Combined register description and data protection file
Personal Data Act (523/1999) sections 10 and 24§
Date of drafting: February 20, 2018

1. Controller Robit Oyj
Vikkiniityntie 9, FI33880 Lempäälä
Phone: +358 3 3140 3400 (exchange)
Business ID: 0825627-0
Place of residence: Lempäälä
2. Contact person in file-related issues Violetta Hünninen
Vikkiniityntie 9, FI33880 Lempäälä
Phone: +358 45 20 20 252
3. Name of register Registrants to the Annual General Meeting of Robit Group to be held on March 28, 2018.
4. Purpose of the processing of personal data The personal data of shareholders and proxy representatives are processed for the purpose of collecting registrations for the Annual General Meeting of Robit Group to be held on March 28, 2018 and for the purpose of ascertaining a registrant’s identity and that he/she has the right to participate in the Annual General Meeting. Personal data are also processed for printing the list of participants, voting list and ballots and for arranging any voting. Additionally, the personal data may also be processed for other purposes related to arranging the Annual General Meeting.

A list of participants will be annexed to the minutes of the Annual General Meeting. The list
includes the names of the shareholders participated in the meeting, the names of possible proxy representatives and assistants, the amounts of shares and votes and the numbers of ballots. Additionally, a list of shareholders will be displayed in the Annual General Meeting including shareholders’ names, addresses and the amounts of shares and votes.

The company does not disclose the data given for direct marketing purposes.

5. Data content of register When a shareholder registers for the Annual General Meeting on the website or by phone,
Euroclear Finland Ltd takes care of the technical implementation of data collection. The connection from the user’s browser to the server of Euroclear Finland Ltd is encrypted with SSL technology.

The following data can be collected through registration: name, personal identity number, address, business identification code, telephone number, email address and book-entry account number, as well as the name of a possible assistant or proxy representative and the personal identification number of a proxy representative.

The book-entry account number is used solely in identification taking place in Euroclear Finland Ltd’s system and is not disclosed to the company. The company has the opportunity to get the voting particulars of a single shareholder in order to be able to ascertain the correctness of potential voting results.

6. Regular sources of information When registering for a general meeting, a shareholder gives information about himself/herself. The recipient of the information enters the shareholder’s data in the register maintained by Euroclear Finland Ltd. The data of the person registering is compared to the company’s shareholder register maintained by Euroclear Finland Ltd and the system picks out the ownership data of the person registering from the shareholder register. When giving proxy, the shareholder also inputs the required personal data with regard to the proxy representative.
7. Regular destinations of disclosed data and data transfers outside EU or European Economic Area No information is handed over.
8. Principles in accordance to which the data file has been secured A. Manual register
The data shall be stored in an area with restricted access.

B. Computer processed data
Euroclear Finland Ltd shall be responsible for the maintenance of the register. The connection from a user’s browser to the server of Euroclear Finland Ltd is encrypted with SSL technology. Only authorized people have access to the system by means of a username and password.

9. Right of inspection The shareholder shall have the right of access, after having supplied sufficient search criteria, to the data on him/her in the personal data file, or to a notice that the file contains no such data. The controller shall at the same time provide the data subject with information of the regular sources of data in the file, on the uses for the data in the file and the regular destinations of disclosed data.

The shareholder who wishes to have access to the data on himself/herself, as referred to above shall make a request to this effect to the controller by a personally signed or otherwise comparably verified document or the request needs to be done personally at the controller’s principal place of business.

Requests for the right of access: Violetta Hünninen (please see the contact information above).

10. Rectification The controller shall, on his/her own initiative or at the request of the registered shareholder,
without undue delay rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.

The controller shall also prevent the dissemination of such data, if this could compromise the protection of the privacy of the shareholder or his/her rights. If the controller refuses the request of the shareholder to rectify an error, a written certificate to this effect shall be issued. The certificate shall also mention the reasons for the refusal. In this event, the shareholder may bring the matter to the attention of the Data Protection Ombudsman.

The controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Requests for the right of access: Violetta Hünninen (please see the contact information above).