GDPR Compliance

Last updated: March 8, 2025

At Silverpine Solutions AB ("Silverpine," "we," "us," or "our"), we are committed to protecting and respecting your privacy and personal data. This GDPR Compliance Statement explains our approach to compliance with the General Data Protection Regulation (GDPR).

Our Commitment to GDPR Compliance

We have undertaken the necessary steps to comply with the GDPR principles and ensure that personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept for no longer than necessary
• Processed securely and protected against unauthorized processing, accidental loss, destruction, or damage

Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: When you explicitly agree to the processing of your personal data
• Contract: When processing is necessary for the performance of a contract with you
• Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services
• Legal Obligation: When processing is necessary to comply with a legal obligation

Your Data Subject Rights

Under the GDPR, you have the following rights:

1. Right to be informed: You have the right to know how we collect and use your personal data.
2. Right of access: You can request a copy of the personal data we hold about you.
3. Right to rectification: You can request that we correct inaccurate or incomplete personal data.
4. Right to erasure (right to be forgotten): You can request that we delete your personal data.
5. Right to restrict processing: You can request that we limit the way we use your personal data.
6. Right to data portability: You can request a copy of your personal data in a machine-readable format.
7. Right to object: You can object to our processing of your personal data.
8. Rights related to automated decision making and profiling: You have rights related to how we make decisions based solely on automated processing.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within one month.

Data Protection Officer

While we are not legally required to have a Data Protection Officer (DPO), we have designated a point of contact for data protection matters to ensure proper handling of personal data and compliance with the GDPR.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will also notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

International Data Transfers

If we transfer your personal data to countries outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission.

Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) when our processing activities are likely to result in a high risk to the rights and freedoms of individuals.

Children's Data

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us, and we will take steps to remove such information.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at:

Silverpine Solutions AB
Email: dpo@silverpine.com
Address: Norra Stationsgatan 93, 113 64 Stockholm, Sweden

Supervisory Authority

If you are located in the European Union and believe that we have not complied with data protection laws, you have the right to lodge a complaint with your local supervisory authority.