Register description

16 January 2006

Customer register of the GSM-Maksu service

Register description in accordance with §10 of the Personal Data Act (523/1999).

Data controller:
INA Finland Oy
PO Box 43
33211 TAMPERE
FINLAND
Tel. +358 3 217 3111
Business ID: 1016212-6

1. Purpose of the processing of the personal data
The purpose of the register is to manage the customer relationship related to the GSM-Maksu service.

2. Name of the register
The register is called "GSM-Maksu -palvelun asiakasrekisteri".

3. Purpose of use of the register
The user's personal data is used for invoicing, maintenance, managing, development, analyis and statistics compilation of service-related customer relationships, as well as the production, provision and development of services.

4. Information within the register
The services use information of the following kinds:

• Contact information (the name and address of the person or company,date of birth of a private person)
• Invoicing and credit card information
• Business ID
• Information related to the customer relationship
• Saving the email communications related to customer service
• Permission information

Information about the user may be processed in internal registers of INA Finland Oy as allowed by the Personal Data Act.

5. Regular sources of information
Personal user data is gathered only in connection with registering for the service and using it, as well as in connection with customer service events.

6. Disclosing the information
INA Finland Oy may disclose personal information within the limitations and obligations of current legislation. INA Finland Oy will disclose personal data to credit institutions and financial institutions or other third parties if necessary in order to clarify payment transactions or formal complaints. Additionally, INA Finland Oy may disclose personal data to its partners related to the GSM-Maksu service.

Personal data may not be transferred to countries outside the European Union or the European Economic Area, unless strictly necessary for the technical execution of the service.

7. Protection of the register
The register is maintained in the data controller's premises with appropriate security and access control systems. Protection against abuse and obtrusion attempts is executed with several technical and application solutions of different levels.

Separate surveillance software is used for the surveillance of customer connections. All browser-based services use the SSL protocol for encryption. Customers are identified with individual online service user IDs and passwords.

8. Right of inspection
In accordance with §26 of the Personal Data Act, the users have the right to inspect their personal information in the register.

The inspection request must be sent in writing with a personal signature to:

INA Finland Oy
PO Box 43
33211 TAMPERE
FINLAND