Privacy Policy on Technopolis Group Companies’ Investor Relations and Corporate Communications Register

Data Controller TECHNOPOLIS PLC, Business ID 0487422-3, Address: Elektroniikkatie 8, 90570 Oulu, on its own behalf and on behalf of companies belonging to the same group which act as joint controllers as applicable. Such group companies are listed in the section “Regular disclosure and transfer of data, and data transfer outside the EU or EEA”.
Contact Person for Data-Related Matters In matters related to data protection please contact via email to

Head of IR Minna Karttunen, Energiakuja 3 FI-00180 Helsinki, tel. +358405133225, email:

Name of Register Investor Relations and Corporate Communications Register
Legal Basis and Purpose of Processing Personal Data The processing of personal data is based for the purposes of the legitimate interests of the controller or a company belonging to the same group.

Personal data is used for managing, developing and maintaining the investor and media (including potential investors) relationship between the controller and the investors, analysts, journalists and other persons receiving Technopolis´stock exchange releases, press releases, investor news, newsletters and other corporate communications, compilation of statistics, organizing of events and direct marketing by the controller.

Data Content of the Register, and the Data Protection Groups Current and potential investors, analysts, representatives of media and other persons receiving communications related to Technopolis´ investor relations and corporate communications.

The register may contain following personal data:

  • First name
  • Last name
  • Position in the organization (title)
  • Language of communication
  • Company
  • Company address
  • Email address
  • Phone number
  • Communication information (such as emails and e-forms)
  • Marketing and promotional data (such as marketing measures targeted at data subjects, participation in events)
  • Data on the use of electronic services (e.g. browsing and search data, IP addresses, and cookies)
  • Direct marketing consent and prohibition
  • Any other information provided by the data subject themselves
Regular Sources of Data Data is collected regularly about the data subject by telephone, email, on the internet and in meetings and events. Personal data can also be collected and updated from media and public and private registers, such as the population register, other authorities, credit information companies, contact information providers, and other similar trustworthy parties.
Regular Disclosure and Transfer of Data, and Data Transfer Outside the EU or EEA The controller does not regularly disclose the registered data to third parties.

The controller may use external subcontractors to handle the tasks described in this policy, and in such cases, the service providers act on behalf of the controller. Subcontractors, i.e. recipients of personal data, include e.g. marketing and communication agencies, event organizers and data system suppliers. The controller is responsible for the activities of its subcontractors as for the controller’s own activities. The controller will ensure, by means of data processing agreements with subcontractors, that these parties are committed to protecting the personal data of the data subject in the manner stated in this document. In addition, the controller may disclose contact details for marketing purposes to its subcontractors used within its business operations.

Information is not regurarly transferred outside the European Union or the European Economic Area. Some of the personal data described in this policy may be processed outside the EU and the EEA, in which case the data controller has ensured that its subcontractor is covered by the Privacy Shield data protection system or other similar arrangements (e.g EU Commission Model Clauses), and the controller ensures that personal data are protected by the appropriate technical measures (e.g. data encryption).

Personal data are also disclosed and transferred to the subsidiaries and associated companies of the Technopolis Group for their use, for the purposes specified above. Personal data is transferred to (and from) the following companies in Technopolis Group:


Technopolis AB


Technopolis Holding AS


Technopolis ApS


Technopolis Lietuva UAB


AS Technopolis Ülemiste

Russia (transfers only from there based on separate agreement)

Technopolis St Petersburg LCC

Principles of Register Protection and Data Storage Period The only persons who have access rights to the personal data system are those employees of the controller who have the right to process personal data contained in this register for the purposes of carrying out their work. Each user has their own username and password for the system. Data is collected in databases that are protected by firewalls, passwords, and other technical measures. Databases and backups are located in locked spaces, and only certain pre-designated persons can access them.

Personal data will be stored permanently for direct communications purposes within the limits of the law and otherwise for as long as it is necessary for fulfilling the purpose of the personal data and permitted by law in force from time to time.

The controller will regularly assess the need for the storage of personal data, and will also take reasonable measures to ensure that incompatible, obsolete or inaccurate personal data on data subjects is not saved in the register.

Rights of the Data Subjects The data subject has the right to inspect the data on him or her that is stored in the register, as well as to demand that any incorrect data be corrected and that any data on him or her be deleted from the register. Any such requests must be submitted in writing personally to Technopolis’ reception service or to

The data subject has the right to deny the controller access to data about the subject for the purposes of direct advertising, market research, opinion polling or related profiling. Such a prohibition may be provided at any time to or, for example, by opting out of the mailing list in the manner instructed in the marketing messages themselves.

In accordance with the General Data Protection Regulation, the data subject has the right to object or request restriction of processing of the data subject’s data, and to file a complaint against the processing of their personal data to the relevant supervisory authority.