Processing of personal data

Information to you as a data subject (shareholder)

Pandox AB (publ), reg. no. 556030-7885, (“Pandox”) is the controller for the processing of personal data relating to shareholders, representatives of shareholders (proxy and assistants) and other persons who are not shareholders but who attend a general meeting of shareholders.

1. PURPOSE OF THE PROCESSING

Share register

1.1 Euroclear Sweden AB ("Euroclear") is responsible for keeping Pandox's share register. According to Swedish law, Euroclear is as central securities depository the data controller for the processing of personal data that the share register entails.

General meeting

1.2 Pandox and Euroclear treat your personal data as separate data controllers in connection with a general meeting. This means that Pandox can collect your personal data and provide them to Euroclear. Pandox will process personal data in order to be able to summon shareholders and manage and execute a general meeting (ordinary, continued or extraordinary). Such processing may consist of, for example, preparing a voting register and voting right registration, conducting a vote and drafting meeting minutes. Pandox also processes your personal data if you send a request to Pandox to raise a specific matter at the general meeting and other communications in connection with the general meeting. Pandox can, after a specific resolution, resolve that voting in some cases can be exercised by post or electronic means. In such a vote, your personal data will be processed to administer and manage the voting.

1.3 When administering and carrying out a general meeting or voting by post or electronic means, the following personal data will be processed: contact information (e.g. name, address, telephone number and email), birthdate and social security number, financial information (e.g. voting rights at the general meeting and rights related to the ownership), notes in the minutes of the general meeting, information about representatives and who the representative represents, in some cases, photographs, video recordings and sound recordings can also be recorded during a general meeting.

Legal claims

1.4 Pandox may process your and your representative’s personal data in the event of a potential dispute or legal process in order to manage and respond to legal requirements/claims.

1.5 The following personal data will be processed in the event of a dispute or legal process: contact information (e.g. name, address, telephone number and email), birthdate and personal identification number and shareholding.

Other legal obligations

1.6 Pandox processes your personal data to fulfil its legal obligations under the Swedish Companies Act and the Accounting Act. Such processing may, for example, consist of share dividends and bookkeeping of accounting materials.

1.7 When Pandox processes your personal data in order to fulfil its legal obligations, all personal data that is necessary will be processed.

2. LEGAL BASIS

The processing in connection with general meetings, legal claims or other legal obligations is necessary to fulfil legal requirements that follow from the Companies Act, the Accounting Act or other relevant law.

3. WHERE DOES YOU PERSONAL DATA COME FROM?

Pandox collects your personal information directly from you as a shareholder or from your representative. In some cases, Pandox may collect personal information about you as a shareholder from Euroclear or public records and sources.

4. CATEGORIES OF RECIPIENTS

4.1 Your personal data may be transferred between companies in the Pandox Group in order to manage send outs, contacts in various matters in connection with the fulfilment of the stated purposes and bookkeeping of accounting materials etc.

4.2 Personal data may also be transferred to Euroclear to manage general meetings and share register. Transfer may also take place to sub-suppliers, accountants, law firms and others who perform services, on Pandox's behalf, in connection with the fulfilment of the stated purposes of the processing.

5. TRANSFER

Pandox only stores personal data within the EU/EEA. If transfer to a third country occurs in exceptional cases, Pandox will ensure that there are legal bases for such transfer and provide the relevant registered with necessary information.

6. DURATION

6.1 Pandox does not store personal data during a longer period than is necessary to fulfil the purpose for which the personal data was collected.

6.2 The general meeting minutes are made available and kept in accordance with the rules of the Companies Act and as long as it is necessary to fulfil the purpose of such processing.

6.3 Personal data included in accounting information is kept in accordance with the rules of the Accounting Act up to and including the seventh year after the end of the calendar year in which the financial year ended.

7. YOUR RIGHTS

7.1 As a data subject, you are, without cost, entitled to request information from Pandox about the processing of your personal data. Upon your request, or on our own initiative, Pandox will correct or delete incorrect personal data, and/or limit the processing of these. If Pandox considers that processing still needs to be done, it is up to Pandox to show that there are interests that overrides your individual rights.

7.2 If you are displeased with Pandox’s processing of your personal data, please contact us or submit a complaint to the Swedish Data Protection Authority (www.datainspektionen.se/other-lang/in-english/).

For further details about Pandox' processing of personal data, please see https://www.pandox.se/privacy-policy/.

If you as a data subject have questions about how Pandox process your personal information, please feel free to contact us at info@pandox.se.

Pandox AB (publ), reg. no. 556030-7885, Vasagatan 11, PO Box 15, 101 20 Stockholm, is the controller of the personal data.