Legal
Theo AB,
Stureplan 6, SE-114 35,
Stockholm, Sweden
Commercial register: SE-5594425372
Terms & Conditions
1. Applicability
These General Terms and Conditions set forth the terms and conditions for Theo's supply of the Services.

2. Definitions
In the Agreement, including its appendices, the following below capitalized terms shall have the meanings set forth below, unless otherwise is evident from the context.
"Agreement" means these General Terms and Conditions and the Order Form.
"Customer" has the meaning set forth in the Order Form.
"Customer Data" means all data (including personal data) which the Customer uploads to, stores or processes in the Services, or otherwise provides to Theo within the scope of the Services.
"Confidential Information" has the meaning set forth in Section 9.2.
"Order Form" means the signed order form between Theo and the Customer, in which the commercial details of Theo's provision of the Services are set forth.
"Parties" has the meaning set forth in the Order Form.
"Professional Services" means any consulting, advisory, development or training services provided by or for Theo pursuant to the Agreement.
"Services" has the meaning set forth in the Order Form.
"Service Description” means the service description specifying the Services supplied under the Agreement, set forth in the Order Form.
"Theo" means the supplier Theo AB, reg.no. 559442-5372, as set forth in the Order Form.

3. Supply of the Services and Professional Services
3.1 Theo shall supply the Services to the Customer during the term of and in accordance with this Agreement.
3.2 Certain Professional Services are set out in the Order Form and additional Professional Services may be ordered separately.
3.3 The Services shall normally be available at all times (24/7/365). Notwithstanding the foregoing, the Customer acknowledges that Theo may from time to time carry out maintenance and other necessary activities that affect the availability of the Services. Theo will, to the extent practicable, schedule planned maintenance to the extent practicable during weekends and/or outside normal business hours in Sweden.
3.4 Theo undertakes to take reasonable measures to remedy any availability failures without undue delay. The Customer understands and acknowledges that Theo cannot assure the availability of the Services on a continuous or uninterrupted basis and that Theo will not be liable in relation to the Customer for any availability failures of the Services.
3.5 Theo may temporarily suspend or restrict the Customer’s and/or its users’ access to the Services (i) in case of the Customer’s and/or a user’s breach of this Agreement, (ii) in case the supply of the Services causes a risk of more than insignificant damage to Theo, the Customer, other customer or other third party, or (iii) in case of a delay in payment of fees as set forth in Section 8.6 below. The Customer shall be notified of such suspension or restriction of access to the Services.

4. The Customer’s rights to use the Services
4.1 Theo grants to the Customer a limited, non-exclusive, non-transferable, non-sublicensable right to use the Services in accordance with the terms of the Agreement for its own internal business purposes. The use rights are granted on a named user basis and apply during the term of the Agreement subject to payment of all fees relating to the Services. The Customer is fully liable for all of its users’ use of the Services.
4.2 The Customer may not (i) perform any unauthorized copying or distribution of the Services, user manuals or other materials owned by Theo, and not circumvent or break Theo’s security measures for the Services, (ii) sub-license, rent out, lend out, or otherwise let an unauthorized third party get access to the Services, or (iii) except as is expressly set forth in the Agreement or follows from mandatory legislation, reproduce or in any other way multiply, reverse-engineer or decompile the Services.

