Privacy Policy

REVISED AND ADOPTED 11-02-2022

1 GENERAL

1.1 This privacy policy (”Privacy Policy”), describes how Egetis Therapeutics AB (publ), registration number 556706-6724, Klara Norra Kyrkogata 26, SE-111 22 Stockholm, Sweden (“Egetis”), collects, uses, discloses, stores and otherwise process personal data.

1.2 We respect your right to privacy, and we are committed to comply with applicable data protection rules and to safeguard your rights. We want to make sure that you are aware of what types of information we collect or obtain from you via the website or during your communication or interaction with us, how this information is used and how we work to protect it.

1.3 This Privacy Policy describes, amongst other things, which information we collect about you, how your personal data is processed and for what purposes we collect and use the personal data. This Privacy Policy also describes your rights and how you can contact us about the use of your personal data.

1.4 Egetis is the data controller responsible for processing your personal data in accordance with applicable data protection legislation.

2 WHAT TYPES OF DATA DO WE PROCESS?

2.1 Personal data means all types of information which can, directly or indirectly, be used to identify a living physical person (“Personal Data”).

2.2 Egetis collects and processes Personal Data in the form of your e-mail address when you sign up for our newsletter.

2.3 Egetis further collects information that is necessary for us to be able to contact you in your role as a representative for a company. Egetis collects and processes information about you if you represent a company that is a customer, supplier, contractor or otherwise partner of ours, as well as a potential customer, supplier, contractor or otherwise partner of ours. The information that we collect and process in such cases include contact information (such as name, address, work title, what company you work for, email address and telephone number).

2.4 Egetis also collects Personal Data in connection with recruiting staff members. When you contact us to apply for a job opportunity with us, we collect such Personal Data that you provide us with in connection with such application. Personal Data normally included in a job application is contact information (name, address, email address and telephone number), CV (including previous work experience and education), and occasionally picture and personal registration number.

2.5 Furthermore, Egetis collects and processes Personal Data about you when you choose to participate in a study conducted by Egetis. Personal Data that Egetis collects and processes in such cases include name, age, sex and health information.

3 WHY DO WE PROCESS YOUR DATA?

3.1 Egetis collects and process Personal Data relating to you for the following reasons:

(i) to send newsletters that you have requested and to respond to communications you have sent us;
(ii) to contact you as a representative for a customer, supplier, contractor or otherwise partner of ours;
(iii) to market ourselves and our services and invite you to events we believe might be of interest to you or the company that you represent (provided however, that you will always have the right to opt-out of any marketing messages from us);
(iv) to develop and improve our services;
(v) to process job applications;
(vi) to conduct clinical studies (only with your prior consent); and
(vii) to fulfil requirements by law.

4.1 Egetis processing of your Personal Data is based on the legal grounds as follows.

Legitimate interests

4.2 The legitimate interest of Egetis also constitute the legal basis for processing in situations where you provide us with your contact information by handing us a business card or otherwise has expressed an interest in our products or services. The legitimate interests of Egetis in such cases are for Egetis to be able to market its products and services. Furthermore, the legitimate interest of Egetis is the legal basis for when Egetis is processing your personal data when you are a representative for a customer, supplier, contractor or otherwise partner of ours. The legitimate interests of Egetis in such cases are Egetis need to contact you as a representative to administer the relationship Egetis has with the company that you represent. Furthermore, the legitimate interest of Egetis is the legal basis for Egetis processing of your Personal Data in connection with your job application, in which cases the legitimate interests of Egetis are to be able to secure that its employees has sufficient education and experience. Additionally, the legitimate interest of Egetis is the legal basis for Egetis processing of your Personal Data in connection with Egetis sending out its newsletters. The legitimate interests of Egetis in such cases are for Egetis to be able to market itself and its services.

Consent

4.3 Egetis processing of your Personal Data is based on your consent where you have chosen to participate in a clinical study. You can at any time withdraw your consent to such processing by contacting us. For contact details see section 10 below.

