services and fromcustomer organisations, as well as automatically when services areaccessed.– Information collected by AQVA from sales, deliveries and othermanagement of customer relationships.– From customer and supplier companies and contact personsthemselves when opening a customer account, subscribing tocustomer and product magazines or newsletters or otherwise inrelation to the customer relationship.– From the company’s website and other public sources, such as theFinnish Trade Register, other business information registers anddirectory services.– Data on the use of digital services is collected by LeakLook serviceand Google Analytics.

7. COOKIES

We use various technologies, including cookies, to collect and storeinformation as you use our service and website. Cookies help us monitorthe total number of visitors to our site as well as the use of our serviceand website. This helps us improve our service. We also use cookies thatimprove your user experience by making our service and website easier touse, e.g. by storing user IDs, passwords and (language) selections. Wealso use monitoring and analytics cookies to find out what our users thinkabout the service we offer.

You can block the use of cookies in your browser or set your browser towarn you whenever permission for installing cookies is requested. Pleasenote that this may affect some of the functionalities of the service. Formore information on cookies and on how to block them, please visitwww.allaboutcookies.org.

Our services use Google Analytics and other analytics tools to createreports on the use of our service in order for us to improve our websiteand service. For more information on Google Analytics, please visithttps://www.google.com/analytics. You can disallow the collection of databy Google Analytics by downloading an add-on for your browser athttps://tools.google.com/dlpage/gaoptout.

8. REGULAR DISCLOSURE OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

We may transfer or disclose personal data to our partners, if it isnecessary for the purposes of this data protection statement. Thesepartners may include Amazon Web Services (Frankfurt) and 3rd partymanagement software’s (via API) requested by Customer, companiesperforming invoicing and other partners.

In such situations, personal data will be processed in accordance withcurrent applicable legislation.

We may also use third-party service providers such as providers ofpayment services, collection services and analytics services to performcertain tasks involving the processing of personal data on our behalf.

We may also transfer or disclose personal data to our group companiesand to our business successor as a result of, for example, restructuring,sale of business, merger, demerger, bankruptcy or liquidation.

Otherwise, we will not sell or disclose your data to third parties. Neitherwill we transfer data outside the EEA unless permitted by data protectionlaws.

If required by applicable law, personal data may also be transferred ordisclosed to the authorities.

9. DATA PROTECTION PRINCIPLES

All material is only stored electronically.

AQVA’s databases, in which the data is stored, can only be accessed bythe employees maintaining the databases. This has been ensured bymeans of user rights. The user interfaces display only the information thatis needed to accomplish the tasks of each particular user role. The viewsand access rights in the user interface are specific to each role or user.

We apply appropriate technical and organisational security measures toprotect personal data against unauthorised access and accidental orunlawful destruction, alteration, disclosure, transfer or other illegalprocessing.

10. DATA RETENTION

We will keep your personal data in accordance with current legislation andonly for as long as is necessary for the purposes specified in this dataprotection statement. Once the basis of the processing of your personaldata has ceased to exist, we will erase your personal data.

A user who has not signed in for two years with his or her username isdeemed to have terminated the user account. In that case, we will removethe information provided by the user in the user database and delete theusername, after which no one, not even the user himself or herself, canreactivate the user account or restore the data. Information observed andderived from the use of services is converted to a format in which anindividual is no longer recognisable.

Please note that some of our services may include public, interactive, andcommunicative features, such as comment sections or forums, and yournickname and content may also be visible after you remove yourregistered user account or the user relationship is terminated. If you donot want to be identified by your username and/or your comments, pleasepay attention to their content.

11. WHAT ARE YOUR RIGHTS?

Right of accessAQVA provides you with access to information concerning the personaldata about you. You can contact us and request us to disclose whatpersonal data about you we process and on what grounds. If your previousrequest for information was made less than 12 months ago, we mayrequire payment for carrying out the requested measures.

Right to rectificationYou also have the right to have incorrect, inaccurate, incomplete, obsoleteor unnecessary information rectified or completed by contacting us.

Right to erasureYou can also request us to erase your personal data in our systems. Wewill comply with your request unless we have a legitimate reason not toerase the data, for example, to meet our legal obligations. Data may notbe removed instantly from all our backup or other similar systems.

Right to objectYou may also request restrictions on the processing of your personal dataif the data is processed for purposes other than the performance of ourservice or the fulfillment of the obligation arising out of the law. You mayalso object to the processing of your personal data in the future, even ifthe processing were based on your prior consent. Objecting to theprocessing of personal data may lead to more limited access to ourwebsite and our services.

Right to restriction of processingYou can request us to restrict the processing of your personal data. Usingyour right to restriction of processing of data may lead to more limitedaccess to our website and our services.

Right to data portabilityYou have the right to receive your personal data from us in a structuredand commonly used format so that you can transmit the data to anothercontroller.

You can use your rights by sending an email to help(at)aqva.io or bycontacting us at the addresses above. As a rule, the request should besent from the email address registered in AQVA’s digital service userdatabase and the response to the request will be sent to that emailaddress.

In addition to the above-mentioned rights and other rights, you also havethe legal right to lodge a complaint with a supervisory authority,especially in the Member State where you have a habitual residence orplace of work or where the alleged violation of the Personal DataRegulation has occurred. In Finland, that supervisory authority is the DataProtection Ombudsman.

12. CHANGES TO THIS DATA PROTECTION STATEMENT

AQVA may from time to time make changes to this data protectionstatement at any time without prior notice. However, if this dataprotection statement is substantially changed, we will notify all registeredusers on their registered email addresses.