5. The Customer’s obligations in relation to the Services
5.1 The Customer shall be responsible for control and administration of permission rights in relation to all its users of the Services. The Customer is thereby responsible for (i) the usage of the Services by its users, (ii) ensuring that login credentials for each user are only used by the physical person who is the named user, and (iii) maintaining confidentiality of login credentials, security measures and other information provided by Theo for access to the Services. The Customer shall immediately inform Theo in case any unauthorized person has obtained access to the Services or received knowledge of information referred to in this Section 5.1.
5.2 In addition, the Customer shall:
a. comply with Theo’s instructions and the terms and conditions that apply for the Customer’s usage of the Services;
b. promptly provide such information and take such decisions as are required for Theo to be able to perform its obligations under the Agreement (if any);
c be responsible for all software, hardware and other equipment (including installation of such equipment) that is required for the Customer to use the Services;
d be responsible for (i) all delivery of Customer Data to Theo or its subcontractor(s), (ii) that the Customer Data does not contain any virus, trojans, worms or other malicious software or code, (iii) that the Customer Data is in the agreed format, (iv) that the Customer Data does not infringe any third-party intellectual property rights, and (v) that the Customer Data in no other manner may harm or have a negative impact on Theo, the Services or any third party; and
e. inform Theo of detected intrusions or attempted intrusions that may impact the Services.
5.3 The Customer agrees and acknowledges that in order for the Services to function properly, the Customer must meet the technical requirements regarding hardware, software and other parts of the Customer’s IT environment that Theo may recommend from time to time.

6. Functional support
6.1 Theo provides functional and technical support related to the Customer’s access and use of the Service. Any such support shall be provided without any warranty and Theo may determine that a functional or technical issue is beyond the scope of the standard support provided.
6.2 Support will be provided during business hours Monday - Friday, 09.00-15.00 CEST. The support contact information is found at Theo's web page www.theo.ai.
6.3 The platform support is provided free of charge.
6.4 The Customer shall provide all pertinent details required for Theo to investigate the support issue.

7. Updates
The Customer is aware that Theo develops and updates the Service on a continuous and proactive basis, for the purpose of improving the Services for the Customer. This means that Theo may add, change or remove functionality in the Services. Changes that Theo deem to be material shall be communicated to the Customer with reasonable notice. For the avoidance of doubt, a deviation from the terms of this Agreement shall not have occurred if the Services deviate from the Agreement due to Theo’s development, upgrade or other change of the Services.

8. Fees and payment
8.1 Unless otherwise is specified, all prices and fees in this Agreement are stated in EUR, exclusive of value added tax (VAT). Payment shall be received by Theo within fourteen (14) days from the invoice date. Payment of the fees is a condition for the Customer’s right to access and receive the Services under this Agreement. Fees are non-refundable.
8.2 The fees for the Services are set forth in the Order Form. Fees for the Services will, unless otherwise set forth in the Order Form, be invoiced annually in advance (excluding any events causing a change of the fee occurring during a month, which will be adjusted for in the following invoice).
8.3 Professional Services fees are invoiced in accordance with the Order Form or as otherwise agreed.
8.4 The fees for the Services do not include license fees for any collaborative software (third-party software products) which are not part of the Services.
8.5 Fees shall be increased each year by a percentage equal to the annual percentage change in the Swedish consumer price index published by SCB .
8.6 Where the Customer is in delay with any payment, Theo is entitled to late payment interest according to applicable law. Where Theo has requested the Customer in writing to pay an undisputed amount due, Theo may, thirty (30) days after such written request, suspend the Customer’s access to the Services until the Customer has paid the amount, or terminate the Agreement in whole or in part.

9. Confidentiality
9.1 Each Party undertakes not to disclose, without the other Party's consent, to any third party Confidential Information, which the Party has received from the other Party or otherwise in connection with performance of the Agreement. A Party may only (i) use Confidential Information which has been received from the other Party for the purpose of fulfilling its obligations according to the Agreement, and (ii) allow authorized employees who need access to the Confidential Information in order for the Party to fulfil this Agreement to have access to the Confidential Information.
9.2 For the purposes of this Agreement, “Confidential Information” shall mean information of a technical, commercial or other nature, which by its nature reasonably shall be considered to be confidential information, or which the Party has specifically stated to be confidential, and information which is confidential according to law, including but not limited to Customer Data and Theo’s source code and user documentation in relation to the Services.
9.3 The confidentiality obligations shall not apply in relation to information which a Party can demonstrate has become known to the Party otherwise than through the performance of the Agreement, or which is generally known. The confidentiality obligations shall also not apply when a Party is obliged, under law, governmental decision or applicable stock exchange rules, to disclose information. Each Party shall be obliged to ensure that its employees, subcontractors and other parties who may receive access to the other Party’s Confidential Information maintains confidentiality thereof by execution of written secrecy undertakings.
9.4 The confidentiality obligations in relation to Confidential Information shall apply during the term of the Agreement and for a time period of five (5) years after its termination or expiry.

