Privacy Policy for Trite Sweden AB (www.triti-bioetanol.se), Organisationsnummer 559453-9081

At Trite Sweden AB ("Trite," "we," "us," "our"), we value your privacy and are committed to safeguarding the personal data entrusted to us. This Privacy Policy outlines how we collect, process, and protect your personal information in compliance with applicable laws. Please read this Policy to understand our practices and how you can exercise your rights concerning your personal data.

**WHY AND WHO?**
Trite Sweden AB (Organisationsnummer 559453-9081) is the Controller of the personal data covered in this Privacy Policy. This Policy pertains to all Trite Sweden brands, including www.triti-bioetanol.se (referred to as the "Website"). The term "Our Processors" refers to categories of recipients to whom personal data may be disclosed, and these are outlined later in this Policy.

**DEFINITIONS**
- **Applicable Law:** Refers to the legislation applicable to the processing of personal data, including the GDPR, supplementary national legislation, as well as practices, guidelines, and recommendations issued by a national or EU supervisory authority.
- **Controller:** The entity that decides the purposes and means of processing personal data.
- **Data Subject:** The individual whose personal data is being processed.
- **Personal Data:** All information relating to an identifiable natural person.
- **Processing:** Any operation or set of operations performed on personal data, including storage, modification, reading, handover, and similar.
- **Processor:** The entity that processes personal data on behalf of the Controller.

**TRITE SWEDEN AB'S ROLE AS A CONTROLLER**
This Policy covers personal data processing for which Trite Sweden AB acts as the Controller. As a Controller, we determine the purposes and means of processing personal data. It does not cover the processing activities performed by us as a Processor on behalf of our customers.

**TRITE SWEDEN AB'S PROCESSING OF PERSONAL DATA**
We are committed to fulfilling the requirements imposed on us when processing your personal data. This includes the necessity of processing for specific purposes, identification of lawful bases, and the implementation of security measures.

**LAWFUL BASIS**
We process personal data based on the following lawful bases:
1. **Consent:** Processing after obtaining your consent.
2. **Performance of a contract:** Processing necessary for the performance of a contract with the data subject.
3. **Legitimate interest:** Processing based on a legitimate interest that overrides fundamental rights and freedoms.
4. **Legal obligation:** Processing required to comply with laws and regulations.

**PROCESSINGS AND STORAGE DURATION**
We will retain your personal data for as long as necessary for the specified purposes. The following are examples of processing activities and their respective storage periods:

1. **Processing:** Handle orders and purchases
- **Personal Data:** Name, email address, delivery address, billing address, payment method, subscription, and order information.
- **Lawful Basis:** Contract (Terms & Conditions)
- **Storage Period:** Active subscription period and 3 years after cancellation.


**YOUR RIGHTS**
As a data subject, you have the following rights:
- Access
- Rectification
- Erasure
- Objections
- Restriction
- Data portability
- Withdraw consent

To exercise your rights, please use our privacy form available on the Website.

**TRANSFER OF PERSONAL DATA AND OUR PROCESSORS**
To conduct our business, we may engage Processors to handle personal data on our behalf. We have Data Processing Agreements (DPAs) with all Processors, specifying how personal data is processed and outlining required security measures.

We may share your personal data with categories of Processors, including IT service providers, communication platforms, and marketing platforms (data is encrypted after upload). Additionally, disclosures may occur to designated authorities to fulfill legal obligations.

**TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA**
When transferring personal data outside the EU/EEA, we ensure adequate protection and compliance with Applicable Law. This may include adherence to EU Commission standard contract clauses (SCCs) or other appropriate safeguards.

**TRANSFER OF PERSONAL DATA TO ANOTHER CONTROLLER**
We share personal data with delivery service providers, payment service providers, and partners for business development and analysis. For details on their processing, contact the respective Controller.

**SECURITY MEASURES**
Trite Sweden AB employs technical and organizational measures to secure personal data from loss, abuse, and unauthorized access. This includes measures such as encryption, pseudonymization, access controls, secure networks, and regular backups.

**COOKIES**
Trite Sweden AB uses cookies and similar tracking techniques to analyze website usage for an optimal user experience. Refer to our Cookie Policy for more details.

**IF WE DON'T KEEP OUR PROMISE**
If you believe we are not processing your personal data correctly, you have the right to submit a complaint to the relevant supervisory authority.

**CHANGES TO THIS POLICY**
We reserve the right to make changes to this Policy. If changes affect your rights, we will provide advance notice.

**CONTACT**
For questions, contact us at olle@tritisweden.se

*Last Updated: 27/12-2023*