Website Privacy Policy

Last updated:

Oct 3, 2025

1. Introduction to our policy

Solace AB and its affiliates ("Solace," "we," "our," or "us") respect the privacy of visitors to

our website www.solace.care (the "Site").

This Privacy Policy explains why and how we may use the personal information that we

have obtained from interactions you (or others) may have with us as a business, including

when you visit our Site or when you contact us. This Privacy Policy explains with whom we

share your personal information and the rights you have in connection with the information

we use under applicable data protection laws, including the General Data Protection

Regulation (GDPR).

We maintain a separate Member Privacy Policy detailing how we use your personal

information if you have an account with us, use our app or become one of our customers,

this will be provided to you at the time you sign up for or engage with those services.

Solace is the controller (Controller) of your personal information. This means Solace decides

why and how your personal information is processed. If you are a Partner or Visitor, please

read this Privacy Policy carefully to ensure you fully understand it. By using our Site, you

acknowledge and agree to the collection and processing of your personal data as

described herein.

This Privacy Policy may change from time to time so please check this Privacy Policy

occasionally to ensure that you are happy with any changes. For more information on

changes to our Privacy Policy, please see paragraph 11 (Changes to this Privacy Policy).

2. How and why do we process your personal data?

When we use the term "personal data" in this Privacy Policy, we mean information that

identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an

individual. It does not include anonymized or aggregated data that is not reasonably

capable of being associated with an individual.

Solace processes your personal data for specific purposes. This means that we always

define “why” we process your personal data. For each purpose, we have identified a legal

basis.

In this section we describe our different purposes for processing your personal data. For

each purpose we state the following information:

- What personal data is collected (and processed);

- The purpose(s) for processing the data;

Privacy Policy

Updated: 10.09.2025

2/12

- The legal basis Solace relies on to process this data.

2.1 Processing when browsing the site

We may automatically collect information about how visitors use our Site by using cookies

and similar technologies if, where they are not essential to make the Site work, you have

consented to their use.

2.1 Categories of personal data

Technical information

- IP address, geographical location, device identifiers, browser type and version,

language preferences

- Cookies and similar tracking technologies (subject to your consent)

- Log data such as access times, pages viewed, referring URLs

2.2 Purpose of processing

- to identify and record when you have engaged with the Site;

- to enhance your visitor experience;

- to analyse, evaluate and improve our products and services so that your visit and

use of the Site are more useful and enjoyable;

- for quality control, Site performance and system administration;

- to personalise your experience on the Site

- for security purposes such as preventing or detecting fraudulent activity.

2.3 Legal basis

The legal basis for this processing is our legitimate interests (GDPR Art. 6.1.f) in operating

and improving the website, ensuring security, and enhancing user experience. Where

cookies or similar tracking technologies are used, processing is based on your consent

(GDPR Art. 6.1.a).

If you accept all cookies this will also enable us to perform marketing activity based on your

interactions with the Site, other marketing channels and other third parties such as social

networks. Please visit our Cookies Policy and paragraph 2.5 (Processing to promote our

business and measure the reach and effectiveness of our campaigns) for more information

on how we use cookies and how to switch them off on your device.

You may withdraw your consent for us to use your information in any of these ways at any

time. Please see paragraph 10 (Your Rights) for further details.

2.2 Processing necessary for communication

Privacy Policy

Updated: 10.09.2025

3/12

We process information contained in or relating to any communication that you send to us

or send through our Site.

2.2.1 Categories of personal data

Personal data

- Your name, email address, phone number, job title, the communication content

- Information that you provide to us for the purpose of subscribing to our email

notifications and/or newsletters

Technical information

- Metadata associated with the communication including your name and email

address

2.2.3 Purpose of processing

- To respond to and resolve your enquiries. This includes mandatory service

communications such as updates, maintenance, or security notices necessary for

the use of our services.

- To contact you via email or other available contact methods with marketing

information about our services, features, offers, and events. These promotional

communications may be sent through the Services or via marketing campaigns on

other websites or platforms. You can manage your consent or unsubscribe at any

time by contacting privacy@solace.care.

2.2.4 Legal basis

This personal information is provided by you entirely voluntarily and includes personal

information you submit on the Site.

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b) to

provide you with the agreed service, including responding to your enquiries. If we do not

receive this information, you may be unable to use or interact with certain parts of the Site

and communicate with us effectively.

We may also rely on our legitimate interests (GDPR Art. 6.1.f) to maintain communication

and provide updates about our services.

2.3 Processing when interacting with social media accounts

If you interact with us on social media this may result in us collecting certain information

about you from the social media platform.

