Aktia Developer Portal Privacy Statement

Effective as of March 11, 2019.

General Information

In this document, the information to be provided to the data subject as required by the EU General Data Protection Regulation (GDPR) is shown in exemplary lists, in a concise, intelligible and simple language. Please note that the content may change as the law, case law or practice change. In this document you will find up-to-date information on our practices. We will inform you of significant changes as required by law.

Controller and contact details

Aktia Bank plc
Mannerheimintie 14, 00100 Helsinki, Finland

Data Protection Officer and contact details

Data Protection Officer

[email protected]

Personal Data File

• Aktia Developer Portal User Database

Groups of data subjects

• Registered users of the service

The purposes of the processing of personal data

We may use the personal data for the following purposes:

• Account creation and provision of the service
• Communication through the service and information about updates and new functionalities
• Newsletters and marketing (marketing may be targeted)
• Informing about service breaks and special situations
• Statistics and service development

Legal basis for the processing of personal data

We may process personal data based on:

• The performance of a contract: providing the service according to the Terms of Use
• Legitimate interest: e.g. marketing and service development
• Consent: direct electronic marketing
• Compliance with legal obligations

Personal data sources

Personal data is collected from:

• The data subjects themselves.
• Behavior of the data subject in the service such as data logs in API requests

Types of personal data

Basic personal data

• First name
• Last name
• Developer organization

Contact information

• E-mail address

API request content

• Request content, such as header and body

Message content and other correspondence

• Any information the data subject may provide e.g. in e-mails

Statistical data

• Data logs for API usage

Recipients or categories of recipients of personal data

We may disclose personal information:

• Within the Aktia Group, within the legal limits.
• To the authorities when required by law.

We may use external suppliers to process information and personal data on behalf of us . In this case, we will make necessary agreements to ensure that the personal data is processed in accordance with applicable laws and this privacy statement.

Transfer of personal data

We may use suppliers in data processing, but no data will be transferred outside of the EU or EEA.

Data retention periods and criteria for determining the period

• Personal data may be retained as long as the user account is active.
• The data logs will be deleted after two years.
• However, we may retain personal data for a longer period of time if required by mandatory law.

Data subject's rights

The data subject has a legal right to access the personal data, the right to rectification, the right to erasure ("right to be forgotten"), the right to restrict and object to the processing and the right to data portability. Personal data can be removed by removing the user account in the developer portal or by the contact form in the developer portal as a logged in user: https://developer.aktia.fi/contact

The data subject shall have the right to withdraw his/her consent at any time without prejudice to the lawfulness of the processing carried out prior to the withdrawal of the consent if the processing is based on the consent of the data subject. The consent is withdrawn in the developer portal or by the contact form in the developer portal

All other requests not mentioned here must be submitted by the contact form in the developer portal as a logged in user

Lodging a complaint with the supervisory authority

Every data subject has the right to complain to the supervisory authority, in particular in the member state in which he has his habitual residence or place of work or where the alleged breach of the data protection regulation has occurred.

Cookies in Aktia Bank Plc

General

Here we inform of Aktia's principles on using cookies. Certain parts of our services and our online bank use cookies and by using our services you accept the use of cookies. You accept for instance that a chat cookie is saved to your device when you start using the chat application.

We administer the information collected with the help of cookies ourselves.

These principles apply to our following websites:

https://publish.aktia.fi, https://auth.aktia.fi, https://aktiawallet.fi, https://ebank.www.aktia.fi and https://www.aktia.com, https://developer.aktia.fi

You can read more about privacy protection at aktia.fi/privacy and and the terms and conditions for the website can be found at aktia.fi/terms.

I. What is a cookie?

A cookie is a small text or number file that the browser saves to the user's device. Cookies do not use or harm the user's device in any way, they do not install any programs to the user's device and they are not dangerous to the user's device in any other way either.

II. Can I be identified based on cookies?

A cookie does not tell us who visits our website, it only tells the browser. If you use several browsers, we can combine the browsers' information and direct marketing to you based on the browsers' activity and / or the way to browse. However, you are not identified.

If you identify yourself with your online banking codes, we identify you and can connect the browser's activity to you. This way we can show you as interesting information as possible and personalised marketing contents. We also get information on how effective our marketing is.

III. Why does Aktia use cookies

Cookies are a central part of the user experience. They can be necessary for the functionality of some services. For example, they make it technically possible to send chat messages and make it easier to use the services. Cookies are used for instance when we want to preserve the user's language choice when the user moves between web pages. With the help of cookies, we can also keep track of the functionality of our website.

IV. Can I influence the use of cookies?

Yes, you can. You can forbid the use of cookies either completely or partly and you can delete the cookies after a session so that the browser forgets the user. You can delete cookies from your device either before or after using the services. Please keep in mind that if you disable cookies in your browser, some parts of our services do not function properly, such as the chat function. The website's functions do not work as desired either. For instance, the language choice is forgotten. Depending on your browser (Safari, Chrome, Firefox etc.), there are different kinds of ways to manage cookies. You will find more information about your browser's configuration on the browser manufacturer's website. We are not responsible for the content on these websites.

V. Cookies used by Aktia

Aktia uses mainly two kinds of cookies – session cookies and persistent cookies. Session cookies are cookies that are only valid during one session.

Persistent cookies remain in your computer also after you have closed your session unless you delete them. The lifespan of a cookie varies by cookie from one session to several years. Session cookies are automatically deleted when you close the browser.

Cookies are used for different purposes. Necessary cookies support technical functions and are necessary to some functions, such as the online bank. Administration, performance and functionality cookies are used for analytics and to track the use of the website. Site experience cookies save for example the language you have chosen. There are also cookies that are used for marketing and that help us to provide you with personalised marketing in Aktia's and third parties' services. Personalised marketing with the help of cookies lets us recognize the products and services that are interesting to you.