Personal Data Protection

Data Protection Officer

Maria Carrasco

+46 70 727 70 97
dpo@auriant.com

PRIVACY NOTICE

Your privacy is very important to Auriant Mining AB (the “Company”, “we”). With this Privacy Notice, we wish to make you aware of how we, as a data controller, collect and process your personal data.

Introduction

If you are resident in the European Union, Iceland, Lichtenstein or Norway, we process your personal data in accordance with the GDPR, i.e. the European Union’s General Data Protection Regulation 2016/679. If you are resident in another country, you may contact our Data Protection Officer at dpo@auriant.com if you have any questions regarding our processing of your personal data.

In accordance with the GDPR, the data subjects are entitled to obtain information on the personal data that we process, and to use their other rights based on the GDPR as further described in this Privacy Notice.

We do our best to ensure that your personal data is processed lawfully and in a transparent manner. We apply the appropriate technical and organizational measures to ensure that your personal data is safe with us. These measures include, for example, data processing agreements and non-disclosure agreements that we have concluded with our business partners and subsidiaries of the Company.

We have appointed a Data Protection Officer (“DPO”) to help in solving GDPR-related issues in our operations. DPO can be reached by e-mail at dpo@auriant.com.

Purposes for processing your personal data

We collect and process personal data in connection with:

  • employment matters;
  • appointment and carrying out of functions of the Board members and deputies;
  • appointment of the members of the Nomination Committee and carrying out of its functions;
  • keeping an Insider List;
  • keeping records required by the Market Abuse Regulation in connection with market soundings;
  • working with providers of goods and services and other counterparties;
  • contacts by investors, analysts, journalists and other parties seeking information about the Company;
  • other similar purposes.

We primarily process personal data of the data subjects in order to comply with our legal obligations under the EU law or the Swedish law. When we process personal data (i) in connection with employment matters, or (ii) in connection with appointment and carrying out of functions of the Board members and deputies, or (iii) when we work with providers of goods and services and other counterparties, we do so in order to enter into or perform a contract, and for compliance with the Company’s legal obligations (for example identifying our business partners or screening personal data against sanction lists). When we process personal data in connection with contacts by investors, analysts, journalists and other parties seeking information about the Company, we do so based on data subject’s consent and also because we have legitimate interest in such processing.

How do we collect personal data?

We obtain personal data when we communicate with or meet the data subjects.

When necessary, we may also collect or update personal data from publicly available sources or from commercial databases.

Personal data collected automatically

When you access and use our website www.auriant.com we automatically collect information relating to you, in particular:

  • your IP address;
  • your User ID;

We use this information in our legitimate interests to monitor and improve the performance and to ensure the safety of our website. We only store this information for 30 days following your respective visit to our website.

Our website uses cookies. Cookies are pieces of code that allow us to personalize our website experience for you by recording your information such as IP address and User ID. A cookie is transferred to and kept on your device. The cookies we use are required for the operation of our website and to ensure the safety of our website.

What types of personal data do we process?

We may process personal data of the following categories:

  • Basic identifying data, including name, date of birth, national identification number and contact details (such as email address, telephone number and address),
  • data subject’s IP address and User ID.

Where do we store personal data?

We process personal data by electronic means within the EU/EEA and in Russia.

With regard to transfers of personal data to countries where the local data protection legislation does not provide an adequate level of data protection, we will implement appropriate safeguards under the GDPR to ensure that your personal data remains protected and secure.

Such international transfers of personal data will be based on the standard contractual clauses approved by the European Commission. To learn more about the appropriate safeguards we use, please contact our DPO at dpo@auriant.com.

Will data be transferred or disclosed to third parties?

We share personal data with:

- third party service providers that perform services for the Company or on behalf of the Company, including accounting, payment, financial, legal services and other professional services; and

- Swedish Nasdaq First North Growth Market stock exchange.

We use service providers in connection with business activities that require the processing of personal data, and as such, personal data will be transferred to and processed by third-party providers (data processors) that provide services to the Company.

All of these third-party service providers must comply with our written data processing agreements, and they must implement appropriate technical and organizational measures to ensure the protection of your personal data. Furthermore, they may not process any personal data transferred to them for any other purposes than for providing services to us or to comply with legal requirements.

We may disclose personal data to comply with applicable law or respond to a reasonable and lawful request of law enforcement authorities or other authorities (Finansinspectionen, Datainspectionen, etc.), or to prepare for legal proceedings or defend a claim.

