GetTested ("we", "us" or "our") is committed to protecting and respecting your privacy. This privacy statement ("Privacy Statement"), together with our Cookie Policy, describes the types of Personal Information collected and created in connection with your use of our Products and Services (including use of our web application my.gettested.io, collectively the "Apps"), how and why we use such Personal Information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your Personal Information (or "Information").

We may, from time to time, provide links on GetTested.io and its subdomains (collectively, the "Site") or our Apps to the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check these privacy statements before you submit any Personal Information to these websites.

The service provider and the controller of your Information is Get Tested International AB, trading as GetTested, a company registered in Sweden with registration number 559296-6773 and its registered office at Mörtnäs hagväg 3, lokal 11, 134 44 Gustavsberg, Sweden.

Any defined terms in the Terms of Use (which govern your access to and use of our Site) shall have the same meaning when used in this Privacy Statement.

When you access the Site or use our Products and Services, including our Apps, we collect, receive or otherwise process Information in several different ways. In many cases, you choose what Information to provide. Some Information is required in order for us to provide our Products and Services. We use your Information for the purposes described further below.

We may collect and process the following types of Information about you:

• Purchase and assistance Information: We collect Information when you purchase our Products and Services, including when you phone our Support Team. This Information will include name, gender, contact Information, billing address, delivery address and any further Information you volunteer to provide through the Site or Apps.
• Health-related data: When you purchase or use our Products and Services, we will collect and process data concerning health, including Samples, Test Information or any further Information we might receive from Accredited Laboratories. When you activate a Service or Product, we will collect and process Information relating to your personal health record as well as a suitability questionnaire to confirm that the Service or Product is appropriate to your needs. You may also provide Information to us if you connect a wearable device to one of our Products or Services.
• Genetic and Genetic-Related Data: This is data relating to the inherited or acquired genetic characteristics of a natural person which give unique Information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question ("Genetic Data"). Our collection of Genetic Data may include physical samples provided in connection with your use of our Products and Services (such as a blood sample, saliva sample, or nasal swab). We may also request or generate Genetic Data, medical history, family history, known familial genetic conditions or mutations where necessary to provide our Products and Services.
• Correspondence: We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence. If you make a request with regard to the handling of your Personal Information, we may retain Information regarding the request and any actions we take or correspondence we provide in response to such request.
• Website and device Information: We collect information about your browser or device, including, where available, your IP address or device ID, operating system, and browser type. We also collect details of your visits to our Site and Apps including, but not limited to, traffic data, location data, the resources that you access, web logs and other communication data. Our Site and Apps also use Cookies. For detailed Information on the Cookies we use and the purposes for which we use them, see our Cookie Policy. We may also ask you for Information when you report a problem with our Site or Apps.
• Survey Information: If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.

We use the Information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services, and for purposes described in this Privacy Statement. The broad uses of your Information are described below. As required under the GDPR and other applicable laws, we have also specified the legal bases which we rely on to process your Information.

Where legally required, we rely on your explicit consent to process your Information as follows:

• To collect, store, and process relevant health-related data and Genetic Data, such as identifiable Information related to your past, present, and future health and healthcare, for the purposes of performing health diagnostic testing, genetic testing and genetic sequencing, and providing our health testing and genetic testing Products and Services.
• To receive, store and analyse your Samples at Accredited Laboratories.
• To receive, review, store and communicate your Test Information to you, including by presenting your Test Information and other reported history via the GetTested secure environment.
• To provide you with your results and, in some instances, relevant treatment options or sharing your Information where we have legal basis to do so.
• To de-personalise your Information for use for service improvement, product quality improvement and/or research, as relevant.
• To contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent, we may also share Personal Information with third parties for advertising purposes.

You can withdraw your consent to this processing at any time. Withdrawing your consent stops future processing and does not affect any processing we have already undertaken. Without your consent, however, we shall be unable to provide most of our Products and Services to you.

To fulfil our contract(s) with you, we process your Information – including data concerning your health and medical history – to fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance.

It is in our legitimate interests to process your Information as follows:

• To ensure that content from our Site and Apps is presented in the most effective manner for you and your device.
• To contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these.
• To communicate with you via various channels including by phone, SMS text message, email, and physical mail, to support in the delivery of Products and Services or to send you important account-related communications. For example, communicating with you by phone to discuss your results, or sending you an email or text message to notify you that your results are ready.
• To analyse Information provided by you and others to help us administer, support and improve our business.
• To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing Information with law enforcement.

We are legally obligated to process your Information as follows:

• To retain certain records about the handling of any Samples you send us for regulatory purposes.
• To fulfil any applicable legal and regulatory requirements, for example regulatory reporting obligations to health agencies, or retaining certain tax and accounting records for financial reporting. If we use your Personal Information or Test Information for anything beyond this, we will ask for your explicit consent or else explain the legal basis for any further use of your data, if such use does not rely on your consent.

Please be assured that we do not engage in sale of Personal Information, and only share Information where required to support in the delivery of our Products and Services.

We will not knowingly collect Personal Information from Site and Apps users that are under 18 years of age. We are relying on your undertaking in the Terms of Use that you are over 18 years of age. You should not use the Apps, Site or its Services, including purchase Products, if you are not 18 years of age or older. If you believe we might have Information from or about an individual under 18 years of age, please contact us at hello@gettested.io.

The Information that we collect from you may be transferred to and stored with an Accredited Laboratory (as defined in the Terms of Use) or any supplier of data processing and data hosting services to us at a destination within the EEA. It may also be processed by staff operating inside the EEA who work for any of them. Such staff may be engaged in, among other things, the fulfilment of your order, the provision of data processing and data hosting services to us.

