As a shareholder in INVISIO AB (publ) (”INVISIO”), INVISIO will process personal data which relates to you. Therefore, we would like to inform you of our processing of your personal data and your rights under the applicable data protection legislation.

Euroclear Sweden AB (”Euroclear”) is responsible for keeping the share register of INVISIO and is the controller of the processing of personal data that occur in connection with such assignment. If you would like to know more about how Euroclear processes your personal data, we kindly ask you to contact Euroclear.

What personal data is processed and for what purposes?

The personal data relating to you as a shareholder that are processed by INVISIO include:

• Your name, personal identity number, and contact information.
• Information regarding your shareholding (number of shares and any notes/information to be linked to that shareholding according to law).
• Data from any communication between you and INVISIO, including data in minutes of board meetings and general meetings.

In connection with general meetings the personal data are used for registration, drawing up of voting lists and, where applicable, minutes of the general meeting.

On what legal basis do we process your personal data?

The personal data are processed by INVISIO to fulfill its obligations under law, including company, securities, tax legislation, and INVISIO’s legitimate interest of convening general meetings and administrating other matters relating to the shareholders of the company.

We only process your personal data for the purpose for which we collected such data. Should we need to process your personal data for any other purpose or a purpose which requires your consent under data protection legislation, we will inform you of such purpose respectively obtain your consent in advance.

How long do we store your personal data?

Personal data are only stored for as long as it is necessary in order to fulfill the purpose of the processing, or as long as INVISIO is required to store such data by law. The data is erased when you cease to be a shareholder in INVISIO. However, as mentioned, certain data are stored for a longer period of time when required by law, including company, securities, and tax legislation.

To whom do we disclose your personal data?

Your personal data may be disclosed to a third party if required by law, regulations, or an official decision by a relevant authority. That said, certain personal data, such as names and other information included in minutes of board meetings and general meetings, may be published on INVISIO’s website.

Your rights

INVISIO is the controller for the processing of your personal data. You have the following rights in relation to us:

• Right of access (register transcript) – a right to obtain confirmation of and information about the processing of your personal data.
• Right to rectification – a right to have erroneous personal data rectified.
• Right to erasure – a right to have personal data removed. This right is limited to data which, by law, may only be processed with your consent, if you withdraw consent and oppose the processing.
• Right to restricted processing – a right to request that personal data processing is restricted, for example, if you oppose the accuracy of the data. INVISIO’s access to the data is restricted while the accuracy of the data is investigated.
• Right to data portability – a right to request that personal data are moved from one data controller to another. This right is restricted to data you have supplied to us yourself.

If you believe that our processing of your personal data does not comply with the Data Protection legislation, you are also entitled to lodge a complaint with the Swedish Data Protection Board (in Swedish, Integritetsskyddsmyndigheten), the governing Swedish supervisory authority.

The complaint should be mailed to the Swedish Data Protection Board, Box 8114, 104 20 Stockholm, Sweden.

You can also reach the Swedish Data Protection Board:

Telephone at +46 8-657 6100
E-mail at imy@imy.se.

For more information, visit Integritetsskyddsmyndigheten.