Retention time

How long we retain specific personal data depends on the personal data concerned and the purposes for its processing.

We will retain personal data for at least as long as needed in order to carry out the purposes of processing mentioned above, such as in order to perform our contractual or statutory obligations or in order to manage the business relationship between us and the data subject or the entity represented by the data subject.

The retention periods are determined in accordance with the following criteria:

  • Related personal data will be retained for as long as our legitimate interest can reasonably be considered valid. The validity of this legitimate interest is determined by, for example, communications between us and the data subject.
  • We will retain the personal data of our counterparties’ representatives for the entire duration of the contract that we have concluded with the data subject or with an organization represented by the data subject, plus any applicable limitations period.
  • Statutory retention periods.
  • Related personal data will be deleted if the data subject withdraws his/her consent (where processing of personal data is based on consent).

When your personal data is no longer needed, your personal data will be destroyed in a secure way or irrevocably anonymized.

What are your rights regarding your personal data?

The GDPR ensures that the data subject has a number of rights and that the data subject can exercise these rights in many cases to govern the processing of their personal data.

The extent of the data subject’s rights under the GDPR is subject to the legal basis for processing the relevant personal data, and the data subject must provide identification in order to exercise the said rights.

Where we have reasonable doubts concerning the identity of the natural person making the request referred to below, we may request you to provide additional information that we require to confirm your identity.

If you are resident in the European Union, Iceland, Lichtenstein or Norway, you have the following rights under the GDPR. You can use your rights by contracting our DPO by e-mail at dpo@auriant.com.

  • Right of access: You have the right to request access to the personal data relating to you. This includes, for example, the right to be informed of whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing.
  • Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You may also request the completion of any incomplete personal data relating to you.
  • Right to object: You are entitled to object to certain processing of your personal data, and we may be obliged to comply with your request, unless we can demonstrate compelling legitimate grounds for further processing of such personal data.
  • Right to erasure: You may request the erasure of your personal data, and we are obliged to comply with your request, for example in the event that the relevant personal data is no longer required for the purposes for which it was collected, or where we have unlawfully processed the relevant personal data.
  • Right to restrict processing: Under certain statutory situations, you may require us to limit the purposes for which we process your personal data.
  • Right to withdraw your consent: In cases where we have been processing your personal data based on your consent, you have the right to withdraw your consent to such processing at any time.
  • Right to data portability: In certain cases, you have the right to receive any personal data we process in a structured, commonly used and machine-readable format, where this is technically feasible.

If you are not resident in the European Union, Iceland, Lichtenstein or Norway, you may contact our Data Protection Officer at dpo@auriant.com if you have any questions regarding our processing of your personal data.

Statements

We do not process any sensitive personal data that is included in the special categories of personal data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data, etc.).

In the event that you consider the way in which we process your personal data to be in breach of the applicable legislation, you may lodge a complaint with the national supervisory authority regarding our processing of your personal data. If you are located in Sweden, your local data protection authority is the Swedish Data Protection Authority (Datainspectionen) (https://www.datainspektionen.se/).

Without prejudice to your rights under applicable laws, this Privacy Notice is not contractual and does not form part of our contract with any data subject.

Contact us

If you have any questions regarding the processing of your personal data, please feel free to contact our DPO at dpo@auriant.com.

Updates

This Privacy Notice was updated in October 2018. We reserve the right to update and amend this Privacy Notice. Unless otherwise provided in mandatory applicable legislation, we may not personally notify the data subjects of any changes we make to this Privacy Notice. We kindly ask that you review this Privacy Notice from time to time for possible changes.


COOKIE POLICY

Personal data collected automatically

When you access and use our website www.auriant.com we automatically collect information relating to you, in particular:

  • your IP address;
  • your User ID.

We use this information in our legitimate interests to monitor and improve the performance and to ensure the safety of our website. We only store this information for 30 days following your respective visit to our website.

Our website uses cookies. Cookies are pieces of code that allow us to personalize our website experience for you by recording your information such as IP address and User ID. A cookie is transferred to and kept on your device. The cookies we use are required for the operation of our website and to ensure the safety of our website.


DATA PROTECTION OFFICER

Data Protection Officer – Maria Carrasco

Contact details: dpo@auriant.com; tel. +46 70 727 70 97.