In certain cases, we transfer and store certain Information outside the EEA, such as to the United States. In such cases, we use a legal mechanism known as "standard contractual clauses" to protect Information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring Personal Information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the Information transferred. To request a copy of the clauses, please email us at hello@gettested.io.

All Information you provide to us in purchasing or availing of our Products or Services are stored on our secure servers or else on secure servers used by our service providers. Any payment transactions effected by us will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site or Apps, you are responsible for keeping this password confidential. You must not share a password with anyone.

Unfortunately, the transmission of Information via the internet is not secure and if you request that we communicate with you using a secure means of communication, we can arrange to do this. Once we have received your Information, we will impose obligations of confidentiality and security on any of our service providers who process the Information.

We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your Personal Information. Only a limited number of our internal staff are authorised to access, delete or modify your data.

We share Information with service providers, affiliates, partners, and other third parties where it is necessary to provide the Products and Services, or for any other purposes described in this Privacy Statement. In particular, we may share your Information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customize, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your Information is treated securely and in accordance with this Privacy Statement by imposing obligations of security and confidentiality on such service providers.

Your Information may be provided as necessary to the following categories of recipients:

• Accredited Laboratories
• Couriers
• Communications and marketing service providers
• IT systems and IT service providers (such as those who host our data and Information systems)
• Analytics providers
• Legal or financial advisors
• Government/regulatory/law enforcement agencies pursuant to legally binding order or where legally required, for example where we are required to report positive test results of certain communicable diseases to local health authorities.

We may disclose and transfer your Information to an Accredited Laboratory for the purpose of,

1. accepting and processing an accepted order by us
2. in order to procure the Product is delivered to you by it, and
3. to test any Sample provided and make your Test Information available to you on your secure "Account" on our Site and Apps.

To process a request for a Product and for an Accredited Laboratory to test the Sample and send you the Test Information, we need to disclose Information within our company including to the Medical Practitioner, to the Accredited Laboratory and our IT services providers. Your request for a Product will result in your order details being accessed by and processed by an Accredited Laboratory and our IT service providers.

The Accredited Laboratory shall have access to minimum data required to process your sample, including your date of birth, your Sample, Information relevant to your test (such as your gender), and the test results created therein.

If any third party has provided, subsidized or paid for the Products and Services you are using, your Personal Information may be shared with them as required by the contract between us and that third party. This may include identifiable results reporting (for example, reporting COVID-19 testing results to your employer, if they are performing a testing program for health and safety in the workplace). If you are a participant in such a program, you will be provided with a program specific privacy notice and/or consent form as required.

In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share Information in the course of the transaction. In such circumstances, your Information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of GetTested.

If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your Information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.

Equally, we may retain, preserve, or disclose your Information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations.

We may share Information with advertising partners or service providers to contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent or another applicable legal basis, we may also share Personal Information with third parties for advertising purposes.

We may pass aggregate Information on the usage of our Site and Apps to third parties. Unless required to do so by law, we will not otherwise share, sell or distribute any of the Information you provide to us without your consent or other legal basis.

We retain your Information in our server logs, our databases, and our records for as long as necessary to provide the Products and Services. In some cases we may retain some of your Information for a longer period, where we have a legitimate business interest to do so (such as to contact you to provide you with relevant Information about our Products and Services or to maintain your Account with us), in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims, or to enforce our Terms of Use.

If you live in the EEA or the UK, you may have certain rights in relation to your Information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at hello@gettested.io.

• Access: You have the right to request a copy of your Information that we process. You may exercise this right in the "Account" section in your user Account. If you require additional access, please email us.
• Correction: If you discover that we hold inaccurate Information about you, you have a right to ask us to correct that Information. You can correct Account Information by logging into your Account. For other corrections, please email us.
• Erasure: You have the right to request that we delete your Information. We may refuse this request if (a) the Information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you have withdrawn consent. You can exercise this right in the "Account" section of your user Account or you can email us.
• Restriction: You have the right, in some cases, to restrict the processing of your Information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us.
• Objection: You have the right to object to us using your Information based on our legitimate interests described above. In such cases, we will cease processing your Information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your Account settings or, if you do not have an Account, you can email us.
• Portability: You have the right in some cases to port your Information from us to a new data controller. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right through the "Account" section in your user Account to download your data in JSON format. Alternatively, you can email us.
• Withdraw consent: You can withdraw your consent to processing at any time by deactivating your Account through the "Account" section in your user Account or by e-mailing us at hello@gettested.io. Withdrawing your consent does not affect processing that has already occurred. When you withdraw your consent, we will no longer process your Information based on your consent. We may process your Information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
• Complain: You have the right to lodge a complaint with our lead supervisory authority – the Swedish Authority for Privacy Protection (www.imy.se) or the data protection supervisory authority for your EEA jurisdiction. If you are considering lodging a complaint, we would appreciate the opportunity to try and resolve your issue before you submit your complaint.

If you are a UK resident or using our Products and Services in the UK, you may be entitled to exercise your rights under the UK GDPR. These are broadly the same rights as listed above, although your supervisory authority is the UK Information Commissioner's Office (https://ico.org.uk).

From time to time, we will make changes to this Privacy Statement. Any changes we may make in future will be posted on this page. If we materially change our Privacy Statement, we will take steps to notify you, for example by emailing you or by posting a notice on the Site.

Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to us at hello@gettested.io.