OUR PRIVACY POLICY AT A GLANCE

  1. WHO WE ARE. We are Medikro Oy, we manufacture and market medical systems for pulmonary diagnostics and monitoring. We are headquartered in Kuopio, Finland. We process and protect your personal data responsibly.
  2. WHAT WE USE YOUR DATA FOR. We will use your data (collected online or in person), among other purposes, to manage your support requests, to respond to your queries, and, if you wish, to send you our customised communications.
  3. WHY WE USE YOUR DATA. We have legal standing to process your data for various reasons. The main reason is that we need to process your data to manage your support requests, when you fill the webform on our site or send us an e-mail. We also use your data for other reasons, for example, to send you newsletters that you have asked to receive from us.
  4. WHO WE SHARE YOUR DATA WITH. We share your data with service providers who provide us with assistance or support.

YOUR RIGHTS. You have the right to access, rectify or delete your personal data. In certain cases, you are also entitled to other rights, such as, for example, to object to us using your data, or to transferring your data, as explained in depth below.

We encourage you to read our full Privacy Policy below to understand in depth the way we will use your personal data and your rights over your data.

BEFORE YOU START…

  • In this Privacy Policy, you will find all relevant information applicable to our use of our users’ and customers’ personal data that you use to interact with us.
  • We are transparent about what we do with your personal data, to help you to understand the implications of the way in which we use your data, and the rights you are entitled to in relation to your data:
    • We permanently make available for you all the information included in this Privacy Policy, that you can check when you consider appropriate, and in addition,
    • You will also find further information on how we use your data as you interact with us. • These are some terms we regularly use in this Privacy Policy:
    • When we speak about our Platform, we refer, in general, to any of the channels or means, digital or in person, you may have used to interact with us. The main ones are:
      • Our Website
      • Our E-mail (any of boxes at medikro.com domain)
      • Our Phone (support line and direct numbers of our employees)

1. WHO IS THE CONTROLLER OF YOUR DATA?

Your data controller is:
Medikro Oy (manufacturer and marketer of products branded “MEDIKRO”):

Postal address: P.O.Box 54, FI-70101 Kuopio, Finland

Factual address: Pioneerinkatu 3, 70800 Kuopio, Finland

E-mail address of the Data Protection Officer: dataprotection@medikro.com

Medikro Oy (“we”) is responsible for processing and protecting your personal data.

2. WHY DO WE PROCESS YOUR PERSONAL DATA?

Depending on the purpose for which we process your data from time to time, as explained below, we need to

process one or other data, which will in general be, depending on each case, as follows:
▪ your identity data (for example, your name, surname, language and country from which you interact with us, contact data, your company contacts etc.),

▪ connection, geolocation and/or browsing data (for example, the location data, the device identification number (IP), etc.),

▪ information about your tastes and preferences (for example, if you have subscribed to our newsletter).

Remember that, when we ask you to fill in your personal data to give you access to any functionality or service of the Platform, we will mark certain fields as compulsory, since this is information that we need to be able to provide the service or give you access to the functionality in question. Please take into account that, if you decide not to make such data available to us, you may be unable to complete your support request or may not be able to enjoy those services or functionalities.

In other cases, we may collect information passively, as we may use tracking tools like browser cookies and other similar technology on our Platform and in communications, we send you.

Depending on how you interact with our Platform, i.e., depending on the services, products, or functionalities that you wish to enjoy, we will process your personal data for the following purposes:

1. To serve the requests that you make through the Customer Support channels

In order to answer your questions and deliver solutions to your support requests we need to know your Name and contact information (may include your Company name).

To process support requests, we collaborate with third party who offer us the necessary technology, namely – Zendesk. Your information is stored on Zendesk’s servers, located inside the EU and maintained along the international guidelines, confirmed with ISO 27018 (ISO/IEC 27018:2014) audit certificate for the ISO assessment of code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.For further information, please refer to their Privacy Policy

2. For marketing purposes.

This purpose includes the processing of your data, mainly, for:

▪ Personalise the services we offer you and enable us to give you recommendations based on your interactions with us on the Platform and an analysis of your user profile (for example, based on your support requests and browsing history).

▪ When you subscribe to our Newsletter, we will process your personal data to manage your subscription, including to send customised information on our products or services.

▪ Data enrichment: When we gather your personal data from a variety of sources, we may consolidate them under certain circumstances for the purpose of improving our understanding of your needs and preferences related to our products and services (including for the purposes of analyses, generating user profiles, marketing studies, quality surveys and improving our interactions with our customers). This refers, for example, to the way we may combine your information if you have a registered account and, using the same email linked to your account, you make a purchase, or to information which is automatically compiled (such as IP and MAC addresses or metadata) which we may link with the information you have provided us directly through your activity on the Platform or during purchasing our products and services.

▪ To build trainings programs. For example, if we notice a lot of requests about similar topic, coming from same company, we may direct to you communication with proposal to participate in a dedicated to that topic training program.

