As a shareholder in Kinnevik AB (publ) (”Kinnevik”), Kinnevik will process personal data which relates to you. Therefore, we would like to inform you of our processing of your personal data and your rights under applicable data protection legislation1.
Euroclear Sweden AB (”Euroclear”) is responsible for keeping the share register of Kinnevik and is the controller of the processing of personal data that occur in connection with such assignment. If you would like to know more about how Euroclear processes your personal data, we kindly ask you to contact Euroclear.
What personal data is processed and for what purposes?
The personal data relating to you as a shareholder that are processed by Kinnevik include:
•Your name, personal identity number and contact details.
•Information regarding your shareholding (number of shares and any notes/information to be linked to that shareholding according to law, e.g. class of shares).
•Data from any communication between you and Kinnevik, including data in minutes of board meetings and general meetings.
In connection with general meetings the personal data are used for registration, drawing up of voting lists and, where applicable, minutes of the general meeting.
On what legal basis do we process your personal data?
The personal data are processed by Kinnevik to fulfil its obligations under law, including company, securities and tax legislation and Kinnevik’s legitimate interest of convening general meetings and administrating other matters relating to the shareholders of the company.
We only process your personal data for the purpose for which we collected such data. Should we need to process your personal data for any other purpose or a purpose which requires your consent under data protection legislation, we will inform you of such purpose respectively obtain your consent in advance.
For how long do we store your personal data?
Personal data are only stored for as long as it is necessary in order to fulfil the purpose of the processing, or as long as Kinnevik are required to store such data by law. The data are erased when you cease to be a shareholder in Kinnevik. However, as mentioned, certain data are stored for a longer period of time when required by law, including company, securities and tax legislation.
To whom do we disclose your personal data?
Your personal data may be disclosed to other companies within the Kinnevik group or a third party if required by law, regulations or an official decision by a relevant authority. That said, certain personal data, such as names and other information included in minutes of board meetings and general meetings, may be published on Kinnevik’s website.
Kinnevik is the controller for the processing of your personal data. You have the following rights in relation to us:
•Right of access (register transcript) – a right to obtain confirmation of and information about the processing of your personal data.
•Right to rectification – a right to have erroneous personal data rectified.
•Right to erasure – a right to have personal data removed. This right is limited to data which, by law, may only be processed with your consent, if you withdraw consent and oppose the processing.
•Right to restricted processing – a right to request that personal data processing is restricted, for example, if you oppose the accuracy of the data. Kinnevik’s access to the data is restricted while the accuracy of the data is investigated.
•Right to data portability – a right to request that personal data are moved from one data controller to another. This right is restricted to data you have supplied to us yourself.
If you consider that our processing of your personal data does not comply with the Data Protection legislation, you are also entitled to lodge a complaint with the Swedish Data Protection Board (Sw. Datainspektionen), the competent Swedish supervisory authority.
If you would like further information about how your personal data are processed, or wish to exercise any of the rights listed above, please contact us:
Data controller Kinnevik
P.O. Box 2094
SE-103 13 Stockholm, Sweden
1 As of 25 May 2018 the regulation, (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is in force as well as national legislation which is introduced on the basis of the regulation.