PRIVACY POLICY

1. Introduction

BRP Systems ("BRP", "we", "us" or "our") is committed to protecting the privacy, confidentiality and integrity of our customers, suppliers, business partners and our employees’ information, including personal information.

We are strongly committed to protecting personal data, and we work continuously to ensure ongoing compliance with data protection legislation, including the Data Protection Regulation.

For this Policy, we use the term “personal data” broadly meaning information related to an identified natural person or that could reasonably be used (by itself or in combination with other data reasonably available) to identify a natural person.

Through this Privacy Policy we aim to inform you about the types of personal data we collect from users, the purposes for which we use the data, and the ways in which the data is handled. We also aim to satisfy the obligation of transparency under the EU General Data Protection Regulation 2016/679 (“GDPR“) and national laws implementing GDPR.

We will ensure that the information you submit to us, or which we collect, via various channels (including our website, through written correspondence (including e-mail), or through any of our offices or websites globally) is only used for the purposes intended.

When BRP, in connection with the provision of our services, processes personal data from our customers users/clients, the processing in these cases will take place according to our customer's instructions and on behalf of the customer.

In these cases, BRP will act as the data processor. In these situations, we ensure that we enter into a written Data Processor Agreement with our customer. The agreement contains instructions and terms for BRP's processing of personal data.

2. Our processing activities

The collected Personal Information varies depending on the instructions we are given and will therefore be depending upon the nature of the Services provided. We may collect or obtain information that include:

• Contact details (e.g., name, address, email, telephone number, which may include third party emergency contact information)
• Personal details (e.g., date of birth, nationality)
• Financial and transaction data (e.g., purchase history, account information, billing information, credit card information etc.)
• Other Service-related data (e.g., customer requests, statistics, etc.)
• Geolocation data (e.g., geolocation data sent via a mobile device)
• Online identifiers (e.g., IP address, device IDs, etc.)
• Cookie-related data re. the below description

Our website uses cookies to improve your experience when navigating the website. Some cookies are necessary for the basic usage and are stored within your browser.

Other cookies are third-party cookies that help us analyze and understand how you use our website. These cookies will be stored in your browser only with your consent. You have the option to opt-out of these cookies, but by opting out this may have an effect on your browsing experience and some functionalities may not work correctly.

We may use the collected information for legitimate business purposes, including:

• To create and administer accounts, to fulfill and record transactions, and provide related assistance (e.g., technical help).
• To send administrative information, such as information regarding our services and changes to the terms, conditions and policies.
• For trending, statistics and to improve our products and services.
• For audits to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements
• For fraud and security monitoring purposes
• For responding to legal duties, such as requests from public and government authorities

3. Security

Information security is an area that is a high priority at BRP. We work seriously and continuously with information security and base this work on internationally recognized security standards.

We have implemented security measures to ensure data protection of customer information, personal information and other confidential information. We regularly conduct internal follow-ups on the adequacy and compliance of policies and measures.

4. Your rights as user in the system

As a registrant, you have certain rights under the GDPR legislation. If you are a member with a facility using the BRP Software, you must first contact your supplier to gain insight into what personal information your supplier, and thereby BRP, processes about you - just as you can have any incorrect or incomplete personal information corrected.

If you want your personal data:

• deleted
• requesting your supplier or BRP to stop the processing of data
• exercise your right to data portability, or
• objecting to your supplier or BRP's processing of your personal data

please contact your supplier directly.

When we process personal data based on the behalf of our customers and on the basis of your consent, you have the right to withdraw your consent at any time. To revoke consent to our processing of your personal data, please contact the supplier where you are a customer.

If you no longer wish to receive emails with information about services provided by your supplier or marketing materials, you can easily unsubscribe by clicking on "unsubscribe newsletter" in the relevant email you have received from your supplier. The revocation does not affect the lawfulness of the processing that have been carried out prior to the revocation.

5. Changes to this Privacy Policy

We recognize that transparency is an ongoing responsibility. We will therefore regularly review and update this data protection policy.

The data protection policy has been updated on April 27th, 2021.

6. Contact

The data processor is BRP systems AB. Linköping, Sweden. If you wish to exercise your rights as described above, or if you have any questions about our processing of your personal data or this data protection policy, please contact your supplier directly.

7. Complaint

If you wish to complain about our processing of personal data, please send an email with the details of your complaint to info@brpsystems.com. We will process the complaint and revert back to you.

You also have the right to complain to the Data Protection Agency in relation to your rights and about your center's or BRP's processing of your personal data.

For further information on how to complain to the Swedish Data Protection Agency, please refer to the Swedish Data Protection Agency's website https://www.imy.se/.
For further information on how to complain to the Danish Data Protection Agency, please refer to the Danish Data Protection Agency's website www.datatilsynet.dk.