We process your personal data as part of our work. Your integrity is important to us, and we are committed to being transparent with
the information we process about you and why. We have therefore prepared this privacy policy which describes our processing of your personal data.

This Privacy Policy contains the following information:

Each local office is the controller of the personal data we process about you.

We process your name, e-mail, place of work and other contact information. This personal data has been collected from you in connection to (i) you are becoming our client (if you are a client), (ii) you are coming into contact with us in another way, or (iii) you are expressing a wish to receive invitations/newsletters from us.

We process your personal data to communicate with you and to send marketing to you. This communication comprises of newsletters, information about Ciptor IT-Safe Canada and invitations to events and seminars.

We send this information based on a balance of interests and Ciptor IT-Safe Canada´s legitimate interest to maintain a business relation with you and to communicate with you in your professional capacity regarding information and events that we believe is in your interest. Please contact us if you would like to know more about how we have conducted this balance of interests.

If you have given your consent to our processing, we will instead process your personal data for the above purposes and to send electronic marketing communication based on your consent.

Your personal data will be processed by the Ciptor companies which appear from section 9. The information will be shared with IT-providers that process personal data on our behalf, so called processors. For example, cloud service providers may get access to your personal data. We have entered into data processing agreements with our processors inferring, for instance, they are required to process the information in a safe, accurate and confidential manner.

If you have given your consent, we process your personal data until you have withdrawn your consent. You can easily withdraw your consent by pressing the link “unsubscribe” which is included in all electronic communication you receive from us. If you have not given your consent, we process your information for as long as you have, or your employer or contractor has a business relationship with us and for fifteen (15) months thereafter. You always have the option to, at any time, unsubscribe from receiving mailings from us. If you choose to unsubscribe, we will immediately terminate our processing of your personal data for marketing purposes.

Each local office is the controller of the personal data we process about you.

We process your name, e-mail, place of work and other contact information. We have collected this information from you in accordance with what is stated in section 1.2 above.

We process information on allergies and food preferences. We have collected this information from you when you signed up for our event or seminar.

In cases where we photograph and/or film at our events and seminars, we also process information about you in the form of images and recorded material.

Name, e-mail, place of work and other contact information is processed by us in accordance with what is stated in section 1.3 above and to provide, administer and follow-up on our events and seminars, e.g., to calculate the number of participants. In cases where we charge a fee in connection with registration or no-show to events and seminars, we also process the information for invoicing. We process the personal data based on a balance of interests and Ciptor IT-Safe Canada´s legitimate interest to provide events and seminars to inform about and market its business. Please contact us if you would like to know more about how we have conducted this balance of interest.

Information on allergies and/or food preferences is processed by us to pre order food and beverages and based on your consent.

Images and recorded material are processed by us to inform about and market our business on our website, on printed material and on social media. We process the personal data based on a balance of interest and Ciptor IT-Safe Canada´s legitimate interest to market its business. Please contact us if you would like to know more about how we have conducted this balance of interest.

Your personal data will be processed by the Ciptor IT-Safe Canada companies which appear from section 9. The information will be shared with IT-providers that process personal data on our behalf, so called processors. For example, cloud service providers may get access to your personal data. We have entered into data processing agreements with our processors inferring, for instance, they are required to process the information in a safe, accurate and confidential manner.

We process your name, e-mail, place of work and other contact information in accordance with what is stated in section 1.5 above.
We process information on allergies and food preferences until after finished event or seminar.
We process images and or/recorded material for a period of three (3) years after the event and seminar.

The local office responsible for the client assignment is the controller of the processing of your personal data within the framework of the assignment.

We process personal data which has been submitted to us by (i) client, (ii) counterparty,
(ii) legal representative of counterparty, (iv) other parties that has a connection to the matter, or (v) which has been collected from public records or other sources.

We process the following categories of personal data about you who are a client of Ciptor IT-Safe Canada or in any other way are connected to an assignment performed by us or our employees:

We process personal data relating to employees or contractors at legal entities and clients who are individuals. The data comprise of name, title, employer, personal identification number, contact information, matter designation, matter description, financial information, information regarding if the client or relatives of the client is a person in a politically exposed situation as well as name and profession/position of such a politically exposed individual and billing- and payment information.

We process personal data relating to employees or contractors at legal entities and counterparties which are individuals. The personal data we process in this regard is name, title, employer, personal identification number and matter designation.

We process personal data about other individuals who are of relevance within the framework of our assignments. These individuals may be legal representatives of the counterparty, arbitrators, judges, consultants, witnesses, experts, employees of companies which are sold or acquired, parties of a contract or similar.

Within the scope of our assignments, we may process personal data relating to criminal convictions or other special categories of personal data, which are necessary and relevant for the execution of the assignment. Personal data relating to criminal convictions consist of information regarding trade prohibition, money laundering or other criminal offences. On occasional basis we process special categories of personal data which include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information relating to health or sex life if relevant for the assignment.

We process your personal data to carry out our assignment and to communicate with counterparties and other individuals connected to the assignment.

• To establish that there is no conflict of interests.
• In order to be able to observe the special rules concerning money laundering and terrorism.

