Regin Privacy Policy

Processing of your personal data

The personal data that Regin will process, for what purposes, and on what legal basis varies depending on whether you are a:

• website visitor;
• customer;
• candidate (job applicant);
• supplier; or
• other party who has come into contact with us (e.g., consented to receive newsletters or other types of marketing, participates in meetings or other events organized by us, etc.).

Website visitor

What personal data is processed by Regin Controls?

• IP address;
• device settings (e.g., type of device and browser, operating system, time zone);
• contact details by filling out and submitting the contact form available on our website; and
• information generated by activated cookies in accordance with our cookie policy Cookie policy Regin EN 250610.

Where does Regin Controls obtain the personal data from?

From you in connection with your visit to our website or use of certain features on the website.

For what purposes and on what legal basis does Regin Controls process the personal data?

Regin Controls has a legitimate interest in processing your IP address and device settings to the extent necessary to provide our website and ensure the network and information security of our services.

We may also process personal data depending on which cookies you have activated on the website. Except for strictly necessary cookies, the information collected through our use of cookies will be based on your consent. For further information about our use of cookies, please see Cookie policy Regin EN 250610.

How long is the personal data stored?

How long Regin Controls stores your personal data will primarily depend on your chosen cookie settings and the type of cookie in relation to the personal data collected, and otherwise as long as you have not closed our website.

For further information about the retention periods Regin Controls applies regarding different types of cookies, please see our Cookie policy Regin EN 250610.

Customer

What personal data is processed by Regin Controls?

• first and last name;
• contact details (address, email, phone number, etc.);
• personal identification number (if you are a sole trader);
• username and password (if you register a customer account with Regin Controls);
• purchase and order history, and order management;
• complaints and warranty matters;
• marketing preferences (e.g., newsletters);
• information regarding credit checks (if you choose payment by invoice);
• bank and transaction details related to purchases and/or complaints (e.g., payment options, credit card information, invoices, etc.); and
• other information you provide in connection with contacting us (e.g., via customer service).

If you participate in a conference or similar event where Regin is either the host or co-sponsor and provided that you have given your explicit consent, we may process information about your food allergies for your safety. This information is considered sensitive health data and will be deleted immediately after the event has ended.

Where does Regin Controls obtain the personal data from?

From you directly in connection with your purchase of our services or products, or when you contact our customer service. Regin Controls may also obtain information via a third party when we perform credit checks.

For what purposes and on what legal basis does Regin Controls process the personal data?

Regin Controls processes the personal data to provide our services or products, facilitate customer service, manage billing, marketing, sales and performance analysis, and fulfill obligations regarding accounting and tax reporting.

The personal data is mainly processed to fulfill our agreement with you or because we are required by law. In some cases, we may rely on other legal grounds such as our legitimate interest in improving our customer service and your consent to market similar services or products offered by us.

Personal data used for sales and performance analysis of our business will be aggregated and anonymized.

How long is the personal data stored?

Information related to claims will be stored for up to ten (10) years. To the extent the information is only necessary for our accounting and/or tax reporting, the information will be stored for up to seven (7) years.

Agreements you have entered into with us will be stored at least during the period you are a customer, and for a period thereafter necessary to fulfill obligations under the agreement or to fulfill our legal obligations.

Candidate

What personal data is processed by AB Regin?

• Contact details (address, phone number, and email);
• Identity verification and permits (first and last name, personal identification number or coordination number, gender, and if applicable: passport, ID card, personal photo, licenses, residence and work permits);
• Qualifications (CV, work experience, language skills, personal letter, grades, diplomas, certificates, extracts from universities or other higher education, and information provided by references);
• Information about the position (to the extent relevant: salary requirements, workplace, and preferences regarding position);
• Interview and tests (notes from job interviews or meetings, test results, and personal assessments); and, if applicable,
• Background checks (information obtained from public records and sources, credit checks, criminal records, and/or other security checks).

Where does AB Regin obtain the personal data from?

AB Regin collects the above-mentioned personal data from the following sources:

• from you directly in connection with your job application and other application documents, or by participating in job interviews, meetings, or tests;
• references you have provided;
• consultants involved in the recruitment;
• third parties in connection with your application or filling out a form via a provider such as LinkedIn; and
• public sources and registers, as well as service providers who perform background checks on our behalf.

For what purposes and on what legal basis does AB Regin process the personal data?

AB Regin processes the personal data to conduct and manage the recruitment process.

Personal data regarding contact details, qualifications, information about the position, and interviews and tests are processed based on our legitimate interest in ensuring an efficient and accurate recruitment process.

Personal data regarding identity verification and permits are processed due to our legal obligations.

Personal data regarding background checks are processed due to our legal obligations if it concerns security checks, or otherwise based on our legitimate interest in ensuring the person's suitability if it is of crucial importance for the position.

If you have given your consent, we will also process the personal data for future internal recruitment processes.

How long is the personal data stored?

The personal data will be stored for two (2) years after the recruitment process has ended.

If you have given your consent for us to process your personal data for future internal recruitment processes, AB Regin will store the data until you have withdrawn your consent, or at an earlier time at our initiative.

For candidates who accept an offered position, the personal data, to the extent the information is still relevant, will be included in the personnel file and stored by AB Regin during the employment period. After your employment has ended, the personal data will be stored for a period that follows applicable law in accordance with our internal policies.

Supplier

What personal data is processed by Regin?