Legal obligation

4.4 Egetis may process your Personal Data for the purpose of complying with safety standards and other statutory requirements, based on the legal ground that this is necessary for compliance with a legal obligation to which Egetis is subject.

5 FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

5.1 Your Personal Data is stored only for as long as there is a need to keep the data in order to fulfil the purposes for which the data was collected in accordance with this Privacy Policy.

5.2 The Personal Data will be deleted if the purpose of collection and use of Personal Data has been achieved, or if you withdraw your consent (if applicable) to the processing of Personal Data by contacting us (for contact information, please see Section 10 below). Personal Data received in connection with a job application for an applicant that is not hired will be stored for no longer than one year after the date of the application.

6 HOW MAY THE DATA BE SHARED?

6.1 Egetis will not sell, trade or lease your Personal Data to third parties. However, Egetis may share Personal Data with our trusted subcontractors and cooperation partners in order to provide you with our services. They may need access to your Personal Data in their assignment for us, but they will not be allowed to use the Personal Data for any other purpose.

6.2 Unless otherwise set forth below or in any specific information regarding our processing of your Personal Data, Egetis will not transfer your Personal Data to any country outside the EU/EEA.

6.3 Personal Data that Egetis collect may be transferred to Internet service providers based outside of EU/EEA as a part of such Internet service provider’s provision of services to Egetis. Personal Data will also be transferred to USA through Egetis use of Office 365 (Microsoft) and Google Analytics. Egetis has ensured that your rights are guaranteed before making such transfer to USA by Microsoft’s and Google’s adherence to EU-US Privacy Shield. More information is available at www.privacyshield.gov

6.4 Personal Data may be disclosed by Egetis to comply with legal requirements or other requirements from official authorities, in order to safeguard Egetis legal interests or to detect, prevent, or draw attention to frauds or other safety or technical problems.

7 PROTECTION OF YOUR PERSONAL DATA

7.1 You should always feel secure when you provide your Personal Data to us. We have employed a wide range of security measures to help protect your Personal Data against undue access, modification and deletion.

7.2 We protect your Personal Data using commercially reasonable safeguards to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include data encryption, firewalls, automatic timeouts and one-time access links that expire within hours. Therefore, you can rest assure that your Personal Data is in safe hands.

8 YOUR RIGHTS

Corrections, additions

8.1 You are always entitled to access your Personal Data for viewing, and to request that we correct or update your Personal Data.

Restriction of use and data portability

8.2 Under certain circumstances (expressed in applicable data protection legislation), you may request that Egetis restricts the use of your Personal Data or delete your Personal Data. If you have provided us with Personal Data, you also have the right to have your Personal Data resubmitted to you, in a structured and accessible format, for transfer to another user/processor.

Requests and Complaints

8.3 If you wish to exercise any of the abovementioned rights or if you have any questions regarding Personal Data held by us or this online Privacy Policy, please do not hesitate to contact us (for contact information, please see section 9 below). 8.4 Should you be dissatisfied with our processing of your Personal Data, please let us know, and we will do our best to meet your complaints. Your integrity is very important to us, and we always strive to protect and secure your Personal Data in the best possible way. Should we nevertheless, in your opinion, fail in this ambition, please note that you are also entitled to lodge a complaint with the Integrity Protection Authority Sw. Integritetsskyddsmyndigheten (IMY) former Swedish Data Protection Authority (Sw. Datainspektionen), or such other authority as may be determined in the future.

9 CHANGES TO THIS PRIVACY POLICY

Egetis may, at any time, make amendments to this Privacy Policy. Egetis will publish the amended version at our website. If the amendments are substantial, Egetis will send the amended Privacy Policy to your email, and if Egetis does not have your email, Egetis will send it to you by other means (if possible).

10 HOW TO CONTACT US

You can contact us at: Egetis Therapeutics AB (publ), Klara Norra Kyrkogata 26, SE-111 22 Stockholm, or at our email: info@egetis.com.