• In order to manage and administrate billing- and payment services connected to either of the Ciptor IT-Safe Canada companies.
• In order to manage and administrate our accounting.
• In order to manage and administrate clients receivable arising within the scope of an assignment.

• In order to defend ourselves against legal claims regarding money laundering, terrorism and the EU Market Abuse Regulation.
• In order to comply with the Swedish Bar Association´s framework and defend ourselves against legal claims.
• To exercise our rights in other legal claims directed to us.
• To make administration of our fee accounting possible.
• In order to communicate with you via mail, e-mail and phone.
• In order to administrate and book meetings.
• In order to provide effective and accurate documentation, administration, and handlig of the assignment.

Our legitimate interest is to exercise and protect our rights in case of legal claims, administrate  the relationship with you as our
client/ counterparty/ other party within the scope of the assignment and to comply with the ethical requirements put on us as a cybersecurity firm.

Providing your personal data is not a legal requirement, however is required in order to enter into an agreement with us as a client.
We will not be able to fulfill our agreement or carry out our commitments towards you if you do not provide us with your personal data.

As cybersecurity firms are subject to statutory requirements for professional secrecy and confidentiality, we only share your personal data in certain specific cases.

• If necessary, other companies within Ciptor IT-Safe Canada. This may be necessary when conducting conflict of interest controls.
• Counterparties within the assignment.

• Suppliers of IT and systems that provide development and support for our systems and cloud services.

• The client´s insurance provider, accountant, or others according to the client´s instructions.
• Providers of liability insurance to safeguard legal interests.
• Representatives of counterparties within the scope of the assignment.
• If applicable, arbitration tribunal and court.
• Authorities, if such a disclosure is prescribed by law, for example the Enforcement Authority.
• Banks and debt collectors, for example regarding client funds and to safeguard legal interests.
•The police or the financial police if such disclosure is prescribed by law.
• The Swedish Bar Association if such on obligation exists.

Data that we process in order to fulfill our agreement with you/the client you are employee or contractor of is as a principal rule
processed during the period of time it is necessary for us to administrate the contractual relationship, exercise our rights and fulfill our
commitments to you/the client you are employee or contractor of. We may however process your personal data for a longer period in
order to comply with legal requirements, or because we have a right to do so according to our legitimate interests. According to the 
Swedish Bar Association´s framework, we are required to process information relating to an assignment for a period of ten (10) years 
afterthe assignment is closed or for a longer period if necessary.

We will also process a limited amount of personal data to comply with obligations in connection with conducting conflict of interest
controls and at the defense against legal claims for ten (10) year due to the period of limitation according to the Swedish statue of limitation.

Any information relating to payment and where processing is required according to the Swedish Accounting Act is processed for
seven (7) years in accordance with the Swedish Accounting Act. We also process certain information regarding your purchase in 
accordance with applicable sales legislation and consumer sales legislation.

Each local office is controller of the requitment process and the processing of personal data related to you as a job applicant.

We process the personal data you provide to us in your application. Such data includes name, personal identification number, adress,
phone number, e-mail address, image (if any), education, education grades, work testimonials, professional experience, and other
information that you provide about yourself in your application. For some candidate categories, we perform tests. In these situations,
we provide information about the processing of such personal data before initiating the test and ask for your consent to the processing.

Our base our processing on three legal grounds, namely (i) carrying out our obligations and exercising our rights in the field of
employment, (ii) a balance of interests ( we have balanced our interest of using the information against your interest of privacy),
and (iii) consent

• If we were to become subject to claim according to the Swedish Discrimination Act, we process your personal data to exercise and protect our legal rights.

• To assess and consider differnet candidates based on experience, qualifications, and academic performance.
• To administrate invitations and bookings to interviews.
• To collect and review your resume, personal letter, and degree ceertification.

We asses that we have a legitimate interest to process your personal data in order for Ciptor IT-Safe Canada to be able to recruit new
members of the staff to our company.

• To perform recruitment tests that are a part of the recruitment process.
• To sace your information in a database for candidates for future employments that could suit you.

The provision of your personal data is not a statutory or contractual requirement. You are not obligated to provide the personal data.
If you do not provide your personal data to us, we will not have possibility to carry out our commitments towards you and perform the 
recruitment process.

Your personal data will be shared with parties that process personal data on our behalf, so called processors. We share your personal data with:

• If necessary, other companies within Ciptor IT-Safe Canada.

To the extent that our processing is based on a balance of interests, we in general do not process your personal data after the recruitment process is over.

We need to process your personal data after you have participated in a recruitment process to protect our rights under the Swedish
Discrimination Act. We therefore  save the information in the application documents for two (2) years after the application process is over.

If you consent to the continued processing of your personal data for future recruitment opportunities, we will process your information
for this purpose until you revoke your consent, or the purpose expire.

Ciptor IT-Safe Canada and each respective local office is the controller with regard to the processing of your personal data.

We collect personal data about you such as, name, phone number and e-mail from your employer, or when applicable, your contractor,
in connection with the business relationship between us and your employer or contractor or which you have provided us with within the 
context of the business relationship.

