Livion Oy ("Livion") supports compliance with the EU Data Act by providing a practical process for requesting access to in-scope data where the EU Data Act applies.

This statement is provided for information purposes only.

It does not modify Livion's Sales and Service Agreements, applicable terms of use, data protection terms, or privacy policy.

In case of conflict, those agreements and mandatory law prevail.

This statement applies to LivionKey offerings that may generate or process usage or operational data in the course of normal use, including:

The specific obligations that apply depend on the contractual setup, the deployment model, and whether the relevant product or service falls within the EU Data Act's scope.

• LivionKey cloud software and related services (where applicable)

• Livion key management devices (where applicable)

• Related APIs and integrations (where applicable)

Depending on the deployment, Livion may act as:

• A data holder under the EU Data Act (where applicable), and or

• A data processor in relation to a customer that is the data controller (as defined in the EU General Data Protection Regulation), as described in Livion's contractual terms.

This statement does not replace Livion's Sales and Service Agreements, applicable terms of use, data protection terms, or privacy policy. Where personal data is involved, GDPR and other applicable laws continue to apply.

Depending on the product, configuration, and deployment, data that may be relevant under the EU Data Act can include:

• Operational and diagnostic events (for example device and service status)

• Usage and event logs related to system actions and key handovers

• Configuration metadata related to the customer environment

• API activity related to the customer organization

This statement does not require Livion to disclose information that would compromise security, confidentiality, or legally protected interests. Where appropriate, Livion may apply proportionate measures such as minimization or redaction to protect security and confidential information.

Where the EU Data Act applies and where applicable, Livion supports access to relevant in-scope data through a simple request process and provides the data by electronic means in a commonly used, machine-readable format (for example CSV and or JSON), using existing product functionality where available and or via support-assisted export.

This statement does not require Livion to build custom integrations, custom reporting, or new interfaces.

Where applicable, and upon written instruction from an authorized customer administrator, Livion can support making relevant in-scope data available to a third party designated by the customer, subject to:

• Verification of authority and identity

• Security controls and access restrictions

• Applicable legal requirements

• Confidentiality and security requirements

Livion applies technical and organizational measures to protect the confidentiality, integrity, and availability of customer data and the service. Livion may restrict or decline a request where fulfilling it would create a material security risk or conflict with applicable law or legitimate protection needs.

To request access to data under the EU Data Act, submit a request via Livion Support (or your designated Livion contact) and include:

• Customer organization name and contract reference (or other proof of entitlement)

• The relevant system and/or device identifier(s)

• Requested time range and data categories

• Preferred delivery method (if options exist)

• If applicable, third-party recipient details and the purpose of sharing

Livion will verify that the requester is authorized (for example an organization admin) before fulfilling the request.

Livion supports data access using standard methods and reasonable effort. If a request requires material additional work, Livion may propose a paid scope and timeline in accordance with applicable agreements.

Livion may use and publish aggregated, statistical, and anonymized information derived from customer usage where individuals cannot be identified, as described in Livion's contractual terms.

Livion may update this statement to reflect changes in product functionality, guidance, or legal requirements. The current version is published on Livion's support pages.