PRIVACY POLICY

In this privacy policy for Autocirc AB, we explain how Autocirc AB, co. reg. no. (559214-4314) (‘Autocirc’), processes personal data. This policy applies to Autocirc as well as its subsidiaries, since personal data may be shared in the Group.

We use information that we collect, or that you provide as a customer, employee or supplier, for the following main reasons:

• To fulfil our obligations to suppliers or customers, we use, e.g.,
contact details that we collect through contracts or in other ways.
• To be able to respond to questions or comments received by email from employees of other Autocirc
or from customers, we need to process emails, names and other personal data provided by means of
email messages.
• To comply with our legal obligations, e.g. under the Accounting Act, we need to
retain accounting information for the period of time prescribed.

For the purposes of this processing of your personal data, Autocirc is the data controller. Details on how to
contact us can be found under ‘Contact details’ below.

Read more about how we use personal data, how it affects your privacy and how to exercise your rights:

Our principles

Autocirc conducts business in the field of business establishment. The processing of user data in accordance with applicable regulations and in a secure, efficient and value-creating manner is of central importance in ensuring trust, both for customers and for our employees and partners. Protecting the privacy of individual users is crucial to maintaining their trust and developing the long-term relationships that we seek. Autocirc’s management is responsible for ensuring that personal data are processed in compliance with applicable legislation and in a manner that safeguards the trust of individuals.

Personal data that we collect

Autocirc collects data for the purposes of fulfilling contracts with our suppliers, partners, employees and jobseekers and providing the best possible service to you as a customer. You provide us with some of these data directly in connection with our application process, when you contact us by letter or email, or within a business-related relationship. We may also collect information from third parties. Such third party sources may vary over time, but have previously included:

• Business & Emotions Sweden AB in connection with cookies.

You can make choices regarding the data Autocirc collects. When you are asked to provide personal data, you have the right to refuse. However, if you choose not to provide data that is necessary in order to access a product, service or feature or equivalent, there is a risk that you will not be able to use that specific product or feature. The information we collect depends on the context of your interactions with Autocirc, your choices, including your privacy settings, and the products and features you use.

We also collect information that you provide to us and information contained in messages that you send to us, such as feedback you write, or questions and information you provide to us.

If we intend to use personal data for a new purpose beyond what is set out in this policy, you will be informed of such use before, or in connection with, the personal data being collected and we will ask for your permission or, where required, your consent.

Alternatively, we will ask for your permission and/or consent after such collection has taken place but before we use your personal data for a new purpose.

Reasons why we share your personal data

It may sometimes be necessary for us to share your data with actors who perform services on our behalf so that we can provide you with our services.

In cases where we share information about you with other parties, we have ensured that these companies comply with our data protection requirements, and they are not permitted to use personal data they receive for any other purposes.

We also share information with actors that we have engaged to provide customer service, support or assistance in protecting and securing our systems and services when they need access to personal data in order to provide these services.

Finally, we may need to disclose or retain your data when we deem it necessary in order to:

1. comply with laws or legal processes and provide information to the police and other competent authorities,
2. protect our customers and employees, for example to prevent spam or fraud attempts,
3. manage and maintain the security of our products and features, including preventing or
stopping an attack on our systems or networks,
4. safeguard Autocirc’s rights or property, including enforcing the terms that control your
use of the services. However, if we discover that someone is using our services to trade
in stolen intellectual or physical property belonging to Autocirc, we will not investigate a
individual’s private content, but may instead report the case to the police.

Please note that our website may contain links to third party products and features whose privacy policies differ from Autocirc’s. If you provide personal data via any of these products and features, your data will be processed according to the privacy policies relevant to the product or feature in question.

How to access and control your personal data

You can read about how to manage your rights under the Data Protection Act with regard to Autocirc under the ‘Contact us’ section.

Your individual rights

Autocirc complies with current data protection laws in the European Union, which include the following rights where applicable:

• You have the right to request a register extract free of charge (as defined in the legislation), as well as
access a copy of your personal data and request correction and, in certain circumstances, erasure
of your personal data,
• You have the right to request restriction of, as well as object to, processing of your personal data on the basis
of our legitimate interests,
• You have the right to lodge a complaint with a data protection authority. The Swedish Authority for Privacy Protection (IMY) is the
authority in Sweden that supervises how we as a company comply with legislation,
• If processing of personal data is based on your consent, you are entitled to withdraw
your consent for future processing of your personal data at any time.

Security of your personal data

Autocirc uses various security techniques and methods to protect your personal data from unauthorised access, unwanted alteration and loss of data. For example, personal data that you provide are stored on computer systems with limited access in protected premises. When transferring highly sensitive data (e.g. credit card numbers and passwords) over the internet, these data are protected through encryption.

Where we store and process personal data

Personal data processed by Autocirc may be stored and processed in the region where you live, in Sweden, or in other countries where Autocirc, our partners or suppliers operate. We take measures to ensure that data we collect under this privacy policy are processed in accordance with the provisions of this policy in compliance with applicable law where the data is located.

If, for reasons we set out in the section ‘Reasons for sharing your personal data’, we transfer your personal data to a data controller or data processor in a third country, i.e. a country outside the EU/EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements. We will use the EU standard clauses as appropriate safeguards where possible.

Our retention of personal data

Autocirc retains personal data for as long as is necessary in order to provide the products, features and services, fulfil the transactions you have requested and approved, or for other necessary purposes, such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs may vary for different types of data and different types of products, services and contexts, actual retention periods may vary. Criteria that determine the length of time we retain data include, among others, the following considerations:

• For how long do we need to retain the personal data in order to provide the products, services and features? This
includes, for example, maintaining and improving the performance of products, services and functions,
protecting our systems and managing necessary business and accounting information. This is the
general rule that forms the basis for calculating most retention periods.
• Is the personal data of a particularly sensitive nature? In that case, a shorter
retention period is normally applied.
• Have you authorised a longer retention period? In that case, we retain the data in accordance with
your authorisation.
• Has Autocirc legally, contractually or otherwise agreed to retain the data? Examples:
under mandatory legislation on the retention of data in certain jurisdictions, a government order
to retain data relevant to investigations, or data that must be retained for the purpose of
resolving a dispute.

Cookies and similar technologies

For information on the types of cookies autocirc.com uses and how they are used, see our Cookie Policy.

Changes to this privacy policy

We will update our privacy policy as and when necessary to reflect user feedback and changes to our products, services and features. When a policy is updated, the date of the latest update is changed at the top of the policy and the changes are described in the ‘Change History’ section. If major changes are made to the policy or to how Autocirc uses your personal data, you will be informed via a notification on the website or via email before the changes take effect, to the extent required by law. Please read this privacy policy from time to time to stay updated about how Autocirc protects your personal data and privacy.

Contact us

If you have any questions or need to contact Autocirc’s Data Protection Coordinator, send an email to hanna.wadsten@autocirc.com.

Change history

May 2018: Clarifications due to the new General Data Protection Regulation (‘GDPR’) effective from 25 May 2018. The updated Privacy Policy automatically comes into effect for all existing users and visitors on 25 May 2018. Your continued use of our products, services and features from that date will be subject to the new Privacy Policy. The policy has also been revised to be concise, clear and unambiguous, understandable and easier to read and understand.

November 2021: Further updates and changes carried out to make this policy reflect more clearly how we conduct our business and process personal data in connection with our business, what your rights are and how to exercise them, the transfer of personal data to third countries, and to make the policy more concise, clear and clear, understandable and easier to absorb and understand.