10. Disclaimer
10.1 The Customer hereby expressly understands and agrees that the Customer’s use of the Services is at the Customer’s sole risk on an “as is” and “as available” basis with any faults and failings and without any representation, warranty or guarantee express or implied including without limitation any implied warranty of completeness, quality, merchantability, fitness for a particular purpose or non-infringement. Except as may be explicitly stated in this Agreement Theo expressly disclaims all warranties of any kind whether express or implied.
10.2 The Professional Services will be performed in a competent and workmanlike manner. However, Theo does not provide any legal, financial, business, or any other professional advice. Theo has not validated, and is not responsible for, any information or services provided by third parties. Theo expressly disclaims any claims arising from representations, whether express or implied, or reliance upon any representations made regarding our recommendations or information supplied to Customer.

11. Personal data
The Customer’s use of the Services may result in Theo processing personal data on behalf of the Customer. The Parties have therefore entered into a separate data processing agreement.

12. Intellectual property rights
12.1 Each Party shall be the owner of its respective pre-existing copyrights, design rights, patents, patent applications, database rights, trademarks, and other intellectual property rights. Theo and/or its licensor(s) are the owners of all rights to the Services. The Customer is granted a time-limited right of use to the Services in accordance with what is set forth in Section 4 above.
12.2 Theo is granted a limited license to use the Customer’s pre-existing intellectual property rights as necessary to provide the Services. Theo is also granted a right to use the Customer’s name and/or logotype in marketing activities in accordance with good market practice.
12.3 Any label or information regarding trademark, patent, copyright or any other intellectual property right which is set out in the Services, or documentation provided in connection therewith, may not be removed, concealed, altered or in any other way amended.
12.4 The Customer is the owner of the Customer Data. Theo may only use the Customer Data to the extent necessary for Theo to be able to provide the Services and for the purpose of developing and/or improving the Services, functionalities and features of the Services. Theo shall own and be entitled to use, analyse and commercially exploit any data derived from the Customer Data, such as, but not limited to, use habits, patterns, meta data, geographical deviations or trends, results of the Customer’s use etc. provided any such data is anonymized prior to being made public. The Customer is liable for ensuring that the Customer has the full legal rights to submit the Customer Data to Theo and allow Theo to use it in accordance with the Agreement.

13. Term and termination
13.1 This Agreement enters into force upon the signature by both Parties and shall apply for an initial period of twelve (12) months. Unless terminated by either Party in writing at least three (3) months prior to the expiry of the initial twelve (12) month period, the Agreement shall automatically renew for successive fixed terms of twelve (12) months each unless terminated by written notice at least three (3) months prior to each consecutive anniversary date hereof.
13.2 Each Party has the right to terminate the Agreement in whole or in part with immediate effect by written notice to the other Party, if the other Party:
a. commits a material breach of its obligations under the Agreement and does not remedy such material breach within thirty (30) days from the first Party’s written notice hereof (provided that such remedy is possible); or
b. is declared bankrupt, initiates composition negotiations, is subject to a company reorganisation or otherwise reasonably can be presumed to be insolvent.
13.3 Upon the termination or expiry of this Agreement:
a. the Customer’s use rights to the Services will expire;
b. the Customer shall immediately pay all outstanding fees and other compensation; and
c. Theo shall return or erase (as instructed by the Customer) and cease processing, all Customer Data. If returned, the Customer Data shall be returned through a method and format determined by Theo (e.g. enabling the Customer Data to be downloaded). The Customer Data will be erased by Theo at the earliest fifteen (15) and at the latest thirty (30) days after the termination or expiry of the Agreement.
13.4 The terms in this Agreement which obviously are intended to apply also after the termination or expiry of this Agreement, shall survive the termination or expiry of this Agreement irrespective of cause.