If you represent a supplier or act as a sole trader, Regin will process the following personal data about you:

• first and last name;
• contact details related to your work (email address, phone number, etc.);
• information about your workplace (e.g., name of your employer, department, title, etc.);
• personal identification number (if sole trader); and
• personal data that may appear in invoices (e.g., specified reference persons).

Where does Regin obtain the personal data from?

From you directly or your employer in connection with Regin purchasing or using your services or products. Regin may also collect information from public sources and registers.

For what purposes and on what legal basis does Regin process the personal data?

Personal data is processed to complete the order of a paid service or product, and to fulfill the obligations arising from the agreement with the supplier you represent.

The processing is mainly carried out to fulfill the agreement with the supplier or due to legal obligations. In some cases, personal data may be processed for our legitimate interest in managing and improving our services and products.

How long is the personal data stored?

Information related to claims will be stored for up to ten (10) years. To the extent the information is only necessary for our accounting and/or tax reporting, the information will be stored for up to seven (7) years.

Agreements entered into with the supplier (and which may contain personal data about you) will be stored at least during the period the business relationship applies, and for a period thereafter necessary to fulfill obligations under the agreement or to fulfill our legal obligations.

Other information such as your contact details will be stored as long as Regin has a business relationship with the supplier or up to one (1) year after the business relationship has ended.

Others

What personal data is processed by Regin?

In marketing, Regin may process the following information about you:

• first and last name; and
• contact details (address, email, phone number, etc.).

If you participate in a meeting or other event organized by us, Regin will process the following information about you:

• first and last name;
• contact details (address, email, phone number, etc.); and if relevant,
• food preferences and allergies.

Where does Regin obtain the personal data from?

From you directly in connection with you:

• giving your consent to receive marketing from us (primarily applies to marketing via email or SMS); or
• participating in a meeting or other event organized by us.

For what purposes and on what legal basis does Regin process the personal data?

Personal data used for marketing purposes will generally be processed based on your consent. Regin, however, has a legitimate interest in marketing our similar products or services to customers via email. You always have the right to decline future marketing in such cases.

Personal data used in connection with your participation in a meeting or other event organized by us will be processed based on our legitimate interest in ensuring that the event is handled correctly.

Information related to food allergies will only be processed if Regin has your explicit consent.

How long is the personal data stored?

Personal data used for marketing purposes will be stored until you withdraw your consent, or at an earlier time at our initiative.

Personal data used in connection with your participation in a meeting or other event organized by us will be stored until the event is concluded.

Does Regin share your personal data with others?

Your personal data may be shared with our group companies, suppliers, or other third parties you come into contact with or who are involved in our business operations.

Group companies

Regin will in some cases share your personal data with our group companies, for example for our corporate management, administration, shared services, forecasts, and other IT functions. Your personal data will never be shared with other companies within the group unless it is in accordance with applicable data protection legislation and according to the purposes stated in this privacy policy.

Access to personal data within the group is only granted if it is necessary based on a person's job duties.

Service providers

Regin engages third-party providers who provide services including billing management, storage of personal data, and IT services (such as managing our website, sending newsletters and invitations, etc.). When providing the services, your personal data, where applicable, will be processed by the service provider on our behalf.

Regin has written agreements with all our providers in accordance with applicable data protection legislation to protect your personal data.

Disclosure of data to third parties

Under certain circumstances, Regin shares, or is required to share, your personal data with authorities or legal representatives. For example, in the event of suspected criminal activity, or if required by law.

Personal data may also be shared with third parties involved in a merger or acquisition of our business (or parts thereof).

Does Regin transfer personal data to countries outside the EEA?

Regin will not transfer your personal data to a country outside the EU/EEA without appropriate safeguards regarding the protection of your personal privacy, your fundamental rights and freedoms, and the exercise of your rights. Regin ensures that your privacy is protected by an adequate level of data protection through, for example, standard contractual clauses based on the European Commission's decision 2021/914 of June 4, 2021, or decisions that replace this. If you want more information about the safeguards that have been taken, please contact us (see under "Questions and concerns").

Your rights and how you can exercise them

You have the right to:

• receive confirmation of whether Regin processes personal data about you, and if so, access them in the manner prescribed by applicable data protection legislation;
• request that Regin corrects incorrect personal data about you;
• request that Regin deletes your personal data if there are no legal reasons to continue the processing;
• request that Regin restricts or ceases the processing of your personal data, provided there are no legal reasons to continue the processing;
• request to receive the personal data concerning you, and that you have provided to us, in a structured, commonly used, machine-readable format (portability); and
• withdraw your consent.

To confirm that the right person submits a request for an action as mentioned above, Regin may perform an identity check.

You also have the right to file a complaint with the Swedish Authority for Privacy Protection http://www.imy.se regarding our processing of personal data. On the authority's website, you can also find detailed information about your rights under applicable data protection legislation.

Questions and concerns

Please contact Regin at the contact details provided below if you have any questions regarding our processing of your personal data or if you wish to exercise your rights as mentioned above:

Regin Controls Sverige AB
Box 116
428 88 Kållered
info@regin.se

AB Regin
Bangårdsvägen 35
428 36 Kållered
info@regin.se

Changes to this policy

Regin reserves the right to make changes to this privacy policy. The latest version of the privacy policy will always be available online on our website. Regin will also refer to it in our emails and in messages made via our systems for digital mailings and invitations. You are encouraged to carefully review the updated content in the event of changes to this privacy policy.