Privacy statement for the shareholder register of SRV Group Plc

1       Controller

SRV Group Plc, business ID 1707186-8

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

2      Contact person for matters related to the filing system

Johanna Metsä-Tokila

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

Tel. + 358 40 5620408

johanna.metsa-tokila@srv.fi

3      Name of the filing system

Shareholder register of SRV Group Plc

4      Purpose and basis of the processing of personal data

The processing of the shareholder register data of SRV Group Plc (hereinafter “SRV”) is based on legislation (chapter 3, section 15 of the Limited Liability Companies Act). The purpose of the processing of data is to maintain the shareholder register of SRV Group Plc based on the data on shares and shareholders included in the book-entry system.

5      The information content of the filing system and categories of data subjects

The filing system includes the following types of information on SRV’s shareholders:

  • shareholder’s name or the name of the nominee registration custodian, personal identification number or some other identifier
  • contact information
  • payment details
  • tax information
  • number of shares per share class
  • the central securities depository party providing the book-entry account into which shares have been registered

For a temporary entry, as set out in chapter 5, section 6a of the Limited Liability Companies Act, the following information is included in the shareholder register:

  • shareholder’s name and address and personal identification number or some other identifier
  • the number of shares per share class that are to be entered into the shareholder register

6      Information sources

Personal data is collected from the data subjects themselves and from the book-entry system.

7       Disclosure and transfer of data and transfers to countries outside the EU or EEA.

SRV’s shares are included in the book-entry system, and the company’s shareholder register is publicly available on the premises of Euroclear Finland Oy. Anyone can receive a copy of the shareholder register or a part of it for a fee that covers the related expenses.

However, the public access to information does not apply to the individual number of the personal identification number, payment and tax information or information on the transaction account into which the shares that the shareholder is selling have been recorded.

SRV publishes information on its major shareholders (the 100 largest owners) on its website. The published information includes the following: name, number of shares, percentage of shares, changes compared to the previous update, change in percentages and the market value of shares owned.

If the Population Registration Centre, based on section 36 of the Act on Population Information System and Certificate Services Provided by the Population Register Centre (661/2009), has issued an order that restricts the disclosure of information on a shareholder (non-disclosure for personal safety reasons) and SRV has been notified of this restriction, information on the shareholder’s domicile, address and other contact details included in the shareholder register can only be disclosed to authorities. However, in addition to authorities, such a shareholder’s contact address entered into SRV’s shareholder register can be disclosed to other parties as well.

SRV uses Euroclear Finland Oy, an external service provider, for the technical implementation and maintenance of the shareholder register and for the processing of personal data. In this case, personal data is transferred to the external service provider to the extent that is necessary in order to provide services. In order to ensure that data is protected, SRV concludes data processing agreements with its subcontractors who process personal data.

Personal data is processed outside the EU and EEA in India by the subcontractors (processors) of Euroclear Finland Oy: Capgemini India Private Ltd and Tata Consultancy Services. The processing is based on a contract between Euroclear Finland Oy and the above-listed processors. The contract takes into account the EU Commission’s standard clauses that comply with the General Data Protection Regulation.

8      Principles for securing the filing system and the retainage period

Only persons who are authorised to process data due to their work tasks have access to the system. Each user has a unique user ID and password for the system. Data is collected into databases that are protected with firewalls, passwords and other technical means. Databases and the related backups are located in locked premises and data can be accessed only by pre-defined persons.

Information included in the shareholder register is retained for as long as there are no changes due to a change of ownership, after which the shareholder register is updated with the current shareholder information. Information related to payments is retained in the filing system in accordance with the Accounting Act and the Act on Prepayment of Tax.

9       Rights of data subjects

Data subjects have the right to check their own information stored in the filing system, and they have the right to demand that data is corrected or erased. Requests concerning the checking and correcting of data must be submitted in person or in writing to the address provided in section 2.

In accordance with the General Data Protection Regulation, data subjects have the right to object to the processing of their data, request that the processing of their data be restricted and lodge a complaint concerning the processing of personal data to the data protection ombudsman.