Privacy Notice

Privacy Notice

1 GENERAL

1.1 This Privacy Notice (“Privacy Notice”), describes how Egetis Therapeutics AB (publ), registration number 556706-6724, Klara Norra Kyrkogata 26, SE-111 22 Stockholm, Sweden and its affiliates (collectively “Egetis”), collects, uses, discloses, stores, transfers, share and otherwise process personal data.

1.2 We respect your right to privacy, and are committed to comply with applicable data protection rules and to safeguard your rights. We want to make sure that you are aware of what types of information we collect or obtain from you via our websites or during your communication or interaction with us, how this information is used and how we work to protect it.

1.3 This Privacy Notice describes, amongst other things, which information we collect about you and any of your employees, officers, directors, agents, contractors or consultants or any of your customers, suppliers or any other relevant individual, how such personal data is processed and for what purposes we collect and use the personal data. This Privacy Notice also describes your rights and how you can contact us about the use of your personal data.

1.4 Egetis is the data controller responsible for processing your Personal Data (as defined below) in accordance with applicable data protection legislation.

WHAT TYPES OF DATA DO WE PROCESS?

2.1 “Personal Data” means all any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 How do we collect your personal data? We collect personal data that you provide to us in the following ways:

2.2.1 Entering into agreement with Egetis: when you enter into a contractual agreement with us, we may collect certain details in respect of you or other representatives of your business.

2.2.2 Communications with us directly: we collect Personal Data you submit, provide or post to us directly, such as via postal, telephone and/or email communications.

2.2.3 When you have agreed to receiving communications from us, we will collect and process your contact information and other identifiers including your e-mail address, phone number and name.

2.2.4 Communications via our website: we collect Personal Data when you provide it to us through communications via our website. This includes where you have contacted us through the “Contact” page on our website.

2.2.5 Events: when we arrange or attend events we may collect your Personal Data when you attend the event and exchange your details with us (for example, by providing your business card).

2.3 Egetis further collects and processes your business contact information and other identifiers that are necessary for us to contact you in your role as a representative for a company if you represent a company that is a customer, supplier, contractor or otherwise partner of ours, as well as a potential customer, supplier, contractor or otherwise partner of ours. The information that we collect and process in such cases includes business contact information (such as name, address, work title, what company you work for, email address, telephone number, bank details).

2.4 Egetis also collects Personal Data used for the purpose of recruiting members of staff. When you contact us to apply for a job opportunity with us, we collect such Personal Data that you provide us with in connection with such application. Personal Data normally included in a job application is contact information (name, address, email address and telephone number), CV (including previous work experience and education), and occasionally picture and personal registration number.

2.5 Egetis collects and processes your device, Internet and network activity information when you use our websites. We may process information about your browser, device, the operating system you are using, your device identifiers, MAC address, and IP address, as well as information at the site you came from, the site you visit when you leave us, and your page interactions that we collect through cookies and similar technologies upon your consent, or if they are strictly necessary for operating our website, based on our legitimate interest. For more information regarding cookies and similar tracking technologies, please visit our cookie policy, and for managing your cookie consent please open cookie settings.

2.6 If you are a healthcare practitioner and consent to that, Egetis collects and processes your contact information and other identifiers including your name, title, e-mail address, medical specialisation, and address of your medical practice to enrol you into our disease awareness program and be provided with resources to diagnose and manage people living with MCT8 deficiency.

2.7 We generally do not collect special category Personal Data through our website, such as gender, health or political opinions. If we are to collect Personal Data of a special category, we will provide you with information about that processing before the data is collected.

3 WHY DO WE PROCESS YOUR DATA?

3.1 We process Personal Data where we have a legal basis to do so. The legal basis depends on the purposes and reasons why we process your data:

a) Processing is necessary for the legitimate interests pursued by us or by a third party – the legal basis we rely on to process your Personal Data in this specific situation is Article 6(1)(f) of the Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”). We balance our legitimate interests or the interests of third parties against your rights and interests. This legal basis is relied on when we:
Send communications that you have requested and respond to communications you have sent us – our legitimate interest is marketing ourselves and our services.
Contact you as a representative for a customer, supplier, contractor or otherwise partner of ours – our legitimate interest is to administer the relationship we have with the company that you represent. We may reach out to you in situations where you provide us with your contact information by handing us a business card or otherwise have expressed an interest in our products or services.
Invite you to events we believe might be of interest to you or the company that you represent (provided however, that you will always have the right to opt-out of any marketing messages from us) – our legitimate interest is marketing our products and services.
Develop and improve our services, which is also our legitimate interest.
Respond to an enquiry or other request you make when you contact us via our website or directly – our legitimate interest is our business efficiency and marketing of our products and services.
Protect the security of and manage access to our premises, IT and communication systems, online platforms, website and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities – our legitimate interest is our business continuity and security.
Notify you about changes to our service – our legitimate interest is our business efficiency.
Provide you with resources to diagnose and manage people living with MCT8 deficiency– our legitimate interest is to increase awareness about that rare disease.
b) Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract; the legal basis we rely on to process your Personal Data in this specific situation is Article 6(1)(b) of the GDPR. This legal basis is relied on when we:
Process your job applications;
Carry out our obligations arising from any contracts, including providing you with the information you request from us.
c) We process Personal Data where we need to comply with a legal obligation, such as the Swedish Accounting Act. The legal basis we rely on to process your personal data in this specific situation is Article 6(1)(c) of the GDPR. We may also process Personal Data where it is necessary to carry out statistical and other analyses and to meet our legal or regulatory obligations.

