Privacy Statement

Updated August 1, 2023


WHO ARE WE? Breas was founded in Gothenburg, Sweden, in 1991 and has provided innovative respiratory medical device products to the global market for more than 30 years through its group companies Breas Medical AB, Breas Medical, Inc., Breas Medical Ltd., Breas Medical SRL, and Breas Medical GmbH (“Breas” “We” “Our” “Us” “Companies”). Breas has long been known for its Swedish design, reliable technology and ease of use. Breas offers a comprehensive line of respiratory medical devices in Homecare Life Support Ventilation, Non-Invasive Ventilation, Airway Clearance and CPAP treatment.


Breas is strongly committed to protecting the privacy of site visitors and web shop customers’ (“You” or “Your”) Personal Data. This Privacy Policy explains the Companies’ data collection and use practices with respect to Our websites (the “Sites”). By using the pages in Sites, You, as a user of Our Sites, agree to the information collection and use practices described in this Privacy Policy.


Under the EU’s General Data Protection Regulation (GDPR) Personal Data is defined as: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.


If You have questions about how We process Personal Data, Our Data Protection Officer can be contacted directly here: • privacy@breas.com • +46 031 86 88 00 • Breas Medical AB, Företagsvägen 1, 435 33 Mölnlycke, Sweden


PERSONAL DATA****The Personal Data We would like to collect from You are: Communication • First Name and Last Name • Email address • Any other personal contact details You decide to share with Us Payments and Purchases • First name and last name • Company You work for (optional) • Email address • Phone number or mobile number • Home address or delivery address • Credit card or debit card type, expiration date, and digits of Your card number


The Personal Data We collect will be used for the following purposes: • to communicate with You; • to give You the benefits of having an account; • to administer and deliver Your purchase; • to send You surveys regarding Our products and Your shopping experience; • to send You marketing material; • to improve Our Sites by analyzing feedback and Your use of Our Sites; • to administer Your interactions with Us on Our social media accounts; • to enable You to create and use an account on Our Sites; • to comply with Our legal obligations; and • to use cookies to ensure the integrity of the registration process and to personalize Your Site experience.


Our legal basis for processing Your Personal Data: • Consent obtained from You; • Fulfillment of a contract for purchases on Our Sites; • Our legitimate interest to process Your Personal Data to answer any questions; • Comply with legal obligations to which We are subject; and • Necessary for the legitimate interests of the data controller or third party, unless the processing is overridden by the vital interests, including rights and freedoms.


SECURITY MEASURES We have implemented appropriate technical and organizational measures to protect Personal Data that We process from unauthorized disclosure, use, alteration or destruction. Where appropriate, We use encryption and other technologies to secure the Personal Data. We also contractually require Our service providers to comply with strict data privacy requirements.


We are strongly committed to protecting the security of Your Personal Data. When You submit Personal Data on any Site, the Companies will take all reasonable efforts in order to protect Your Personal Data. The Companies use certain security technologies and procedures to help protect Your Personal Data from unauthorized access, use, or disclosure once it is received. Nevertheless, it is also Your responsibility to protect the secrecy of Your Personal Data, including Your credit card information, username, and password.


Some features of the Sites require credit card transactions. The Companies utilize industry standard Secure Sockets Layer (“SSL”) servers on Our transaction pages to encrypt Your information and prevent unauthorized access. SSL encrypts all of Your Personal Data including name, address, and credit card number to prevent unauthorized access as the information travels over the Internet. Your credit card information is also encrypted through the encryption methods employed by Our trusted third-party credit card processing vendors, as indicated on the online store checkout page. You can visit the vendors’ Sites to read more about their encryption methods. All of Our payment card processing is in compliance with the PCI DSS.


THIRD PARTIES AND TRANSFER TO OTHER COUNTRIES Your Personal Data is primarily processed by Us at Breas. However, in certain instances, We share Your Personal Data with third parties in accordance with below.


No matter the purpose for Our processing of Your Personal Data, We will share Your Personal Data with Our IT-suppliers who will process these on Our behalf and on Our instructions in order to ensure good and secure IT-operations. We only share Your Personal Data with Our IT-suppliers if it is necessary in order for them to fulfil their obligations towards Us according to the contract that We have with them.


We may occasionally hire other companies to provide limited services on Our behalf, such as website hosting, credit card processing, packaging, mailing/shipping, answering customer questions about products and services, and sending information about Our products, special offers, and other services. We will only provide those companies the Personal Data they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.


We may disclose Personal Data if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on the Companies or the Sites; or (b) protect and defend the rights or property of the Companies and the Sites. The Companies may also disclose Personal Data about You if We determine that disclosure is reasonably necessary to enforce Our Terms and Conditions or protect other users of the Sites.


