Privacy Policy – Twinbase

TWINBASE PRIVACY POLICY

Last updated: 13 August 2025

1 PURPOSE

1.1 At Twinbase, we maintain a strong commitment to privacy. The importance of trust is recognized when our services are used and thus user privacy is given top priority, underscoring our technology and business decisions.

1.2 Twinbase Oy provides a cloud-based data integration service called TwinSync. The Service enables construction product manufacturers and suppliers to automatically synchronize standardized product data between their internal systems (such as PIM or ERP systems) and external systems used by partners, including public product databases.

TwinSync acts as a secure, configurable integration layer that allows customers to map, validate, and transfer data across system boundaries. It helps reduce manual work and ensures consistency and accuracy of product data across the construction value chain.

The Service may involve the processing of personal data, such as user account details, authentication credentials, and usage data, to enable secure access, service functionality, and monitoring. (“Services”).

1.3 We go to the best possible extent to protect our Customers’ and Users’ data and keep it private and secure. Data we may collect within the scope of our Service is with the purpose of providing best results and personalized experience and to improve our software.

1.4 This privacy policy applies to the collection, use, and disclosure of personal data for provision of the Services, marketing, sales, customer agreements, and when visiting our website.

2 DESCRIPTION OF THE CATEGORIES OF DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA

2.1 As the data controller, the main group of data subjects is the contact details and other information of our business partners.

2.2 We collect personal data through different means. The type of data collected depends on the data subject and varies by assignments. Collecting and processing may include, but is not limited, to the following:

(a) basic information, such as name, and contact details of our business partners;

(b) information relating to our relationship, such as services and order details, contract information, payment details, billing information;

(d) other data, which is based on your consent and defined in detail on a case by case basis.

2.3 We may collect and use for any purpose aggregated data, where individual person is not identified from e.g., statistical data collected in connection with the provision of services.

3 SERVICE ENHANCEMENTS

3.1 We may use the Personal Data collected from you to enhance our Service. This includes, but is not limited to, utilising this information to better understand user behaviour, needs, and preferences, to improve existing functionalities, to develop new features, and to provide a more personalized and effective user experience. Such use of Personal Data is based on our legitimate interest to understand our users and to innovate and improve our Service.

4 TWINBASE’S ROLE AS A DATA PROCESSOR

4.1 Twinbase develops and operates an interface where it allows users to model, visualize, and connect data from both physical and digital systems which can be used to offer information on broader construction industry databases. When using the Service, Customers and Users provide their respective personal data to Twinbase. As Twinbase is responsible for operating the software platform, this data is transmitted to Twinbase. The data collected includes but is not limited to service-related information, e.g. user IDs and authentication credentials.

5 MARKETING AND ANALYTICS

5.1 We act as an independent controller for processing necessary data to manage our software service.

5.2 We may market and inform you about Twinbase’s services. We may combine the data collected about you from publicly available sources, and from our different interactions with you. Processing of personal data is based on our legitimate interest to collect and analyse relevant information to better understand our Customers and Users and develop relevant services.

5.3 Based on your consent we may store and access information, including personal data, on your device in order to create personalized ads profile and deliver relevant content at the website (e.g. information and ads about Twinbase’s services) as well as to measure the effectiveness of the advertising. Respectively, your personal data may also be processed to develop and improve the Service.

6 PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

6.1 We process your personal data for the performance of an agreement to provide our services to you, improve our services, and comply with legal obligations or our processing is based on legitimate interest in providing quality services to our customers. The purposes for which we process personal data are:

(a) Marketing and Sales of services to contact regarding your interest in our services;

(b) Providing services to our Customers and Users and ensuring the functioning and maintenance of the software service;

(d) Managing, pursuing, and analysing customer relationship, including customer communication, user account management and processing payments;

(e) Improving our services;

(f) Improving and personalizing our services and to develop new services and providing notifications on new features, changes, and improvements;

(g) Customer Support, corresponding with Users, solving issues, and providing customer support; and

(h) Informing and interacting with you of new services, features, and content we may offer.

6.2 We may process your personal data also for specific purposes if you have consented to such processing.

7 DATA SHARING AND DISCLOSURES OF PERSONAL DATA

7.1 We may share your personal data with third-party service providers who assist us in providing our services.

7.2 We may disclose your personal data to comply with legal obligations or protect our legal interests.

8 TRANSFER OF PERSONAL DATA OUTSIDE OF THE EU OR EEA

8.1 The data we collect is processed by us within the European Union (EU)/European Economic Area (EEA) and in third party data processing facilities within the EU/EEA.

8.2 Some of our Service Providers, Customers or Users may have access or are located outside the EU/ EEA and their processing of your personal data will involve a transfer of data outside of EU/EEA.

8.3 We will take necessary steps to provide appropriate safeguards for international data transfers and to the extent necessary implement supplementary measures for protection of personal data as required by applicable laws. We will implement the standard contractual clauses and implement necessary technical, organisational, or contractual supplementary measures to ensure that personal data has the same protection as in EU/EEA in accordance with the GDPR.

9 RETENTION OF PERSONAL DATA

9.1 We will retain the personal data of our Customers and Users only for as long as necessary to provide services and as required by law. After that, we will securely dispose of your personal data.

9.2 Data retention time for Customer representatives is by default the duration of the business relationship with Twinbase and 6 months after this.

9.3 For the Users of the service, data retention period is by default the duration of the User’s relationship with the service and 6 months after this.

10 YOUR RIGHTS

10.1 You have certain rights regarding your personal data:

10.2 Right to Access: You have the right to access your personal data that we hold.

10.3 Right to Rectify Personal Data: You have the right to request that we correct any inaccurate or incomplete personal data that we hold.

10.4 The Right to Object to the Processing: You have the right to object to the processing of your personal data for certain purposes.

10.5 The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

10.6 The Right to Be Forgotten: You have the right to request that we erase your personal data under certain circumstances.

10.7 The Right to Restriction of the Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.

10.8 The Right to Give and Withdraw Your Consent: You have the right to give or withdraw your consent for the processing of your personal data.

11 DATA SECURITY

11.1 We take appropriate technical and organizational measures to protect your personal data from loss, destruction, unauthorized access, disclosure, or other misuse. These measures include physical, electronic, and procedural safeguards that comply with applicable legal requirements. We limit access to personal data to those authorized employees and service providers who need to know the information in the course of their duties. They will only process your personal data based on our instructions and are subject to a confidentiality obligation.

11.2 Personal Data is stored in an encrypted database on the servers of third-party cloud service providers. We make sure to adhere to best practices for persisting and encrypting data.

11.3 Although our good faith efforts to store your data in a secure operating environment that is not available to the public, please remember that unfortunately no data transmission or storage is 100% risk free. You provide your personal data at your own risk, and we cannot guarantee the absolute security of your data. In the unfortunate case of a security breach that endangers your privacy or data we will inform you as well as the relevant authorities, as required by law. We may also temporarily shut down services to protect the personal data.

12 CHANGES TO THE PRIVACY POLICY

12.1 We may update this privacy policy from time to time. We will notify any significant changes by posting a notice on our website or by sending an email. This Privacy Policy was last updated on 13 Aug 2025.

13 CONTACT US

13.1 If you have any questions or concerns about this privacy policy or our use of your personal data, please contact support@twinbase.io . The contact details of the company are:

(i) Twinbase Oy, (business ID: 3504505-7)

(ii) Address: Hietalahdenranta 19 B 19, 00180 Helsinki.