3.2 Direct Marketing: We reach out with our electronic message advertising or marketing materials directed to you as a natural person only if you consent to it, or we can rely on the so-called ‘soft opt-in’ exception, which means that your consent, as our existing customer, is implied. Any marketing communication will include a clear way for you to opt out of such communication.

4 FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

4.1 Your Personal Data is stored only for as long as there is a need to keep the data in order to fulfil the purposes for which the data was collected in accordance with this Privacy Notice.

4.2 The Personal Data will be deleted if the purpose of collection and use of Personal Data has been achieved, or if you withdraw your consent (if applicable) to the processing of Personal Data by contacting us (for contact information, please see Section 9 below).

4.3 Personal Data received in connection with a job application for an applicant who is not hired will be stored for no longer than one year after the date of the completion of the recruitment process.

5 HOW MAY THE DATA BE SHARED?

5.1 Egetis may share Personal Data with our trusted subcontractors and cooperation partners, including digital service providers, within the scope listed above. They may need access to your Personal Data in their assignment for us, but they will not be allowed to use the Personal Data for any other purpose, only according to our instructions.

5.2 The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in. When we transfer your Personal Data to any country outside the European Economic Area (“EEA”) and the UK, such transfers are made pursuant to appropriate safeguards.

5.3 Personal Data that Egetis collect may be transferred to our trusted subcontractors based outside of EEA and the UK, including countries that do not provide the same level of protection for personal data as in the EEA, as a part of provision of services to Egetis.

In any event, we will only transfer personal data to recipients that provide an adequate level of data protection or as permitted by applicable data protection laws by implementing appropriate safeguards, including, but not limited to, relevant data transfer agreements with standard contractual clauses approved by the European Commission (“Model Clauses”) to impose on the Personal Data recipient data protection and security obligations that are equivalent to the EEA standards.

We transfer personal information to countries that are covered by adequacy decisions or subject to an equivalent framework.

Personal Data will be transferred to the USA as we use service providers such as Office 365 (Microsoft Corporation) and Google Analytics (Google LLC). Egetis has ensured that your rights are guaranteed before making such a transfer to the USA by Microsoft’s and Google’s adherence to the EU-US Data Privacy Framework. To learn more about the Data Privacy Framework program, and to view our service providers’ certifications, please visit https://www.dataprivacyframework.gov/.

5.4 Personal Data may be disclosed by Egetis to comply with legal requirements or other requirements from official authorities, in order to safeguard Egetis legal interests or to detect, prevent, or draw attention to frauds or other safety or technical problems.

6 PROTECTION OF YOUR PERSONAL DATA

6.1. We have employed a wide range of security measures to help protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to.

6.2 We protect your Personal Data using commercially reasonable safeguards to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include data encryption, firewalls, automatic timeouts and one-time access links that expire within hours. Therefore, you can rest assured that your Personal Data is in safe hands.

7 YOUR RIGHTS

In accordance with the General Data Protection Regulation, you have a right to:

7.1 Access: You have the right to obtain confirmation whether we process Personal Data about you, as well as to request a copy of the Personal Data that Egetis processes about you. However, there are exceptions to this right, so that access may be limited if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if Egetis is legally prevented from disclosing such information. If you want a copy of the data related to you that Egetis processes, please contact us in accordance with the contact information found below.

7.2 Information: You are entitled to access the following information about the processing that concerns you:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling;
the appropriate safeguards for data transfers.

7.3 Accuracy: Egetis aims to keep your personal data accurate, current, and complete. We encourage you to let us know by contacting us if any of your personal data is not accurate or has changed since you provided us with it.

7.4 Erasure: You have the right to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.

7.5 Restrict the processing: Under certain circumstances (expressed in applicable data protection legislation), you may request that Egetis restricts the use of your Personal Data.

7.6 Objecting: In certain circumstances, you have the right to object to processing of your personal data and to ask us to block, erase. If you would like us to stop using your personal data, please contact us in accordance with the contact information found below.

7.7 Data Portability: In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.

7.8. Complaint: Should you be dissatisfied with our processing of your Personal Data, please let us know, and we will do our best to address your complaints. The integrity of your Personal Data is very important to us, and we always strive to protect and secure your Personal Data in the best possible way. Should we nevertheless, in your opinion, fail in this ambition, please note that you are also entitled to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7.9 Revoke your consent: If the legal basis for processing is your consent, you have the right to withdraw consent at any time by emailing us using the contact details listed under Section 9.

7.10 If you wish to exercise any of the abovementioned rights or if you have any questions regarding Personal Data held by us or this online Privacy Notice, please do not hesitate to contact us (for contact information, please see section 9 below).

7.11 You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. If your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.

8 CHANGES TO THIS PRIVACY NOTICE

Egetis may, at any time, make amendments to this Privacy Notice. Egetis will publish the amended version at our website. We encourage you to check this Privacy Notice for changes whenever you visit our website.

9 HOW TO CONTACT US

You can contact us at: Egetis Therapeutics AB (publ), Klara Norra Kyrkogata 26, SE-111 22 Stockholm, Sweden or at privacy@egetis.com.

You can also contact Egetis’ Data Protection Officer, HewardMills Ltd., 77 Farringdon Road, London, EC1M 3JU United Kingdom at dpo@hewardmills.com.

Effective as of 7 May 2024

Share

Twitter
LinkedIn

Contact us

Address: Klara Norra Kyrkogata 26, SE 111 22 Stockholm, Sweden

Phone: +46 8 679 72 10

E-mail: info@egetis.com