14. Limitation of liability
14.1 Each Party’s aggregate and total liability under this Agreement shall, unless otherwise set forth in this Section 14, be limited to fifty (50) per cent of the fees paid for the Services by the Customer during the twelve (12) months preceding the event causing the liability.
14.2 Neither Party shall be liable for loss of profit or other indirect damage or loss such as any loss of business, income, goodwill, data, contracts or opportunity. Neither does the liability include the other Party’s liability towards a third party.
14.3 The limitations of liability set forth in this Section 14 shall not apply in relation to the Customer’s payment obligations, personal injury, or liability under Sections 9 or 12 or in case of wilful misconduct or gross negligence.
14.4 A Party shall, in order to retain its rights to claim damages, present claims for damages to the other Party at the latest six (6) months from the occurrence of the damage event.

15. Force majeure
If a Party is prevented from performing its obligations under this Agreement due to circumstances beyond the Party’s control and which the Party could not reasonably have foreseen or prevented, such as lightning, labour conflicts, fire, natural disaster, pandemic, changed governmental regulations, intervention by public authorities, and any defect or delay in services provided by subcontractors due to such circumstances, this shall be considered a force majeure event which to the extent necessary shall result in a postponement of the contractual obligations and release from damages and other possible sanctions. Where the performance of the Agreement is materially restricted for more than two (2) months as a result of a force majeure event, each Party shall be entitled to terminate the Agreement in writing in whole or in part without incurring any liability in damages.

16. Miscellaneous
16.1 This Agreement constitutes the entire agreement of the parties with regard to the subject matter hereof, and supersedes all previous written or oral representations, agreements and understandings between the parties, whether expressed or implied.
16.2 All amendments and supplements to this Agreement shall, unless otherwise set forth, be made in writing and be signed by authorized representatives of each Party in order to be valid.
16.3 The Customer and Theo enter into this Agreement on a non-exclusive basis as independent parties. Nothing contained in this Agreement shall be construed to create any employment, partnership, joint ventures or other legal relationship between the Parties and their respective consultants.
16.4 A Party may not assign or transfer its rights or obligations under this Agreement without the other Party’s prior written approval. Theo may however assign the rights to receive payments without the Customer’s approval.
16.5 A Party's untimely exercise of, or failure to exercise, any right, or untimely complaint, or failure to complain, regarding any circumstance, shall not entail that the Party has forfeited its rights in such respect unless otherwise is set out in this Agreement.
16.6 In the event any provision of the Agreement is held to be invalid in whole or in part or unenforceable, the remainder of the provision, as well as all other provisions of the Agreement shall remain in force.