Privacy Policy

Updated: 10.09.2025

4/12

2.3.1 Categories of personal data

Personal information

- Social media identifiers and profile information

- Interaction data such as likes, shares, comments

Technical information

- Metadata from social media platforms related to your interactions

2.3.2 Purpose of processing

- To engage with users and respond to comments or messages

- To promote our services and brand awareness

- To analyse social media engagement and effectiveness

2.3.3 Legal basis

The legal basis for this processing is your consent (GDPR Art. 6.1.a) where required. This

personal information is provided by you entirely voluntarily and includes personal

information you submit on the Site. We may also rely on our legitimate interests (GDPR Art.

6.1.f) in engaging with users, promoting our brand, and analysing social media interactions.

You can unsubscribe from mailings at any time by clicking on the link at the bottom of the

email.

2.3.4 Storage period

We will retain your personal data for the purpose of marketing our business for a maximum

of two (2) years from the date you last became a customer with us, or until you withdraw

your consent to marketing or unsubscribe from our mailing list via the link in the email. You

can always delete any comments you have made on our social media posts.

2.4 Processing to comply with legal obligations

2.4.1 Categories of personal data

Personal information

- Personal information related to the inquiry such as contact details.

- Transaction and payment records

- Correspondence and documentation related to the inquiry

2.4.2 Purpose of processing

- to keep a record relating to the exercise of any of your rights relating to our

processing of your personal information;

Privacy Policy

Updated: 10.09.2025

5/12

- to comply with a request from you in connection with the exercise of your rights (for

example where you have asked us not to contact you for marketing purposes, we

will keep a record of this on our suppression lists in order to be able to comply with

your request);

- to anonymise or delete your personal information when it is no longer required for

the purposes described in this Privacy Policy;

- to comply with court orders or other notices where failure to do so would result in us

breaking the law; and

- to handle and resolve any complaints we receive relating to our processing of your

personal information as described in this Privacy Policy.

2.4.3 Legal basis

The legal basis for this processing is our legal obligation (GDPR Art. 6.1.c) to comply with

applicable laws, regulations, and requests from authorities.

2.5 Processing to promote our business and measure the reach and

effectiveness of our campaigns

We process personal data to carry out marketing activities and assess their success.

2.5.1 Categories of personal data

Personal information

- Name, Email, Phone number

- Behavioural data such as website visits, campaign interactions

- Cookies and similar tracking technologies (subject to your consent)

2.5.2 Purpose of processing

- to contact you with marketing information by email (where consent is not required),

post or by phone;

- if you have contacted us about a product and you do not opt-out of receiving

marketing from us, we may send you promotional material of related products we

think you may be interested in; and

- for analysis and insight conducted to inform our marketing and business strategies,

and to enhance your user experience

- for analysis and insight conducted to inform our marketing strategies, and to

enhance your visitor experience;

- to track your browser across other sites and build up a profile of your interests;

- To show you targeted and personalised marketing content, both on the Site and via

email and other marketing channels (where you have consented to that marketing);

- to identify and record when you have received, opened or engaged with the Site or

electronic communications;

Privacy Policy

Updated: 10.09.2025

6/12

2.5.3 Legal basis

The legal basis for this processing is your consent (GDPR Art. 6.1.a) for direct marketing

communications. We may also rely on our legitimate interests (GDPR Art. 6.1.f) to analyse

and optimise marketing campaigns to improve our services.

2.6 Processing to respond to changing market conditions and the needs

of our users

We process data to understand and adapt to market trends and user requirements.

2.6.1 Categories of personal data

Personal information

- Contact details (if provided)

- Feedback and survey responses, including opinions and preferences

- Usage data such as pages visited, time spent on site, and interaction patterns

2.6.2 Purpose of processing

- To improve our products and services

- To develop new offerings based on user needs

- To conduct market research and analysis

- to analyse, evaluate and improve the Site so that your visit and use of the Site and

social media pages are more useful and enjoyable (we will generally use data

amalgamated from many people so that it does not identify you personally); and

- to undertake market analysis and research (including contacting you with customer

surveys) so that we can better understand your use of the Site.

2.6.3 Legal basis

The legal basis for this processing is our legitimate interests (GDPR Art. 6.1.f) in improving

our products and services based on user feedback and market research. Where feedback is

collected voluntarily, processing is based on your consent (GDPR Art. 6.1.a).

2.7 Processing necessary to operate the administrative and technical

aspects of our business efficiently and effectively

We process personal data to manage our internal operations and ensure smooth business

functioning.