3. Analysis of usability and quality to improve our services

This purpose means collection of website usage patterns along with satisfaction surveys for improvement of our website (and other marketing materials) content and design as well as the services, which we provide. For example, when you send the support request via webform at our website we receive the address of the page, from which the request has been done, it helps us to understand the context better.

3. HOW ARE WE LEGALLY PERMITTED TO PROCESS YOUR DATA?

The legal terms on which we are permitted to process your personal data also depends on the purpose for which we process them, as explained in the following:

1. Customer Support

We consider that we have legitimate interest in answering the requests or queries raised by you through the existing different contact channels. We understand that the processing of these data is also beneficial to you to the extent that it enables us to assist you adequately and answer to the queries raised.When your request is related to the exercise of your rights on which we inform you below, or to claims on our products or services, we are legally permitted to process your data for compliance with our legal obligations.

2. Marketing

We are legally permitted to process your data for marketing purposes due to the consent that you give us, for example when you send us a request via our Platform, when you consent through the cookies settings or when accepting the legal terms and conditions to participate in a promotional action or on our social networks’ channels.

To offer you personalised services or to show you customised information, whether on our Platform or those of third parties, as well as to engage in data enrichment, we consider that we have a legitimate interest to conduct a profiling with the information that we have about you (such as your browsing, preferences or requests history) and the personal data that you have provided us, such as the name, email, country and language, since we understand that the data processing of these data is also beneficial to you because it allows you to improve your user experience and access the information in accordance with your preferences.

3. Analysis of usability and quality

We consider that we have a legitimate interest in analysing the Platform usability and the user’s satisfaction degree, since we understand that that the processing of these data is also beneficial for you because the purpose is to improve the user experience and provide a higher quality service.

4. DO WE SHARE YOUR DATA WITH THIRD PARTIES?

To achieve the purposes mentioned in this Privacy Policy, we must give access to your personal data to thirdparties that provide us with support in the services that we offer your, i.e.: ▪ technological and analytical service providers,

▪ providers of customer support related services,

▪ service providers and collaborators related to marketing and publicity, such as advertising agencies

or advertising partners that in certain cases may act as joint controllers.

For service efficiency purposes, some of these providers are in territories outside the European Economic Area that do not offer a level of data protection comparable to that of the European Union. In such cases, we inform you that we transfer your data with adequate safeguards and always keeping your data safe, using the most convenient international data transfer tools, in example the Standard Contractual Clauses and any relevant supplementary measures. You may consult the content of such Standard Contractual Clauses through the following link:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts- transferpersonal-data-third-countries_enhttps://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-%20transferpersonal-data-third-countries_en

5. WHAT ARE YOUR RIGHTS WHEN MAKING YOUR DATA AVAILABLE TO US?

We undertake to keep your personal data confidential and to ensure that you may exercise your rights. Bearing that in mind, you may exercise your rights free of charge by writing us an email to a single e-mail address (dataprotection@medikro.com), simply informing us of the reason for your request and the right that you wish to exercise. If we consider this necessary to be able to identify you, we may request you to provide a copy of a document evidencing your identity.

In particular, notwithstanding the purpose or legal basis we use to process your data, you have the following rights: • To request access to your personal data that we hold.
• To request that we rectify the personal data that we hold.

• To request that we erase your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them.

• To request that we cancel or limit the processing of your personal data.If you have given us your consent to process your data for any purpose, you also have the right to withdraw such consent at any time. Some of the circumstances in which you may withdraw your consent are detailed in section 2 where we explain for which purposes we process your data.

When we are legally permitted to process your data due to your consent or to for the purposes of a contract, as explained in section 3, you will also have the right to request the portability of your personal data. This means that you will have the right to receive the personal data that you made available to us in a structured, commonly used and machine-legible format, to be able to transmit them to another entity directly without impediments on our part.

In addition, where the processing of your data is based on our legitimate interest, you will also have the right to object to the processing of your data.

Finally, we inform you that you have the right to file a claim before the responsible data protection regulatory authority, in particular, before:▪ The Finnish Data Protection Agency http://www.tietosuoja.fi/en

6. CHANGES TO THE PRIVACY POLICY

We may amend the information contained in this Privacy Policy when we consider this appropriate. Should we do so, we will notify you by various procedures through the Platform (for example, through a banner, a pop-up or a push notification), or we may even send you a notice to your e-mail address when the change in question is relevant to your privacy, for you to be able to review the changes, assess them and object or unsubscribe from a service or functionality.

In any case, we suggest you to review this Privacy Policy from time to time in case minor changes are made or we make any interactive improvement, taking the opportunity that you will always find it as a permanent point of information on our Website.

7. INFORMATION ON COOKIES

We use cookies and similar devices to facilitate your browsing in the Platform, understand how you interact with us and, in certain cases, to be able to show you advertisements in accordance with your browsing habits.