Disputes
17.1 This Agreement shall be governed and construed in all respects in accordance with the substantive laws of Sweden without regard to its principles governing conflicts of laws.
17.2 Any dispute, controversy or claim arising out of or in connection with this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce (SCC). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language of the arbitral proceedings shall be Swedish or English.
Terms of use
1. Registration and your User Account
1.1 To access the Service, an individual must register an account through the Platform (“User Account”).
1.2 On registering with us, you will be asked to provide an email address to ensure secure access to the Service.
1.3 You are responsible for all activities that occur under your User Account and must maintain its confidentiality. Immediately notify us at email address if you suspect any unauthorised use of your User Account or any security breach.
2. Use of the Service
2.1 Users shall use the Service for the purposes as stipulated in these Terms.
2.2 Users agree to use the Service for lawful purposes only and in a way which does not infringe the rights of anyone else or restrict or inhibit anyone else’s use of the Service.
2.3 In using the Service, you agree not to engage in any activity that is illegal, infringes on the rights of others, or is prohibited by these Terms. This includes, but is not limited to:
a. use the Service, or any information contained therein or relating thereto for any illegal purpose or in violation of any local, state, national, or international law;
b. violate, or encourage others to violate, any right of a third party, including by infringing or misappropriating any third party intellectual property right;
c. engage in fraudulent activity, such as pretending to be someone else or claiming false affiliation;
d. use another person’s User Account without their permission;
e. attempt to re-register with or use the Service if we have terminated your User Account for any reason;
f. interfere or attempt to interfere with the proper functioning of the Service;
g. take any action that we deem to impose or to potentially impose an unreasonable or disproportionately large load on the servers or network infrastructure on which we rely;
h. bypass any measures we take to restrict access to the Service or use any software, technology, or device to scrape, spider, or crawl the Service or harvest or manipulate data;
i. use the communication systems provided by, or contacts persons through, the Platform or the Service for any commercial solicitation purposes; or
j. publish or link to malicious content intended to damage or disrupt another User’s browser or computer.
2.4 We do not guarantee that the Platform and/or the Service (or the content made available through it) will be secure or free from bugs or viruses. You are responsible for configuring your information technology and computer programmes to access the Platform and/or the Service. You should use your own virus protection software. You must not misuse the Platform and/or the Service by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful.
2.5 You must not attempt to gain unauthorised access to the Platform and/or the Service, the server on which it is stored, or any server, computer or database connected to the website. You must not attack the Platform and/or the Service via a denial-of-service attack or a distributed denial-of-service attack. By breaching this provision, we will report such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Service will cease immediately.

3. User Content
3.1 Some functionalities of the Service enable Users to post various forms of content, such as folders, data, text, and other works ("User Content"). By posting User Content on the Service, you retain any copyrights and other proprietary rights you may have in such User Content. User Content uploaded or managed under a User Account is treated as "Customer Data" per our General Terms and Conditions, without affecting your proprietary rights in the User Content.
3.2 By submitting, posting, or displaying User Content to the Service, you grant us a worldwide, limited royalty-free license to reproduce, adapt, distribute and publish such User Content solely for the purpose of operating, promoting, and improving our Service and developing new ones. This explicitly includes using User Content and including, but not limited to user interactions, system configurations, and device characteristics ("Usage Data"). We commit to not using your User Content beyond what is necessary for these purposes.
3.3 Our use of AI, including ESG assistant, to improve the Service or develop new ones may require training our AI models with data that may include User Content. By using the Service, you agree that we can use your User Content for this purpose. We ensure all such data will be handled in compliance with GDPR and other applicable data protection laws. For more details on our data protection handling, please see our Privacy Policy.
3.4 We disclaim any and all liability in connection with User Content. You bear exclusive responsibility for your User Content and any outcomes that result from sharing this User Content through the Service. If your User Content violates these Terms, applicable laws, or infringes on the rights of others, you may be held liable for such violations. This includes the use of foul language, discriminatory remarks, or any content that could be deemed offensive or harmful.
3.5 Your responsibility extends to all content you share through the Service. We may remove content or restrict access if your contributions violate our Terms or applicable laws, this specifically includes User Content featuring foul language, hate speech, or any form of discrimination.

4. Intellectual Property Rights
4.1 The Platform and the Service are under our ownership and management. The service and software containing compiled information, structure, processes, data, visual designs, graphics, content and all additional components related to our offering ("Intellectual Property") of the Service we provide are safeguarded by applicable intellectual property laws. Unless we have explicitly given permission, the use of the Intellectual Property is prohibited. We retain all rights to the Intellectual Property that are not specifically provided in these Terms.
4.2 You agree not to use, copy, license, assign, register, or attempt or purport to do any such thing in relation to any of such Intellectual Property or any data or information generated or derived from the Platform and/or the Service except as expressly permitted under these Terms.
4.3 We agree to grant you a limited, non-exclusive, non-transferable and non-assignable licence (with no right to sub-licence) to use the Service.

