We care about your privacy

RE:SOLVR Privacy Policy

Introduction
In this Privacy Policy, we describe how we handle and protect your personal information. The
Privacy Policy covers our handling of personal data when using our websites and digital channels,
communicating with us, and using the services and products referred to in this policy.
The Privacy Policy does not cover the processing of personal data that we carry out on behalf of our
customers as a so-called data processor.
By personal data, we mean information that can directly or indirectly identify you, such as your
name or the IP address used by your device.
It is important to us that you feel confident in how we handle your personal data. We take measures
to ensure that your personal data is protected, and that processing is carried out in accordance with
applicable rules and laws, as well as our internal guidelines and procedures.

Who is covered by this privacy policy?
This privacy policy covers:
- Users of our websites and digital channels, as well as our products and services that refer to this
policy.
- Contact persons at a customer, potential customer, supplier, or collaborator of a company within
the RE:SOLVR group.
- External individuals who have contact or communicate in any other way with companies within
the RE:SOLVR group.
- Relatives of our employees.

Who is responsible for the processing of personal data?
Each company is responsible for its handling of your personal data.
Each company covered by this privacy policy should be regarded as the Data Controller, as a
starting point, for its own use of your personal data. The companies within the RE:SOLVR group
that are covered by this privacy policy and their contact details can be found below.
For certain use of your personal data, the relevant companies share joint responsibility. Therefore,
these companies within the RE:SOLVR group are jointly responsible (joint Data Controllers) for
certain use of your personal data. To make it clear to you when the relevant companies are jointly
responsible for the use of your personal data, we have indicated it in relation to each purpose for
which your personal data is used, as described under the section "Why do we process your personal
data?" If we have not indicated any specific responsibility, each company covered by this privacy
policy is responsible for the use of your personal data for the specific purpose.
At the bottom of the privacy policy, under the section "Companies within the RE:SOLVR group
jointly responsible for the use of your personal data," we specify which companies are jointly
responsible for the use of your personal data, if applicable.
The companies within the RE:SOLVR group have entered into a joint arrangement to allocate
responsibility among the companies and to ensure the protection of your personal data regarding
the use of your personal data for which the companies are jointly responsible. You have the right to
access the essential content of the arrangement. In such a case, contact the data protection officer
at RE:SOLVR AB.
RE:SOLVR AB is also the common contact point for the companies concerned. If you have
questions about the use of personal data for which companies within the RE:SOLVR group are
jointly responsible, please contact RE:SOLVR AB. Contact information can be found below.

What personal data do we collect?
We only collect the personal data that we need. The personal data we collect about you depends
on how you interact with us.
We collect and process the following categories of personal data:
- Identity information: Information that enables us to identify you, such as your name.
- Contact information: Information that enables us to contact you, such as address, email address,
and phone number.
- Profile information: Information related to your profile, such as your job title, the name and
address of the company or organization you belong to, and, for relatives, information about the
relationship to our employee.
- User-generated information: Information about your activity and use of our websites, digital
channels, products, and services, such as your clicks and
other interactions, IP address, and information collected through cookies and similar technologies.
- Communication information: Information you provide when you communicate with us, such as
your inquiries, requests, or feedback.
- Transaction information: Information about your purchases, orders, and other transactions with
us.
- Technical information: Information about your device and internet connection, such as device
type, operating system, browser, and network information.
- Marketing information: Information about your preferences regarding marketing and
communication, such as your consent or choices regarding direct marketing.
- Other information: Any other information you provide to us or that we collect and process for the
purposes described in this privacy policy.

Why do we process your personal data?
We process your personal data for various purposes, as described below. For each purpose, we
specify which legal basis we rely on for the processing. The legal basis depends on the purpose and
the relevant companies within the RE:SOLVR group that are responsible for the processing.
1. To fulfill our obligations under a contract with you or to take steps at your request before
entering into a contract (Article 6(1)(b) GDPR)
We process your personal data to fulfill our obligations under a contract with you or to take steps at
your request before entering into a contract. The processing is necessary to:
- Manage your registration and provide you with access to our websites, digital channels, products,
and services.
- Handle your inquiries, requests, or orders and provide you with information and support related to
our products and services.
- Administer and deliver our products and services.
- Communicate with you regarding our products, services, and customer relationship.
2. For the purposes of our legitimate interests, except where such interests are overridden by your
interests, rights, and freedoms (Article 6(1)(f) GDPR)
We process your personal data for our legitimate interests, except where such interests are
overridden by your interests, rights, and freedoms. Our legitimate interests include:
- Developing and improving our websites, digital channels, products, and services, as well as our
internal processes and systems.
- Analyzing and evaluating the use of our websites, digital channels, products, and services to
improve their functionality, user experience, and performance.
- Preventing and investigating potential fraud, abuse, unauthorized access, and other illegal
activities.
- Ensuring the security and integrity of our IT systems, websites, digital channels, and other
infrastructure.
- Defending, exercising, or establishing legal claims.
3. To comply with a legal obligation (Article 6(1)(c) GDPR)
We process your personal data to comply with a legal obligation. The processing is necessary to:
- Comply with applicable laws, regulations, and other legal requirements.
- Prevent, detect, and investigate suspected breaches of applicable laws, regulations, and other
legal requirements.
- Cooperate with authorities, regulators, and other government bodies.
4. Based on your consent (Article 6(1)(a) GDPR)
We process your personal data based on your consent. You may withdraw your consent at any
time. The processing based on your consent is necessary for:
- Sending you marketing communications, such as newsletters, promotions, and other marketing
materials, as well as invitations to events and other activities.
Please note that withdrawing your consent does not affect the lawfulness of the processing based
on consent before its withdrawal.
5. Based on compliance with a legal obligation applicable to us (Article 6(1)(c) GDPR)
We process your personal data to comply with a legal obligation applicable to us. The processing is
necessary for:
- Ensuring compliance with applicable laws, regulations, and other legal requirements.
- Preventing, detecting, and investigating suspected breaches of applicable laws, regulations, and
other legal requirements.
6. Based on the performance of a task carried out in the public
interest or in the exercise of official authority vested in us (Article 6(1)(e) GDPR)
We process your personal data based on the performance of a task carried out in the public interest
or in the exercise of official authority vested in us. The processing is necessary for:
- Compliance with legal obligations that are in the public interest or in the exercise of official
authority vested in us.

