Our privacy policy includes information about how we use, process and protect your
personal data and about your rights as a registered user.

This privacy policy was last updated 2018-05-25.

The data controller responsible for the processing of personal data is Cytiva,
Björkgatan 30, Uppsala. Please contact us if you
have any comments or questions regarding this privacy policy or regarding your
personal data: REACHrequests@cytiva.com or RoHSrequests@cytiva.com.

The purpose of processing personal data is to enable data collection and
communication regarding product compliance between you and Cytiva. The personal
data is used to contact you with requests and information, to store information related
to legal requirements and to provide you with the services of this application and
ensure its technical functionality. Personal data will not be used for any other purposes
without your consent.

The legal grounds for the processing is to pursue the legitimate interest of Cytiva from
a business perspective and to comply with applicable legislations.

Personal data will only be stored as long as necessary for the purposes stated in this
privacy policy, and when no longer required be erased.

Personal data within the following categories are collected and processed:

• Contact details: e.g. name, email, telephone and role
• Information related to legal requirements: e.g. signatures in declarations
• Identification information: e.g. user ID, username and password
• Communication information: e.g. notes about contact details, request status, declaration answers, telephone conversations or meeting decisions that may include references to personal data
• Usage and log data: e.g. personal preferences, cookie data, outgoing emails and standard web logs

Personal data originate from either yourself or internal or external databases,
registers, systems, documents, communication or equivalent of your employer or GEPS, or
from publicly accessible sources.

Personal data may be shared with third parties such as selected suppliers processing
data on our behalf, authorities if we are obligated to do so, or business partners if
legitimate from a business perspective and according to applicable legislation.

Some third parties that supports our business and process personal data includes but
are not limited to: ÅF Industry AB (Sweden) and ÅF Digital Solutions AB (Sweden) for
system development and hosting.

All suppliers in third countries outside EEA are Privacy Shield certified and using the EU
Standard Contractual Clauses in order to ensure adequate protection.

Please contact us if you wish to exercise any of your rights as a data subject:

• Right to access and data portability: receive certain information about processing and obtain copies of certain personal data upon request
• Right to rectification: correct inaccurate personal data
• Right to erasure: erase personal data on certain conditions
• Right to restriction: restrict the processing in certain situations
• Right to object: object to certain processing

You also have the right to file a complaint to a supervisory authority regarding our
processing of your personal data.

Technical and organisational measures is established to ensure the security of your
personal data against unauthorised or unlawful processing and against accidental loss,
destruction or damage.