Your personal data as an employee or contractor of a supplier to us is processed in accordance with the supplier for the purposes of
invoice- and payment administration, deliveries, to enable communication between the parties as well as other administration needed
within the contractual relationship. We process your personal data on the basis of a balance of interests. Our legitimate interest is to be
able to administrate the contract and fulfill our obligations towards our suppliers (your employer or contractor).

If applicable, we process personal data about you who are an employee or contractor of supplier for accounting purposes such as
billing or payment of your services or products. This processing is based on a legal obligation according to the Swedish Accounting Act. 

If you provide us with your personal data as a sole trader, we process your personal data as necessary to fulfill our agreement or to take
measures that you have requested before entering into an agreement. We also process your personal data to administrate the
agreement, to communicate with you as well as to order and use your company´s services.

Providing your personal data is not a legal or contractual requirement. You are not obligated to provide your personal data. If you do
not provide us with your personal data, we will not be able to enter an agreement and thereafter fulfill our agreement and administrate
the contractual relationship with you.

• If necessary, other companies within Ciptor IT-Safe Canada.

• Suppliers of IT and systems that provide development and support for our systems and cloud services.

• Authorities, if such a disclosure is prescibed by law, for example the Enforcement Authority.
• Banks and debt collectors.

Personal data that we process for the purpose of fulfilling our agreement with you/the supplier to whom you are employee or
contractor of is as a principal rule processed during the period of time it is necessary for us to administrate the contractual 
relationship, exercise our rights and fulfill our commitments towards you/the supplier to whom you are an employee or 
contractor of. If  your employment or contract is terminated with the supplier or in relation to us, we will cease to precess
your personal data as soon as we have received such information from the supplier.

Any information relating to payment where processing is required according to the Swedish Accounting Act is processed for
seven (7) years in accordance with the Swedish Accounting Act.

5.6 Inactive agreements contraining your personal data are stored for a ten (10) year due to the period of limitation according to the
Swedish statute of limitation.

Ciptor IT-Safe Canada is the controller of the processing of your personal data that is collected through cookies
when you visit ciptoritsafe.com

We process the information created by the cookies which are used when you visit ciptoritsafe.com (including your IP-address), such as
the duration of your visit, number of pages viewed, the choices you make on ciptoritsafe.com and how you found ciptoritsafe.com

Your personal data is processed for the purpose of ensuring that the visitors can use the website in the by us intended way and to
gather statistics. Your personal data is processed based on a balance of interests. Our legitimate interests of processing your personal
data are to give you a good user experience when visiting ciptoritsafe.com and our commercial interest in receiving information about
the visitors of ciptoritsafe.com. If your do not want to allow the setting of cookies, you can change the settings of your browser to block cookies.

The time during which we process your personal data depends on which cookie that is placed on your browser. Permanent cookies remain on your computer until you delete them, or the expiry date passes, and you return to ciptoritsafe.com. Session cookies do not have an expiration date and are store temporarily on your computer during the time you visit ciptoritsafe.com. Possible session cookies are removed when you close your browser. Read more about our cookies in our cookie policy.

Your personal data will be shared with the following parties thata are controllers of personal data:

• Google LLC and its subsidiaries. Read more about Google Analytics and Google´s processing of your data here.

As a principal rule, we, our suppliers, and our partners only process your personal data within the EU/EEA. In cases where personal data 
is processed outside the EU/EEA, such processing is either based on a decision from the Commision establishing that the country in
question ensures an adequate level of protection or appropriate safeguards that ensure that your rights are protected.

Below follows a description of the rights you have regarding our processing of your personal data. You are welcome to contact us to
exercise your rights (see contact information below).

You may at any time withdraw the consent you have given us, either as a whole or partly, with effect from the day of the withdrawal.

You may object to our processing of your personal data for marketing purposes. We will then cease to process your personal data.
You also have the right to object to the processing of your personal data on the basis of a balance of interests.

You are entitled to request information about which personal data we process about you and how the personal data is being processed.
You also have the right to request a copy of the personal data we process about you.

You have the right to without unnecessary delay get inaccurate information corrected and to get incomplete information completed by 
providing us with correct information.

You have the right to at any time request that your data is erased, for example if the processing is no longer relevant in relation to the 
purpose the information was collected for, or if you object to processing which is based on our legitimate interests (marketing).

You may also request to have certain processing of your personal data restricted, for example if you object to the accuracy of the data.

If you have given your consent to the processing or if the legal basis for processing is to fulfill an agreement with you, you have the
right to obtain the personal data you have provided us with in a structured, commonly used and machine-readable format and have the 
right to transmit such to another controller or get our assistance to transmit the data to another controller when technically feasible.

If you have any complaints regarding our processing of your personal data, you have the right to send a complaint to the Swedish Data Protection Authority (www.datainspektionen.se).

If you would like to contact us with regards to our processing of your personal data you, you are welcome to contact respective 
controller according to below:

Ciptor IT-Safe Canada Inc
Corporate identity number: 2123594513
Post address: 167 Woodpecker way, Fort McMurray, AB, T9K 0L4. Canada

Phone: +1 780.370.1600
E-mail: privacy@ciptor.com