5. Liability
5.1 You agree that the Platform and the Service are provided without warranty, and we do not warrant or represent that the Platform and/or the Service will meet your requirements or that its operation will be uninterrupted or error free. We do not make any warranty as to the accuracy or reliability of any information obtained through the Platform and/or the Service.
5.2 The Platform may contain links to other websites. We accept no responsibility or liability for any material supplied or contained on any third party (including affiliate) website which is linked from or to the Platform, or any use of personal data by such third party or any use by any person of any services provided by any such third party.
5.3 To the fullest extent permitted by law, we shall only be liable to you for loss or damage caused directly and reasonably foreseeable by our breach of these Terms or relevant terms. In no event shall we, persons who act on our behalf, and/or persons we enter into contracts with be liable for any of the following types of loss or damage arising under or in relation to these Terms or relevant terms (whether in contract, tort (including, without limitation, negligence) or otherwise) for any loss of profits, goodwill, business, contracts, revenue or anticipated savings even if we are advised of the possibility of such loss of profits, goodwill, business, contracts, revenue or anticipated savings.

6. Indemnity
6.1 You agree to indemnify, defend, and hold harmless us and our officers, subsidiaries, affiliates, successors, assigns, directors, officers, agents, service providers and employees from and against any and all losses in connection with any claim by a third party (including a claim for intellectual property rights) arising out of:
a. the materials and content you submit, post or transmit through the Service; or
b. your use of the Service in violation of these Terms or in violation of any applicable law.

7. Term and Termination
7.1 These Terms are effective beginning when you accept the Terms and remain in force until terminated by either you or us.
7.2 We reserve the right, at our sole discretion, to immediately terminate your access to all or part of the Platform, to remove your User Account from the Platform with or without notice if we determine that you are in breach of these Terms.
7.3 We reserve the right, at our reasonable discretion, to apply procedures to detect and prevent breaches of these Terms and to monitor the use of the Service.
7.4 We reserve the right to close your User Account and terminate these Terms with you at any time after a significant duration of inactivity by you.

8. Changes to the Terms and Modifications of the Service
8.1 We may amend the Terms from time to time and will notify you of changes. Please check these Terms periodically for changes. In addition to posting changes on the Platform, we will also notify you of any significant changes to these Terms or the Service through your provided contact information, such as email.
8.2 Any new version of these Terms shall take effect:
a. immediately upon the date of posting on the Platform where the changes relate to a new feature or non-material changes, which (in either case) does not reduce your rights or increase your liability to us; or
b. no less than thirty (30) days after the date of posting on the Platform where the changes potentially reduce your rights or potentially increase your liability to us.
8.3 We reserve the right to modify or discontinue the Platform and/or the Service at any time (including by limiting or discontinuing certain features of the Platform and/or the Service), temporarily or permanently, without notice to you. We will have no liability for any change to the Platform and/or the Service or any suspension or termination of your access to or use of the Platform and/or the Service.

9. Privacy
9.1 Any and all personal information you provide to us may be collected, stored, processed, and used in accordance with our current Privacy Policy which can be found on our website:

10. General
10.1 If any of the terms and conditions in these Terms or relevant terms are found to be illegal, invalid, or unenforceable by any court of competent jurisdiction, the rest of these Terms and/or as the case may be relevant terms shall remain in full force and effect.
10.2 If there is any conflict or inconsistency between these Terms or any other contract(s) you have with us in relation to the use of the Platform, the relevant terms of any other contract(s) shall take precedence.
10.3 These Terms and any relevant terms are governed by Swedish law. In the event of any matter or dispute arising out of or in connection with these Terms or relevant terms, you and we shall submit to the exclusive jurisdiction of the courts of Sweden.
Privacy Policy
This privacy policy describes how Theo AB reg. no. 559442-5372, (”Theo”, ”us”, ”we” or “our”), manage and process your personal data as part of our business, for example in relation to you as a user (“User” meaning former, current and potential user of our platform (the “Platform”)), or as a visitor to our official website. The type of processing we carry out under the EU Data Protection Regulation (GDPR) depends on the context in which you come into contact with us, and in which capacity you act.

