Privacy Policy in accordance with the European Union General Data Protection Regulation

Created on May the 25th, 2018

1. Registry holder

Trevian Asset Management Oy (Business ID 2507543-9)

Point of contact for the register:

Trevian Asset Management Oy
Address: Pohjoisesplanadi 35 aA, 4th floor, 00100 Helsinki
Email: info@trevian.fi
Tel: Trevian info + 358 10 581 3830

2. Registry name

Asiakastieto- ja sidosryhmärekisteri (Customer information and stakeholder register)

3. Purpose of processing personal data

Information is collected from customers, service providers and other stakeholders. We use this information to develop, among other things, the quality of our customer service, our service offering and marketing.

4. Registry contents

The register contains the following personal information, only if
disclosed by the data subject:

Customer’s name, email address, telephone number, title and other descriptive identifier (e.g. “Tenant” or “Service Provider”).

In addition we have records for the following information: the dates of updating personal data, contacting the data subject by Trevian Asset
Management Oy, agreements made with Trevian, and the basic information of these agreements.

5. Regular data sources

The register contains personal information that is disclosed to the registry only by the data subject themselves, e.g., by email or other means. In addition, information can be collected from open web pages and other open databases.

6. Transfer of data to third parties

The data shall never be disclosed to any third parties without authorities’ request.

7. Transfer of data outside the EU or EEA

Depending on the systems in use, the data is stored in Finland or outside Finland, but mainly within the European Economic Area in the data warehouses of the system providers.

Some data may be processed and stored outside the European Economic Area, in the United States, in systems controlled by third parties under the Privacy Shield certification and compliant to European Union General Data Protection Regulation.

8. Principles of registry protection

The registry is processed in systems for which the users have specifically defined access rights. Use requires a personal username and login to the information system. The registry is protected by appropriate technical measures.

9. Right to review

Each registered data subject has the right to review all data on them stored in the registry or to find out whether he or she is in the registry.

The person must submit a request for reviewing in written by providing at least their name and email address. The person must request for review either by email or by a self-signed letter. Requests for review or information are not received by phone, but we always require a written request for reviewing the information.

The necessary and appropriate measures to identify a person are carried out prior to the review and / or disclosure of the information to the data subject.

In the event of inconsistency or discrepancy between the Finnish version and any of the other language versions of this privacy policy, the Finnish language version shall prevail.