Data protection description of customer and stakeholder data filing system (This Privacy Policy was last updated on: 28 September 2025)

1. Controller

Stevn Technologies AB
Aallokko 8 A 10
FI-02320 Espoo
Finland

CEO: Palle Stevn
Tel: +358 405 035 207
Email: firstname.lastname@stevntechnologies.com

2. Purposes of processing personal data

We process personal data for the following purposes:

  • Managing customer, reseller, and supplier relationships
  • Handling orders, invoicing, deliveries, and warranty obligations
  • Providing customer support and technical assistance, including 2nd level support for resellers. This may involve processing limited end-customer personal data necessary for troubleshooting and resolving technical issues
  • Fulfilling contractual obligations toward our partners and customers
  • Developing and improving our products and services
  • Marketing our products and services, subject to applicable consent requirements
  • Fulfilling statutory obligations (e.g., accounting and taxation laws)

3. Lawful basis for processing personal data

We rely on the following lawful bases under the GDPR:

  • Contract: where processing is necessary to perform an agreement with you or your organization.
  • Legal obligation: where processing is required by law (e.g., accounting obligations).
  • Legitimate interest: for maintaining business relationships, marketing to existing customers, or contacting potential business partners where a material connection exists.
  • Consent: for electronic direct marketing where required. Consent may be withdrawn at any time.

4. Categories of personal data processed

We process personal data in the following categories:

  • Contact details: name, email address, phone number, company, title, and company contact information
  • Information related to the business relationship: orders, invoices, support requests, correspondence, and meeting notes
  • Marketing preferences and newsletter subscriptions
  • Technical data related to support services (e.g., logs, device IDs, or error reports, if provided during troubleshooting)
  • End-customer data provided by resellers for 2nd level support, limited to what is necessary to resolve technical issues
  • Additional information provided voluntarily by the data subject

5. Sources of personal data

Personal data is collected from:

  • The data subject directly (e.g., via email, phone, or online forms)
  • Publicly available sources (e.g., company websites, trade registers)
  • The data subject’s employer or colleagues in the context of business cooperation
  • Trusted resellers and solution partners in connection with product sales or 2nd level support escalation

6. Recipients of personal data

We do not sell or disclose personal data to third parties except as required by law.

We may share personal data with:

  • Trusted service providers (e.g., IT hosting, CRM, invoicing, logistics) under data processing agreements
  • Original manufacturers or solution providers, when necessary to deliver or support products (such as FlexCare terminals and related apps)
  • In cases where resellers escalate technical support requests, we may receive and process end-customer personal data. Such processing is strictly limited to what is necessary for providing support and is handled under confidentiality safeguards
  • Authorities where required by applicable law

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses).

7. Retention of personal data

We retain personal data only for as long as necessary for the purposes described in this policy or as required by law.

  • Customer and contract-related data: for the duration of the relationship and up to 6 years thereafter for legal and accounting purposes
  • Marketing data: until consent is withdrawn or an objection is made
  • Support-related technical data and escalated end-customer data: retained only as long as needed to resolve the issue, normally no longer than 12 months

8. Rights of the data subject

You have the following rights under GDPR:

  • Right to withdraw consent (Article 7)
  • Right of access to your personal data (Article 15)
  • Right to rectification of inaccurate data (Article 16)
  • Right to erasure (“right to be forgotten”) (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing based on legitimate interest or direct marketing (Article 21)
  • Right to lodge a complaint with the supervisory authority (Office of the Data Protection Ombudsman, Finland)

To exercise your rights, please contact:

CEO Palle Stevn
Email: firstname.lastname@stevntechnologies.com
Tel: +358 405 035 207

9. Obligation to provide data

Providing personal data is generally voluntary. However, failure to provide necessary data (e.g., billing information) may prevent us from fulfilling a contract or providing services.

10. Automated decision-making and profiling

We do not use automated decision-making, including profiling, for processing personal data.

11. Security measures

We apply appropriate technical and organizational measures to protect personal data, including:

  • Limiting access to authorized personnel only
  • Using encryption and secure IT systems
  • Employee confidentiality agreements
  • Regular review of our data processing activities and risks

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated on our website or directly to affected individuals where appropriate.

13. Contact

For any questions about this Privacy Policy or our data processing activities, please contact:

Stevn Technologies AB
CEO: Palle Stevn
Email: firstname.lastname@stevntechnologies.com
Tel: +358 405 035 207