2.7.1 Categories of personal data

Personal information

- Employee and contractor information including name, contact details, job title,

employment history, payroll and tax information (if applicable)

- Supplier and partner contact details, contract information, and payment details

Privacy Policy

Updated: 10.09.2025

7/12

- System and access logs including IP addresses, login timestamps, and device

information

- Internal communications and correspondence related to business operations

2.7.2 Purpose of processing

- to administer the Site and our social media pages and for internal operations,

including troubleshooting, testing, statistical purposes;

- for the purposes of corporate restructure or sale of our business or assets;

- for efficiency, accuracy or other improvements of our databases and systems, for

example, by combining systems or consolidating records we hold about you;

- to enforce or protect our contractual or other legal rights or to bring or defend legal

proceedings;

- for network and information security in order for us to take steps to protect your

information against loss or damage, theft or unauthorised access;

- for the prevention of fraud and other criminal activities;

- to inform you of updates to our terms and conditions and policies; and

- for other general administration including managing any reports you make, your

queries, complaints, or claims, and to send service messages to you.

If you make an inquiry about purchasing a service, we may need to process your details in

order to carry out pre-contract steps so that you can make that purchase.

Once we begin to interact with you as a member we will provide you with a separate Privacy

Policy which sets out how we use your information in connection with the services.

2.7.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b) with

employees, contractors, or suppliers to provide agreed services. We also rely on our

legitimate interests (GDPR Art. 6.1.f) in managing our business operations, ensuring IT

security, preventing fraud, and maintaining efficient administration. Where applicable,

processing may also be necessary to comply with legal obligations (GDPR Art. 6.1.c).

For data collected by non-essential cookies, we only collect and process your information

with your consent. Activities listed in this section do not use any non-essential cookies.

3. Automated Decision Making

We do not envisage that any decisions that have a legal or significant effect on you will be

taken about you using purely automated means, however we will update this Privacy Policy

and inform you if this position changes.

Privacy Policy

Updated: 10.09.2025

8/12

4. How we share your personal data

Social media

Solace uses Linkedin and Instagram and when you interact with us via these social media,

these companies will receive your personal data. We are jointly responsible for the sharing

of your data, but these actors are then responsible for how they process your personal data

after they have received it. This processing is regulated by the respective social media's

own personal data policy.

Third country transfer

We aim to only process your personal data within the EU/EEA. When we need to share your

personal data with recipients outside the EU/EEA, we ensure that this only happens to

countries that are sufficiently secure (have an adequate level of protection) or that we take

other appropriate safeguards. These appropriate safeguards include, among other things,

that we use standard contracts approved by the EU Commission (EU Commission Standard

Contractual Clauses) and that we always analyze and evaluate the legislation of the

recipient country on our own initiative. When we believe that the laws of the recipient

country do not provide adequate protection for your personal data, we take special

measures so that the protection of your data remains when it is transferred to the relevant

country outside the EU/EEA.

Additional disclose

We may disclose personal data to service providers performing services on our behalf,

partners when required for service facilitation (with your consent), legal authorities when

required by law, affiliated companies within the Solace group, and third parties in the event

of mergers or acquisitions. We do not sell personal data to third parties.

5. Data Subject Rights

GDPR gives you as an individual a number of different rights to your personal information.

Solace has procedures in place to enable you to exercise your rights. You also always have

the right to file a complaint with the Swedish Data Protection Authority (IMY) if you believe

that the processing of your personal data is in violation of the law. More general information

about your data protection rights can be found on the IMY website together with the

authority's contact details.

If you want to exercise your rights, or have questions about your rights in relation to Solace,

please contact us by e-mail at privacy@solace.care.

Privacy Policy

Updated: 10.09.2025

9/12

Right of access

You have the right to be informed that we are processing your personal data and to have

access to your personal data, i.e. you can receive a so-called register extract of the

processing carried out. You also have the right to receive certain information about the

processing as such (for example, for what purpose we are processing the data).

Right to information

You have the right to receive information about how we process your personal data. We will

inform you through this privacy policy and by answering questions from you.

Right to rectification

The personal data we process about you must be accurate and up-to-date. You have the

right to have inaccurate personal data about you corrected and the right to have incomplete

data completed.

Right to erasure (“right to be forgotten”)

As a data subject, you have the right to have your personal data deleted by us to a certain

extent. Please note that this does not apply to information that we need for the purpose of

fulfilling legal obligations or defending ourselves against legal claims, as well as information

that we need to fulfill a contract if you are or have been a customer of ours.

However, you may have the right to have your personal data erased if your personal data is

no longer necessary for the purposes for which they were processed or if the processing is

based on your consent and you withdraw this without there being any other legal basis for

continued processing. You may also have the right to erase if a processing is based on a

balancing of interests and there are no compelling legitimate grounds that outweigh your

interests. Furthermore, you may request erasure if the processing is for direct marketing

purposes and you object to this. You also have the right to have your personal data erased

if it has been processed unlawfully, or if erasure is required to comply with a legal

obligation.

