Spirius AB, org.nr 556788 - 4183, with address Skeppsbrokajen 14, 371 33 Karlskrona, is the data controller for the processing of personal data in accordance with this privacy policy. We process personal data in accordance with the Data Protection Regulation (EU) 2016/679 (GDPR) and supplementary Swedish legislation. In this privacy policy, we explain what kind of personal data we store and how we process it. This Privacy Policy applies to: www.spirius.se and www.spirius.com.

Personal data we collect and process
‍
The personal data that Spirius AB collects and processes may, depending on the context, include:

• name and contact information, including address, mobile phone number and email address
• billing information and other information that you provide in connection with the purchase of our service;
• Username and password for our services
• other information relevant to customer surveys, advertisements or offers
• IP address and other information provided in support cases.How we use personal data
‍
Delivery of service/contract
We use your personal data to fulfill our agreements with you, that is, when you have ordered a product or service from us. The legal basis for processing personal data for this purpose is that the processing is necessary to fulfill a contract with you.

Customer relationship management
We use your personal data to manage our customer relationship with you. This may include customer service, complaint handling, and troubleshooting your account. The legal basis for processing personal data for this purpose is that the processing is necessary to fulfill a contract with you.

Disclosure of data to another party
The protection of your personal data is an important part of SpiriuSab's business and the information you store with us is never disclosed to anyone else, unless you consent to this or if this is done in accordance with the paragraphs below.

To clarify this further, Spirius AB will not under any circumstances sell, share or pass on information unless required by law, or if it is a direct result of legal action.

However, in order for Spirius AB to deliver its services, it may mean that customer data is shared with another party. Spirius AB always takes the utmost care in these cases. The parties to whom the transfer takes place as a necessary part of Spirius AB's ability to deliver its services, Spirius AB assists with the following:

• Management of invoices and credit cards
• Sending of informational emails, such as newsletters
• Storage in some cases with cloud providers

We do not transfer personal data outside the EU/EEA. Should a transfer to a third country still take place, we will ensure that legal safeguards are in place.

Do you want to sign a personal data processing agreement with SpiriusAB?
A personal data processing agreement is necessary to ensure that you, as the data controller, do not lose control over the personal data for which you are responsible. The agreement is a requirement under the GDPR and by signing a data processing agreement with Spirius AB, you can demonstrate in agreement how you as a data controller process personal data. Contact us at dpo@spirius.com to sign a personal data processing agreement.

Analysis, business development and improvement of services
We are continuously working to develop and improve our services and products. Much of this work involves analysing different forms of personal data, such as customer activity, customer history and account and profile information. The legal basis for processing personal data for this purpose is our legitimate interest.

Custom user experience
We tailor the user experience and communication to your customer relationship and we use personal data for this purpose. The legal basis for processing personal data for this purpose is our legitimate interest.

Sales and marketing
We use personal data in connection with the sale and marketing of our products and services, for example by receiving emails from us. The legal basis for processing personal data for this purpose is our legitimate interest. You have the option to opt out of parts of this processing by, for example, opting out of receiving emails from us.

System monitoring, troubleshooting, etc.
We monitor our systems for errors and problems. Some of these processes involve the storage and processing of personal data. The legal basis for processing personal data for this purpose is our legitimate interest.

Security, fraud detection and criminal activity
We process personal data in our work to protect our users and ourselves against fraud, abuse and criminal activity. The legal basis for processing personal data for this purpose is our legitimate interest.

Comply with legal obligations
In some cases, we are obliged to process personal data for reasons of other legal obligations. An example of this is information related to sales, which we are obliged to record and save in accordance with the Accounting Act. The legal basis for processing personal data for this purpose is that the processing is necessary to comply with a legal obligation imposed on us.

Your rights
If you wish to exercise any of your rights, please contact us at dpo@spirius.com

Right to transparency of own data
You can request a copy of any data we process about you. Please contact the email address above to exercise your right of access.

Right to rectification of personal data
You have the right to request that we correct or supplement information that is inaccurate or misleading.

Right to erasure of personal data
You have the right to have your personal data erased without delay. You can request that we delete information about yourself at any time. However, please note that information that we are obliged to retain due to other legal obligations (such as the Accounting Act) will not be deleted.

Restriction of processing of personal data
In certain situations, you may also request that we restrict the processing of data about you. You can do this by contacting the email address above.

Protest against the processing of personal data
If we process personal data on the basis of our legitimate interest or on the basis of a balance of interests, you have the right to object to our processing of data about you. You do this by contacting the email address above.

Storage of data

• Customer data is stored during the contract period
• Accounting data is stored for 7 years
• Marketing data is stored until consent is withdrawn

Data portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format. Please contact the email address above to obtain your personal data.

You can complain about our processing of personal data
We hope that you will inform us if you believe that we are not complying with the rules of the General Data Protection Regulation (GDPR) and supplementary national legislation. Please let us know first through the contact or channel you have already established with us. You can also complain about our processing of personal data. You can do this to the Privacy Protection Authority (IMY) at https://www.imy.se/..