CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California law may provide you with certain rights regarding our use of your personal information. This notice is provided by Safeture AB (“Safeture,” “we,” “us” or “our,” as applicable).

A. “Do Not Track” under the California Online Privacy Protection Act. We do not track users over time and across third-party sites or services to support third-party advertising, and therefore our sites and services do not respond to “do not track” browser signals (a preference you may be able to set in your web browser to inform websites that you do not want to be tracked). We use third-party services that may collect information about your activities across other sites, apps, and services, although this is subject to your affirmative consent in some cases, and you are free to alter cookies settings or browser settings to change this.

B. California’s “Shine the Light” law (Civil Code Section § 1798.83). This law permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to us at dpo@safeture.com.

C. California Consumer Privacy Act (CCPA).

This part (C) serves as a privacy notice for California residents and applies solely to all visitors, users, and others who reside in the State of California, and applies in our capacity as both a data controller, a data processor, and a service provider to our customers and end-users. We adopt this policy to comply with the CCPA as of the effective date of this policy, and any terms defined in the CCPA have the same meaning when used in this notice. Note that provision of this CCPA notice is not an admission on our part that we are a “business” within the meaning of the CCPA, and nothing in this policy may be construed as such an admission.

Personal information we collect
You have the right to request that we disclose to you the information regarding the personal information about you that we collect and use. We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person (“personal information”) that falls within the following categories of personal information, and have done so within the last 12 months:

Category

 

Information Collected

 

Identifiers

Real name, postal address, home country, unique identifier, international mobile subscriber identity, base station information, online identifier, passport number, Internet Protocol address, email address, mobile phone device information, and account name.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, address, telephone number, passport number, employment, emergency contact information, and medical information.

(Some personal information in this category may overlap with other categories.)

Protected classification characteristics under California or federal law

Gender, nationality, age, medical conditions.

Commercial information

Records of services purchased, obtained, or considered, or other transaction histories.

Internet or other similar network activity

Interaction with a website; browsing and search history.

Geolocation data

Physical location; movements.

Professional or employment-related information

Job title, department/position, description; the identity of employer; manager; employment histories, CVs, work address, travel bookings.

Education information (non-public)

Educational histories or records.

Personal information does not include: (a) publicly available information from government records; (b) deidentified information or aggregate consumer information; (c) information excluded from the CCPA’s scope; and (d) personal information covered by certain sector-specific privacy laws.

We obtain the categories of personal information listed above from the following categories of sources:
• directly from you, your employer, or publicly available sources.
• indirectly when you use our services (eg cookies when using our website).
• from the sources listed in this Policy.

Our use of personal information
We may use or disclose the personal information we collect for the purposes set forth in this Policy, and one or more of the following business purposes:
• to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our offerings, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a access to our service, we will use that information to process your payment and facilitate delivery.
• to provide, support, personalize, and develop our website, products, and services.
• to create, maintain, customize, and secure your account with us.
• to process your requests, purchases, transactions, and payments and prevent transactional fraud.
• to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our sites, third-party sites, and via email or text message (with your consent, where required by law).
• to help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
• for testing, research, analysis, and product development.
• to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• as described to you when collecting your personal information or as otherwise set forth in the CCPA.
• auditing related to a current interactions and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• debugging to identify and repair errors that impair existing intended functionality.
• to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We do not sell personal information of consumers to businesses or third parties (as the terms “sell”, “consumers”, “businesses” and “third parties” are defined in the CCPA).

Sharing personal information

We may disclose any or all of the categories above of your personal information to a third party for a business purpose, as set forth in this Policy, and we have done so in the last 12 months. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.

We disclose your personal information for a business purpose to the following categories of third parties:
• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
• Service providers.
• any other third parties you have permitted us to disclose your personal information to.
• as set forth in this Policy.
Your rights and choices
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (unless an exception applies):
• the categories of personal information we collected about you.
• the categories of sources for the personal information we collected about you.
• our business or commercial purpose for collecting or selling that personal information.
• the categories of third parties with whom we share that personal information.
• the specific pieces of personal information we collected about you (also called a data portability request).
• if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not provide these access and data portability rights for business-to-business personal information to the extent such an exception (or similar subsequent exclusion from or exception to all or some of the requirements of the CCPA) remains in effect under the CCPA.

Deletion request rights
California residents have the right under the CCPA to request that we delete any of their personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request (see below), we will delete (and direct our service providers to delete) relevant personal information from our records, unless an exception applies (such as the B2B exception referenced above).

We may deny California residents’ deletion request if doing so is permitted or required by applicable law, or if retaining the information is necessary for us or our service provider(s) to:

• complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with the requesting individual, or otherwise perform our contract with a requesting individual.
• detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• debug products to identify and repair errors that impair existing intended functionality.
• exercise free speech, ensure the right of another to exercise their free speech rights or exercise another right provided for by law.
• engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
• enable solely internal uses that are reasonably aligned with consumer expectations.
• comply with a legal obligation.
• make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Verifiable consumer request
To exercise the access, data portability, and deletion rights under the CCPA described above, please submit to us a verifiable consumer request to dpo@safeture.com.
Only a California resident, or a person registered with the California Secretary of State that a California resident has authorized to act on their behalf, may make a verifiable consumer request related to their personal information. A California resident may also make a verifiable consumer request on behalf of their minor child.

A verifiable consumer request for access or data portability can only be made twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify the California resident about whom we collected personal information or an authorized representative, and contain sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account on our website. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal

information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not:
• deny you goods or services.
• charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• provide you a different level or quality of goods or services.
• suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.