We value your privacy. It is therefore especially important to us that you understand this privacy policy and how and why we process your personal data.

1. WHO IS RESPONSIBLE FOR THE PERSONAL DATA THAT WE COLLECT?
Please note that this privacy policy describes the processing activities undertaken by us in our capacity as data controller only. A data controller is essentially the company that is responsible for your personal data. We have detailed the processing activities that we are responsible for below in Section 4 (For what purposes and on what legal grounds do we process your personal data?).
The data controller for the activities mentioned under Section 1 (Who is responsible for the personal data that we collect?) is Theo AB with reg. no. 559442-5372, and with address at c/o CMNTY Stureplan 6, 114 35 Stockholm, Sweden.

2. WHAT IS PERSONAL DATA?
"Personal data" means any information relating to an identifiable natural person, for example a name, a personal registration number, an email address, location data or an online identifier.
"Processing" of personal data is a reference to what we do with your personal data, for example collection, use, structuring, storing and erasure of personal data.

3. WHAT PERSONAL DATA DO WE COLLECT?
You can read about the different categories of personal data that we collect from you in the table below. We have listed some examples of personal data in each category.

4. FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
We manage your personal data to maintain your user account and to guarantee the Platform's safety and dependability, as well as to maintain the integrity of the data you report and to oversee your data submissions within the Platform. The personal data collected when setting up your user account is what we process.
We restrict our processing of personal data to what is essential for the operation of your user account. Should you, as a User, incorporate personal data into the information you submit on the Platform, we will process this personal data accordingly. Nonetheless, if such personal data was not explicitly requested by us and is deemed unnecessary, we will delete, pseudonymize, or anonymize this personal data.

5. HOW CAN YOU WITHDRAW YOUR CONSENT?
You have the right to withdraw your consent at any time if our processing of your personal data is solely based on your explicit consent. Please note that if you withdraw your consent, this will not affect the legality of the processing that we have undertaken prior to you withdrawing your consent. If you would like to withdraw your consent, please send an email to dpo@theo.ai. You can also contact us using the contact information below in Section 13 (How to contact us).

6, WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We will always ensure that third parties can provide sufficient guarantees in protecting your personal data before we share any of your personal data. We have listed the categories of third parties with whom we may share your personal data below.
6.1 Public authorities
We may need to share your personal data with a public authority for the purpose of complying with applicable law. The legal ground is to comply with a legal obligation.
6.2 Mergers and acquisitions
We may need to share your personal data for the purpose of selling Theo, or all or parts of Theo's assets, to a potential buyer who wishes to acquire the same, or if we are otherwise subject to a merger with another company. The legal ground is our legitimate interest to complete such transactions, which we have determined outweighs your interest not to have your personal data processed for this purpose.
6.3 Suppliers and contractors
In order to provide, and for the sole purpose of providing, our services to you, we may need to share your personal data with certain carefully selected suppliers and contractors. Our Platform's functionality heavily relies on these third parties, encompassing a range of services essential for the operation and enhancement of our platform. These partners include, but are not limited to:
Authentication systems: We use third-party authentication systems to manage login data securely, ensuring that your access to our Platform is safe and private.
Cloud storage providers: For data hosting, including personal and sensitive information, we use leading cloud storage services. This ensures that your data is stored securely and is accessible only as necessary.
Analytics and tracking services: To understand how our Platform is used and to continually improve our Service, we engage with third-party analytics providers. These services help us track platform usage in a way that respects your privacy while providing valuable insights.
Use of Large Language Models (LLMs): In order to deliver and continuously enhance our services, we employ Large Language Models (LLMs) across various functionalities of our Platform, not limited to AI-driven chat interfaces. These models process personal data such as chat interactions and other user inputs and usage data to provide real-time, personalized responses and to improve user experience broadly across the Platform. We collaborate with carefully selected third-party suppliers who are integral to the development and optimization of these AI functionalities, all under strict data protection agreements that comply with GDPR standards.
These suppliers and contractors could be consultants or providers of legal, technical and IT support/functionalities, and storage providers (such as cloud storage). These entities act as data processors, meaning they will only process your personal data based on our instructions to them, and we will always ensure that the necessary agreements (for example a so-called data processing agreement) are in place to protect your personal data at all times. Furthermore, we implement safeguards like encryption and regular security audits and require all third parties to adhere to similar standards.