If You make a purchase in Our web shop • In order to store information that We, according to bookkeeping and accounting law, are required to store, We may use a company to help Us archive such information. The information contains Personal Data but will only be processed on Our behalf and on Our instructions. • If You are to receive a replacement product sent to You, We will share Your Personal Data with Our partner for warehousing and distribution which, on Our behalf and on Our instructions, processes Your Personal Data in order to be able to send You the product. • In order to administer Your payment, We will share Your Personal Data with the supplier providing the payment solution that We use. Such payment service provider will process Your Personal Data on Our behalf and on Our instructions. • In order to facilitate the e-commerce activities, We share Your persona data with Our e-commerce platform provider, which processes Your Personal Data in order to be able to fulfil Your purchase need.


IF YOU USE OUR SITES We use a third party (Google), which on Our behalf and on Our instructions analyses the use of Our Sites, and therefore will receive access to Your Personal Data.


We may use cookies on the Sites to ensure the integrity of the registration process and to personalize the Sites. A cookie is a small text file that is placed on Your hard disk by a web page server and that helps the Sites recall Your specific information on subsequent visits. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but You can usually modify Your browser setting to decline cookies if You prefer. You can read more about Our use of cookies in Our Cookie Policy here.


The use of cookies simplifies the process of delivering relevant content, eases Site navigation, and provides other similar benefits to users of the Sites. When You return to the Sites, the information You previously provided can be retrieved, so You can easily use the Sites’ features. If You choose to decline cookies, You may not be able to fully experience the features of the Sites.


If You interact with Us on Our social media accounts If You interact with Us or visit Our pages on Facebook, YouTube, LinkedIn or Pinterest the social media platform that You use will also process Personal Data about You as a user. These social media platforms are either processing Your Personal Data on Our instructions or they are controllers within their own right to process Your Personal Data. What role they have in a particular case depends on the specific platform and activity.


RETENTION PERIOD Breas will keep Your Personal Data only as long as necessary and for legitimate and essential business purposes, such as maintaining Your Breas account, complying with Our legal obligations, and resolving disputes. We keep some of Your Personal Data for as long as You have a Breas account. We will delete or anonymize Your Personal Data upon Your request, unless We are legally allowed or required to maintain certain details of Your Personal Data.


YOUR RIGHTS AS A DATA SUBJECT At any point while We are in possession of or processing Your Personal Data, You, the data subject, have the following rights: • Right of access – You have the right to request a copy of the information that We hold about You. • Right of rectification – You have a right to correct data that We hold about You that is inaccurate or incomplete. • Right to be forgotten – in certain circumstances You can ask for the data We hold about You to be erased from Our records. • Right to restriction of processing – where certain conditions apply, You have a right to restrict the processing. • Right of portability – You have the right to have the data We hold about You transferred to another organisation. • Right to object – You have the right to object to certain types of processing such as direct marketing. • Right to object to automated processing, including profiling – You also have the right to object to the legal effects of automated processing or profiling. • Right to judicial review: in the event that Breas refuses Your request under rights of access, We will provide You with a reason as to why. You have the right to complain as outlined below.


Complaints In the event that You wish to make a complaint about how Your Personal Data is being processed by Breas, or how Your complaint has been handled, You have the right to lodge a complaint directly with the supervisory authority in the EU/EEA member state where You live. For questions regarding a complaint, please contact Us at: • privacy@breas.com • +46 031 86 88 00 • Breas Medical AB, Företagsvägen 1, 435 33 Mölnlycke, Sweden


Why does Breas need to collect and store Personal Data? In order for Us to provide You with access to Our Sites, We need to collect Your Personal Data for the purposes stated in this Privacy Policy, but to also give You the best experience on Our Sites. In any event, We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of Your privacy. Breas will request Your consent before sending You marketing material or surveys.


How will Breas use the Personal Data it collects about You? Breas will process (collect, store and use) the information You provide in a manner compatible with the EU’s GDPR. We will endeavor to keep Your information accurate and up to date, and not keep it for longer than is necessary. Breas is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of Personal Data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal Data may be held in addition to these periods depending on individual business needs.


Under what circumstances will Breas contact You? Our aim is not to be intrusive, and We undertake not to ask irrelevant or unnecessary questions. Moreover, the information You provide will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.


To request Us to delete or change Your Personal Data that We have on file for You, please contact Our Data Protection Officer at: • privacy@breas.com • +46 031 86 88 00 • Breas Medical AB, Företagsvägen 1, 435 33 Mölnlycke, Sweden