Privacy Statement for Customers and Business Stakeholders Scope This Privacy Statement for Customers and Business Stakeholders (“Stakeholder Statement”) describes how companies in Accountor Software Business (“Software Company”) collect and process personal data in following contexts: marketing and sales of services; customer agreements and customer management; provision and use of services (e.g., access rights management) acquiring services, vendor agreements and vendor management; co-operation activities and stakeholder management; sales opportunities and management thereof; or events organized by the Software Company and management thereof. Please read this Stakeholder Statement together with General Privacy Statement, if necessary, before you start using our services or engaging in business with us. Collection of personal data We collect your personal data through different means. Primarily, we collect and process data, which is provided by you when you communicate or do business with us, e.g. in connection with entering into a contract or in the process of knowing customer (Know Your Customer), when you buy our services or contact us for providing services, visit our premises or participate in our marketing or social media campaigns or other events; is generated in different contexts e.g., when using or logging into our services, performing various transactions (e.g., paying bills) and making entries or participating an event organized by the Software Company; and is obtained from other companies in Accountor Software Business, publicly available sources or third parties, where permitted by applicable laws, e.g. information obtained from the company you represent or with which you are otherwise connected to, from the Trade Register or other official registers, the Business Information System or other similar publicly available databases such as financial sanctions and the asset freezing registers. We may combine the data collected from different sources, e.g. from publicly available sources, and from our different interactions with you e.g. in connection with entering into a contract or related to service provision and events. You may decide not to provide any personal data to us, but that may complicate or prevent us doing business with you, or a company you represent, or executing certain activities you have requested from us. Personal data categories The personal data we collect and process includes the following categories of data: basic information, such as name, title and your relation to a company you represent and contact details (email, address and phone), nationality and language preferences; information relating to our relationship, such as service and order details, contract information, payment details, billing information or information related to your visit at our premises (such as surveillance camera footage, vehicle license plate number); Information related to knowing the customer as required by applicable legislation, such as identification information, information on right to represent the company, basic information about the customer and related representatives, responsible persons and actual beneficiaries (including their personal identity numbers), as well as information whether some of the above persons or any individual otherwise closely associated with is to be categorized as a politically exposed person and the basis thereto, and sanction register information; marketing data, e.g. product preferences, marketing permissions and prohibitions; your communication and interactions with us as well as generated records and material, such as correspondence, service requests, call recordings, your contribution to our campaigns (video, audio or other material e.g. content in social media) and events organized by us as well as entries on the use of individual’s rights; service-related information, e.g. user IDs, passwords, and other authentication credentials as well as data generated in connection with service provision e.g., login information, and how services are used; project related data, such as resourcing, assignments and hour bookings; and other data, which is based on your consent and defined in detail on a case by case basis. We may collect and use for any purpose aggregated data, where no natural person may be identified. Examples of such data are statistical data or demographic data collected in connection with service provision or events organized by us. Purpose and legal basis for processing personal data We only collect and process personal data, which is needed for conducting our business, establishing and managing our business relationships and for other relevant operational or commercial purposes, including the processing of personal data for anonymizing it. Your personal data is processed for the following purposes: 1. SALES AND CUSTOMER RELATIONSHIP MANAGEMENT We will process your personal data to sell our services and to manage customer relationship between us and you, or a company you represent, including entering into a customer relationship and for customer support, invoicing and contracts. In these cases, our processing is based on the contract between you, or a company you represent, and us, or our legitimate interests to manage our customer relationship and to serve you based on your choices. 2. ACQUIRING SERVICES, COLLABORATION AND BUSINESS RELATIONSHIP MANAGEMENT When acquiring services or in connection with collaboration projects, we may process your personal data to manage business relationship between us and you, or a company you represent, and related interactions, including managing invoicing, reporting and contracts. In these cases, our processing is based on the contract between you, or a company you represent, and us, or our legitimate interests to acquire services necessary for conducting our business and to collaborate with our selected partners as well as to manage associated business relationships. 3. SERVICE PROVISION In connection with service provision we may process your personal data for offering and delivering services to you or the company you are representing, as well as to manage our projects and field operations, including access rights management, customer assistance and support, service requests and fault repair, invoicing and reporting. In these cases, our processing is based on the contract between you, or a company you represent, and us, or our legitimate interests to manage our service provision, projects, deliveries and field operations appropriately. 4. COMMUNICATION, MARKETING AND RELATED ANALYTICS We may process personal data for marketing and informing you about services the companies in Accountor Software Business are offering or about them as a company. Such processing may also relate to producing material or content for marketing or social media campaigns. Your personal data may also be used for market research and customer surveys. In addition, personal data may be used for analytics in order to develop and improve customer or user experience, or our own or our partners operations. We may combine the data collected about you from publicly available sources, and from our different interactions with you. Processing of personal data is based on the contract between you, or a company you represent, and us, or our legitimate interest to have relevant information at hand to better understand our stakeholders, e.g. customers, and to promote our services and to develop our operations. You may object to the processing of your personal data for direct marketing at any time (please see General Privacy Statement section of “Your rights”). 5. SERVICE DEVELOPMENT, INFORMATION SECURITY AND REPORTING Your personal data is processed to ensure the quality and information security of our services. Further, we may process personal data for analyzing and developing our services and operations such as to create new features to our products, automate our operations, train artificial intelligence or to improve our processes as well as for statistical purposes e.g. for managing our business. In these cases, the processing is based on our legitimate interest to ensure that our services have an adequate level of information security and to provide our services effectively by utilizing available technologies as well as to assure competitiveness of our services and operations. 6. ENFORCEMENT OF OUR LEGAL RIGHTS AND COMPLIANCE WITH THE LAW We may also process your personal data for the purpose of investigating misconduct and for protecting, defending, or enforcing our rights in official procedures or disputes, such as for demonstrating compliance with our contractual obligations or responding to legal claims. In these situations, the processing is based on our legitimate interest being able to demonstrate compliance of our operations and protect our rights in an appropriate manner. Legislation regarding the prevention of money laundering and terrorist financing obliges us to identify our customers and to find out information about their business and the ownership of customer company, e.g., to identify politically exposed persons or persons subject to financial sanctions as well as actual beneficiaries of the customer company. We may process your personal data in order to fulfill also other statutory obligations such as to respond authorities’ (e.g. tax authority) requests based on the law. 7. OTHER PURPOSES YOU HAVE CONSENTED TO We may process your personal data also for one or more specific purposes, if you have consented to such processing. Marketing communication We send commercial e-mails that typically include tracking technologies (web beacons, cookies or similar) that allow us to know what you do with the message e.g., whether you open the message or click any links. When you click a link in a marketing e-mail you receive from us, we will also use a cookie to log what pages you view and what content you download from our Website. You may control the use of your personal data for direct marketing purposes. You can ask us to stop sending you marketing messages by following the opt-out links on any marketing message sent to you or by contacting us at the email address mentioned at the end of the General Privacy Statement at any time. In such case, we will retain minimum personal data to comply with your choice in order to avoid contacting you again. Please note that even though you opt-out of marketing, we may need to contact and communicate with you in connection with the other purposes your personal data is processed for, e.g. in connection with service delivery or due to price changes. Changes to Stakeholder Statement We may update this Stakeholder Statement at any time, if required in order to reflect the changes in our data processing practices. The last update was on May 20, 2024.