PRIVACY

GENERAL

This Data Privacy Policy sets out how Brick Technology AB, 559210-1140, Ringvägen 6, 11726 Stockholm Sweden (“Brick”, “We” or "Owner"), including its subsidiaries, complies with European Union data protection requirements. Brick and its subsidiaries conduct business in different countries within the EU/EES area. The purpose with this document is to inform partners and suppliers how Brick collect, uses, stores, protects and shares Personal Data within the company and to external parties. As your partner, Brick needs to keep and process information about you for normal partnership purposes. The information we hold, and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately.

SECURITY

Brick prioritize the personal integrity and therefore works actively so that your Personal Data are processed with utmost care. We will only use information by which individuals can be identified (“Personal Data”) in accordance with this policy. To prevent unauthorized access or disclosure, Brick has therefore put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Data collected.

WHAT PERSONAL DATA BRICK COLLECTS

Brick may collect the following Personal Data of partners and suppliers. Data such as, but not limited to, names and contact information may be collected by Brick. Much of the information we hold will have been provided by you, but some may come from other internal sources, or in some cases, external sources. Data provided by you is only collected if required to meet legal obligations, fulfil agreements, or if it is in our legitimate interest to handle or if you explicitly have given their consent to specific use of their data. Where we process special categories of information about you, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect you. Where we are processing data based on your consent, you have the right to withdraw that consent at any time. Your personal data will be stored when you work for us or after you have left, if needed to fulfil contractual obligations with you or required by law. If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information. Depending on the User's specific device, this Application may request certain permissions that allow it to access the User's device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. To revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document. The exact procedure for controlling app permissions may depend on the User's device and software. Please note that the revoking of such permissions might impact the proper functioning of this Application. Approximate location permission (continuous) Used for accessing the User's approximate device location. This Application may collect, use, and share User location Data in order to provide location-based services. Approximate location permission (non-continuous) Used for accessing the User's approximate device location. This Application may collect, use, and share User location Data in order to provide location-based services. The geographic location of the User is determined in a manner that isn't continuous. This means that it is impossible for this Application to derive the approximate position of the User on a continuous basis. Camera permission, without saving or recording Used for accessing the camera or capturing images and video from the device. This Application does not save or record the camera output. Precise location permission (continuous) Used for accessing the User's precise device location. This Application may collect, use, and share User location Data in order to provide location-based services. Precise location permission (non-continuous) Used for accessing the User's precise device location. This Application may collect, use, and share User location Data in order to provide location-based services. The geographic location of the User is determined in a manner that isn't continuous. This means that it is impossible for this Application to derive the exact position of the User on a continuous basis.

BRICK’S SHARING OF PERSONAL DATA COLLECTED

Other than for the purposes mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to external accounting providers. In the case some of these data processors may be based outside of EU/EEA area, these processors will be contractually committed to process information in accordance with the provisions of European data protection legislation, and the transfer will be made in accordance with written agreements in the form of The European Commission Standard Contractual Clauses. The rights of Users Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following: – Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. – Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below. – Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing. – Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected. – Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it. –Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner. – Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof. – Lodge a complaint. Users have the right to bring a claim before their competent data protection authority. Details about the right to object to processing Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection. Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document. How to exercise these rights Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

INDIVIDUALS’ RIGHTS TO UPDATE, CORRECT OR REQUEST PERSONAL DATA

Under the General Data Protection Regulation (GDPR) you have several rights about your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. If you believe that we have not complied with the requirements of the GDPR about your personal data, you have the right to complain to the controller or to the Data Protection Officer.

CONTACT

For questions, Personal Data errands, Personal data deletion request or further information about the handling of Personal Data, please contact: info@brickapp.se Brick Technology AB, Registration Number:5592101140; Ringvägen 6, 117 26 Stockholm, Sweden

CHANGES TO PRIVACY POLICY

From time to time, Brick may use Personal Data for new, unanticipated uses not previously disclosed in this policy. However, such new processing will always be compatible with the purpose for which the Personal Data was collected. If its practices regarding Personal Data change at some time in the future, Brick will notify you of these changes.