INTRODUCTION

MedCap AB, (“MedCap” or “the Company”) is responsible for the processing of personal data related to interaction with MedCap in its activities as an investment company (“the Service”). MedCap is thereby responsible for ensuring that all personal data is processed correctly and in accordance with applicable data protection legislation.

This personal data policy, (herein referred to as “the Policy”), describes how MedCap processes personal data, and is designed to create confidence that MedCap processes data in accordance with applicable data protection legislation.

Personal data refers to all types of information that can either directly or indirectly be attributed to a living, physical person. The conduct of MedCap’s business activities may involve personal data that relate to, for example, first and second names, personal identification numbers, phone numbers, addresses, post codes, email addresses etc., (herein referred to as “personal data”).

If you have questions relating to the Policy, please contact MedCap. Information on how to contact MedCap is listed in the “Contact details” section below.

 

WHY WE PROCESS YOUR PERSONAL DATA, LEGAL BASIS, WHICH PERSONAL DATA WE PROCESS AND STORAGE PERIOD

For communication with prospects

Purpose Actions taken Categories of personal data
To communicate with people in connection with new investment opportunities ·  Communication via phone and email

·  Distribution of information, e.g. investment opportunities, etc.

·  Registration and storage of personal data in a contact

database

·   Name

·   Contact details

·   Address

·   Company

Where do we obtain personal data? For this purpose, we only register personal data that

you give to us.

Who else may have access to personal data? For this purpose, administrative partners

may have access to your data, similarly MedCap’s IT suppliers.

Legal basis: Processing is necessary to fulfil our legitimate interest in being able to

communicate with those who have shown interest in our Service, and where we have judged that this interest outweighs your interest in having your personal data untouched.

Your right to withhold consent: MedCap cares about your integrity and will not process

personal data for this purpose if you no longer wish us to do so. Contact us via info@medcap.se, and we will remove your personal data.

Storage period: MedCap conducts a review every third year of its contact database, and removes personal data that is no longer relevant.

 

Purpose Actions taken Categories of personal

data

To exercise ownership role in existing investments ·  Personal data may be registered in MedCap’s contact database ·   Name

·   Contact details

·   Address

·   Company

Where do we obtain your personal data? For this purpose, MedCap only registers personal

data that you give to us.

Who else may have access to personal data? For this purpose, administrative partners

may have access to your data, similarly MedCap’s IT suppliers.

Legal basis: Processing is necessary to fulfil our legitimate interest in being able to

communicate with those who are involved in MedCap’s investment activities, and where MedCap has judged that this interest outweighs your interest in having your personal data untouched.

Your right to withhold consent: This processing of you personal data is necessary for us to

be able to conduct investment activities. If you elect to withdraw your consent to this processing, MedCap will be unable to provide the Service to you.

Storage period: MedCap conducts a review every third year of its contact database, and removes

personal data that is no longer relevant.

 

Purpose Actions taken Categories of personal

data

To communicate with contacts at suppliers and partners ·  Communication via email and phone

·  Registration and storage of

personal data in a contact database

·   Name

·   Contact details

·   Address

·   Company

Where do we obtain your personal data? For this purpose, we process only personal data

that you give to MedCap, or that MedCap receives from your employer.

Who else may have access to personal data? For this purpose, administrative partners

may have access to your data, similarly MedCap’s IT suppliers.

Legal basis: Processing is necessary to fulfil MedCap’s and your employer’s legitimate interest in being able to communicate with those who are acting as a contact person for MedCap, and where MedCap has judged that this interest outweighs your interest in having your personal data

untouched.

Your right to withhold consent: MedCap cares about your integrity and will not process your personal data for this purpose if you no longer wish us to do so. Contact us via

info@medcap.se, and we will remove your personal data.

Storage period: For this purpose, MedCap retains your personal data for up to one year

after MedCap has concluded a business relationship with your employer, or up to one year from when MedCap has received information that you are no longer MedCap’s contact person.

 

Purpose Actions taken Categories of personal

data

To send financial information such as annual and interim reports to which you

subscribe

·  Distribution of subscriber newsletter via email or post ·  Name

·  Company

·  Address

·  Email

Where do we obtain your personal data? For this purpose, MedCap only processes personal

data that you give to MedCap.

Who else may have access to personal data? For this purpose, administrative partners

may have access to your data, similarly MedCap’s IT suppliers.

Legal basis: Processing is conducted with your consent.
Your right to withhold consent: MedCap cares about your integrity and will not process your personal data for this purpose if you no longer wish us to do so. At any time, you may withdraw your consent by clicking on “unregister” in digital material, or contact us via

info@medcap.se, and MedCap will remove your personal data.

Storage period: For this purpose, MedCap retains your personal data until further notice. Every third year, you will be reminded that you have consented to this storage.

 

RECIPIENTS OF PERSONAL DATA AND TRANSFERS OUTSIDE THE EU/EES

Being responsible for personal data, MedCap may instruct a partner or supplier to carry out the action outlined above, for example IT support, law firms, consultancies etc.. Such processing will only be conducted for the purpose specified. Certain partners and suppliers may have parts of their operations outside the EU/EES, (a so-called third country). Such transfers are made only to such countries that, according to the EU Commission, have a sufficiently robust level of protection; or to suppliers that are subject to legally binding and enforceable instruments that guarantee the security of the data in question.

 

RIGHTS OF INDIVIDUALS REGISTERED WITH MEDCAP

As an individual registered by MedCap you have the right to:

  • request information about the personal data MedCap has about you, and you may request a copy of such data (a transcript),
  • have inaccurate personal data corrected or deleted,
  • object to the manner in which certain personal data are processed, and request that the processing of personal data is restricted,
  • have submitted personal data transferred to another entity responsible for personal data (the right to data portability),
  • if processing is based on consent, withdraw said consent at any time, and
  • if you are unsatisfied with how we process your personal data, you may make a complaint to the Swedish Data Protection Authority, the agency responsible for data protection. Contact details of the Data Protection Agency can be found on datainspektionen.se.

You may, at any time, receive a transcript of your personal data, delete your personal data, or restrict our use of your personal data. Please note that if you request a restriction to the use of, or the deletion of your personal data, this may result is us being unable to provide the Service to you.

 

PERSONAL DATA PROTECTION

We have taken appropriate technical and organisational steps to protect personal data from loss, abuse, unauthorised access, disclosure, alteration or destruction. To ensure that personal data is processed securely and confidentially, we use computer networks that are protected by firewalls and code numbers, in line with industry best practice.

To ensure the integrity of the personal data that you provide to us, we may use encryption technology when we transfer personal data over the Internet to the Company’s servers.

Our employees and suppliers are bound by confidentiality agreements, and are required to respect our data and IT security rules, the Policy, and other internal regulations that further regulate the processing of personal data.

 

AMENDMENTS TO THIS POLICY

MedCap reserves the right to revise the Policy periodically. The date of the most recent amendment to the Policy is provided at the bottom of the last page of the Policy. If MedCap makes several

 

changes to the Policy, the Company will publish details of these changes on its website. We therefore recommend that you regularly read the Policy to ensure that you are aware of potential changes to it. If MedCap alters the Policy in such a way that it substantially differs from what was communicated when you gave your consent, MedCap will notify you of such changes, and, when necessary, request consent again for MedCap’s personal data processing.

 

CONTACT INFORMATION

Questions relating to the Policy, or to our processing of personal data, should be directed to:

MedCap AB
Contact person, Karl Tobieson
Sundbybergsvägen 1
171 73 Solna
+ 46 709 35 85 74

info@medcap.se