1.Controller and Contact Information

Registrar:

CareBox Oy (Business ID: 2661762-3)

Mailing Address: Seutulantie 3-5 as 4, 04410 Järvenpää, Finland

Email: ramesh.rumba@carebox.fi

Phone: +358406581779

Data Protection Officer:

Ramesh Rumba

Email: ramesh.rumba@carebox.fi

2. Collection of Personal Data

We collect personal data through various methods. Primarily, we process data that:

• Customers or data subjects provide to us directly;

• Is generated through the use of our services or visits to our website;

• Is obtained from public sources and databases, such as the Patent and Register Board, Legal Register Centre, Population Information System, Company and Community Information System, credit registers, and contact information services.

While providing personal data is not mandatory, it is required to access our services.

Types of data we may collect include:

• Identification and Contact Information: Name, personal ID or birth date, title, email address, address, phone number, and bank details.

• Customer Relationship Information: Service usage details, payment and billing information, and records of customer interactions.

• Website Usage Data: Information collected via website technologies, including device identifiers, type, operating system, and app settings.

• Additional Data: Other data types based on specific consents.

3. Purpose and Legal Basis for Processing Personal Data

Our collection and processing of personal data are limited to business operations, customer relationship management, and legitimate commercial purposes. We process data for:

• Service Provision and Customer Relationship Management: This includes customer identification, contract management, communication, service reporting, and user authentication. Processing is based on the contract between us and the customer.

• Marketing: We may use personal data for marketing our services, based on our legitimate interest. You have the right to object to direct marketing as outlined in Section 8.

• Service Development, Security, and Internal Reporting: We may use personal data to ensure data security, enhance our services and website, and improve business processes. This processing is based on our legitimate interest.

• Compliance with Legal Obligations: We may process personal data to meet regulatory obligations, such as accounting and legal disclosures required by authorities.

4. Disclosure of Personal Data

We may disclose personal data to third parties under the following conditions:

• To fulfill legal requirements, such as responding to requests from competent authorities or legal proceedings;

• When our partners or subcontractors process personal data on our behalf, in accordance with our instructions and privacy standards;

• If involved in a corporate merger, business transaction, or sale of business assets;

• If deemed necessary to protect our rights, investigate potential misconduct, or respond to a public authority request;

• With the data subject’s consent.

5. Transfer of Personal Data Outside the EU or EEA

We do not transfer personal data outside the European Union or the European Economic Area.

6. Use of Cookies

Our website, www.carebox.fi, utilizes cookies and similar technologies to gather data for functionality and analytics. Cookies help us improve website usability and user experience. You may manage cookies through your browser settings, but this could affect website functionality.

For more details, see our Cookie Notice.

7. Retention of Personal Data

Personal data is retained only as long as necessary for the purpose it was collected. Data is stored for the duration of the customer relationship and may be retained longer if required by law, for instance, to manage claims in line with statutory limitation periods. Personal data is deleted when no longer needed for legal or contractual purposes, but no later than ten years after the end of the customer relationship.

8. Rights of the Data Subject

Data subjects have the right to:

• Inspect their personal data and request correction, updating, or deletion;

• Object to or restrict data processing as per applicable law;

• Transfer data between systems, in certain cases;

• Withdraw consent if processing is based on consent, subject to legal exceptions.

If you have concerns regarding our data processing, you may contact our Data Protection Officer. Contact details are also available on the Finnish Data Protection Authority’s website: tietosuoja.fi/yhteystiedot.

9. Information Security

We employ appropriate safeguards, including physical, digital, and administrative measures, to protect personal data from unauthorized access, loss, misuse, and disclosure.

10. Changes to this Policy

We reserve the right to amend this policy. Updates will be published on our website, where the latest version will always be available.