PRIVACY NOTICE

Your privacy and keeping you informed on processing your personal data is important to us. This
Privacy Notice provides you information on how we collect and process personal data of our clients,
potential future clients and our business contacts.
We comply with the EU General Data Protection Regulation (GDPR) and are committed to protecting
the privacy of the contacts, whose personal data we hold in our registers.

Regular Sources of Personal Data

In connection with distribution, sales, training and consulting of our products, we collect data directly
from the persons involved.

Purpose and Legal Basis of Collecting Personal data

Personal data is collected to conduct the tasks related to distribution, sales, training and consulting
between us and the person in question.
Processing of personal data is based on consent of the data subject, contract with the data subject or legitimate interests.
Where processing is based on consent, data subject shall have the right to withdraw his/her consent
at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent
before its withdrawal. Prior to giving consent, the data subject shall be informed thereof.

Personal Date Processed

The personal data that we process mainly includes the following:
- Client identification information, such as your name, your contact information (email, address, phone number(s)), your employer, your title or position
- position and personal data given in the contracts
- Information provided to us by you for attending our meetings and events
- Information about your participation to our events
- Data obtained and/or collected from public information sources such as your company websites.

Transferring personal data

The personal data is not transferred outside European Union (EU) or European Economic Area (EEA).


PRIVACY NOTICE

We do not distribute your personal data in any manner to third parties, but we may share information
with our suppliers when they perform services on our behalf under contractual obligations to us and
only to the extent of the purposes defined above.

Handling and Protection of Personal Data
The register is located on a server at our premises.
We implement appropriate technical and organizational measures against unauthorized or unlawful
processing of personal data and against accidental loss or destruction of, or damage to personal data
by, for example, maintaining security policies and procedures to ensure our systems are secure and
protected. Processing of your personal data is limited to personnel who needs to access data for the
purposes above while we provide our services. We provided training to our personnel regarding
privacy, data protection and security.

Retaining Personal data
We will retain your personal data for the duration of our business relationship or as required by laws,
regulations and professional rules and codes of conduct applicable to us. We may also retain your
personal data for a longer period to the extent we deem the data necessary to assert or defend legal
claims during any relevant retention period or to identify possible conflicting assignments.

Checking, Updating and removing the Personal data
You have the right to check the personal data we have on our register. And upon your request, we will
correct, complete or remove the personal data which is incorrect, unnecessary, incomplete or
outdated. You can check, update or ask for removal of your personal data by contacting us.

Contact information
Bioretec Oy
Hermiankatu 22
FI-33720 Tampere, Finland
020 778 9500
In case of questions, you may also contact info@bioretec.com