Right to object

You have the right to object to Solace processing of your personal data based on one of our

legitimate interests. If you object to such processing, we may only continue to process the

data if we demonstrate compelling legitimate grounds for us to process the data and where

our interests outweigh your interests, for example where the processing is for the

establishment, exercise or defence of legal claims.

Privacy Policy

Updated: 10.09.2025

10/12

Object to direct marketing

Processing for direct marketing purposes will cease immediately if you object to such

processing. Please note that you always have the right to withdraw your consent to receive

advertising from us. You can do this either by clicking "unsubscribe" at the bottom of the

email you receive from us or by contacting us.

When you object to direct marketing, we will save information about this on our internal

blocking list in order to be able to accommodate your request not to be contacted by us.

Right to restriction of processing

You have the right to request that our processing of your personal data be restricted if the

data is processed incorrectly, for example, is inaccurate, if the processing is unlawful, if the

data is no longer needed for the purposes. If you have objected to the processing of your

personal data based on our legitimate interest, you may request that we restrict the

processing while we investigate whether we have the right to continue with it. This right also

applies while awaiting an assessment of whether the alleged error exists. When a restriction

ceases, you have the right to be informed.

Right to data portability

In certain cases, you have the right to obtain information that you have provided to us and

to have the information transferred to another data controller. This right applies when we

process personal data automatically and with your consent or on the basis of a contract.

Right to withdraw consent

If our processing of personal data is based on your explicit consent, you have the right to

withdraw it at any time. However, the withdrawal does not affect the lawfulness of the

processing carried out based on the consent before the withdrawal. You can withdraw your

consent, for example, by contacting us at privacy@solace.care.

6. Security and data storage

Data Security

We implement industry-standard security measures to safeguard personal data. While we

strive to protect all information, no security system is infallible. Users are encouraged to

take precautions, such as using strong passwords and avoiding the sharing of sensitive

information online.However, please be aware that regardless of any security measures used

or implemented, we cannot and do not guarantee the absolute protection and security of

any personal data stored with us or with any third parties.

Privacy Policy

Updated: 10.09.2025

11/12

How long do we store your personal data?

We store personal data for the duration that we consider reasonably necessary to support

and enhance our relationship with you while delivering our Services and offerings, ensuring

compliance with legal obligations, and safeguarding against potential claims. Once

retention is no longer required, data is securely deleted or anonymized.

If an individual requests the deletion of their personal data, we will evaluate the request

based on legal and contractual requirements.

Below you’ll find the applicable storage periods for each category of personal data

processing.

Processing Category Storage Period

Processing when browsing the site Data such as cookies and browsing

information are retained for up to 13

months or as long as consent is valid. Log

and technical data are typically retained for

6–12 months unless longer retention is

required for security or legal reasons.

Processing necessary for

communication

Inquiries made to our customer service

team are retained for 365 days, after which

they are deleted.

Processing when interacting with social

media accounts

Data collected via social media interactions

are retained while the interaction is active

or as required for marketing purposes,

typically up to 2 years. Social media

platforms’ own retention policies may also

apply.

Processing to comply with legal

obligations

Data required by law, such as accounting

and tax records, are retained according to

statutory period. At least 6 years or longer

if required by law.

Privacy Policy

Updated: 10.09.2025

12/12

Processing to promote our business and

measure the reach and effectiveness of

our campaigns

Marketing data and campaign analytics are

retained for up to 2 years from the last

marketing activity or until consent is

withdrawn.

Processing to respond to changing

market conditions and the needs of our

users

User feedback, research data, and user

profiles are retained for up to 2 years or as

long as necessary for service development

and market research.

Processing necessary to operate the

administrative and technical aspects of

our business efficiently and effectively

Employee, supplier, and system data are

retained as long as necessary to fulfil

administrative, contractual, and legal

obligations, typically 6–10 years depending

on the nature of the data and applicable

laws.

7. Additional notices and contact details

Updates and changes

Solace is constantly working to develop our business and our digital services. This means

that we will also update this privacy policy on an ongoing basis in connection with our plans

to change how we use your personal data.

Any changes will be notified to you by posting an updated version on the Site. Any changes

will take effect 7 days after the date on which we post the modified terms. We recommend

you regularly check for changes and review this Privacy Policy whenever you visit or use the

Site. If you do not agree with any aspect of the updated Privacy Policy you must

immediately notify us and cease using our services.

For privacy-related inquiries, contact:

Privacy Officer

Solace AB

Luntmakargatan 26, 111 37 Stockholm

Email: privacy@solace.care

Please see our Terms and Conditions for further legal information about Solace AB.