With whom do we share your personal data?
We may share your personal data with the following categories of recipients:
- Companies within the RE:SOLVR group: We may share your personal data with other companies
within the RE:SOLVR group for the purposes described in this privacy policy. The companies within
the RE:SOLVR group that are jointly responsible for certain use of your personal data are specified
at the end of this privacy policy, under the section "Companies within the RE:SOLVR group jointly
responsible for the use of your personal data."
- Service providers and business partners: We may engage service providers and business partners
to perform services on our behalf or to collaborate with us. These may include, for example, IT
service providers, marketing agencies, payment service providers, shipping companies, and
logistics partners. These service providers and business partners may process personal data on our
behalf and in accordance with our instructions.
- Authorities and regulators: We may disclose your personal data to authorities and regulators to
comply with applicable laws, regulations, and other legal requirements, as well as to cooperate with
investigations and legal proceedings.
- Other third parties: We may also share your personal data with other third parties, such as
potential buyers or investors in the event of a merger, acquisition, or sale of assets, as well as with
other parties as required or permitted by law.
We take reasonable measures to ensure that the recipients of your personal data are bound by
appropriate confidentiality and security obligations and only process your personal data for the
purposes specified in this privacy policy.

How do we protect your personal data?
We take the security of your personal data seriously and implement appropriate technical and
organizational measures to protect your personal data against unauthorized access, disclosure,
alteration, or destruction. These measures are designed to ensure the security, integrity, and
confidentiality of your personal data, taking into account the state of the art, the costs of
implementation, and the nature, scope, context, and purposes of the processing, as well as the risk
of varying likelihood and severity for your rights and freedoms.
However, please note that no transmission or storage system is completely secure, and we cannot
guarantee the absolute security of your personal data. If you have reason to believe that your
interaction with us is no longer secure, please contact us immediately.

For how long do we retain your personal data?
We retain your personal data for as long as necessary to fulfill the purposes for which it was
collected and processed unless a longer retention period is required or permitted by law. The
retention period may vary depending on the type of personal data and the purposes of processing.
To determine the appropriate retention period for your personal data, we consider the amount,
nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or
disclosure of your personal data, the purposes for which we process your personal data, and
whether we can achieve those purposes through other means, as well as applicable legal
requirements.
Once the retention period expires, we will securely delete or anonymize your personal data, unless
we are legally required or permitted to retain it for a longer period.

Your rights regarding your personal data
Subject to certain legal exceptions and limitations, you have the following rights regarding your
personal data:
- Right to access: You have the right to request access to your personal data and receive
information about our processing of your personal data.
- Right to rectification: You have the right to request the correction of your personal data if it is
inaccurate or incomplete
- Right to erasure: You have the right to request the erasure of your personal data under certain
circumstances, such as when the personal data is no longer necessary for the purposes for which it
was collected, and there is no other legal ground for processing.
- Right to restriction of processing: You have the right to request the restriction of the processing of
your personal data under certain circumstances, such as when you contest the accuracy of the
personal data or when the processing is unlawful.
- Right to data portability: You have the right to receive your personal data in a structured,
commonly used, and machine-readable format and have the right to transmit those data to
another data controller, where technically feasible.
- Right to object: You have the right to object to the processing of your personal data under certain
circumstances, such as when the processing is based on our legitimate interests or for direct
marketing purposes.
- Right to withdraw consent: If we process your personal data based on your consent, you have the
right to withdraw your consent at any time. The withdrawal of consent does not affect the
lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint: If you believe that we have infringed your rights or violated applicable
data protection laws, you have the right to lodge a complaint with a supervisory authority.
To exercise your rights, please contact us using the contact information provided at the end of this
privacy policy.

Changes to this privacy policy
We may update this privacy policy from time to time to reflect changes in our practices or legal
requirements. We will provide notice of any significant changes by posting the updated privacy
policy on our websites or by other appropriate means.

Contact us
If you have any questions, concerns, or requests regarding this privacy policy or our handling of
your personal data, please contact us using the contact details found on resolvr.se