7. WHERE DO WE PROCESS YOUR PERSONAL DATA?
As a main rule, we will process your personal data only within the European Union (EU) and the European Economic Area (EEA). In some situations, for example when the services and functionalities we need are provided outside of the EU/EEA, we may need to transfer your personal data to third countries outside of the EU/EEA.
Regardless of whether your personal data is processed within or outside the EU/EEA, we will at all times ensure that the same level of technical and organisational measures are in place to protect your personal data. Should we transfer your personal data to third countries outside of the EU/EEA, we will take additional appropriate measures to safeguard your personal data, which may as a main rule include one of the following measures.
Transfer of personal data only to third countries that, according to the European Commission, provide an adequate level of protection. This means that these third countries offer a similar level of protection as provided under the GDPR in the EU.
We will enter into standard contractual clauses adopted by the European Commission with the recipient of your personal data. This means that the recipient is required to comply with the same level of protection as provided under the GDPR in the EU.
In addition to one of the above measures, we will always seek to take any additional security measures that we deem appropriate and necessary to safeguard your personal data at all times.

8. COOKIES
We use cookies and other similar technologies on our Website. Cookies are small files of data that are placed and stored on your web browser or device when you visit our Website.
When you visit our Website, these files store information that is used for, for example, functionality purposes, to make it easier to use our Website. For more information about the cookies that we use, please read our cookie policy.

9. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will keep your personal data for as long as it is necessary in order for us to fulfil the purpose for which we collected your personal data. We have indicated the necessary retention periods in the table in Section 4 (For what purposes and on what legal grounds do we process your personal data?).
Please note, however, that Theo may be required to retain personal data for a longer period if we are required to do so pursuant to applicable law or a binding decision by a public authority or court of law. If that is the case, we will retain it for the period required under law or such decision.

10. HOW DO WE PROTECT YOUR PERSONAL DATA?
We take the protection of your personal data seriously. We have reasonable and appropriate technical and organisational measures in place in our business to ensure that your personal data is safeguarded and protected against loss, destruction, misuse, and unauthorised access and disclosure, at all times.
Our employees work under strict confidentiality and follow clear instructions on how to manage your personal data in accordance with applicable data protection laws and our own policies. We only grant employees access to your personal data when it is necessary in order for them to perform their duties.
We continuously evaluate our security measures to remedy any vulnerabilities we may identify in an effort to make sure that your personal data is safe with us.

11. YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM
You have rights with regard to your personal data. Please read this Section to understand them, as well as how you can exercise them. You are always welcome to contact us if you need more information about your rights. You can also find further information regarding your rights on the website of the Swedish Authority for Privacy Protection.
11.1 Right to information
You have the right to be informed about how we process your personal data. We respect this right by being transparent with you in our communication, on our Website and by providing you with the information in this privacy policy.
11.2 Right of access
You have the right to obtain a confirmation from us as to whether or not we process your personal data. If we do process your personal data, you also have the right to obtain access to the personal data by requesting a copy showing which personal data we have about you, and how we use it. Please note that we may ask for additional information in order to identify you to ensure that personal data is disclosed to the correct individual.
11.3 Right to rectification
You have the right to, request that we correct inaccurate information about you, as well as to complete any incomplete information.
11.4 Right of erasure (Right to be forgotten)
You sometimes have the right to request the erasure of personal data that concerns you. We are required to erase the personal data in question, for example if the personal data is no longer necessary in relation to the purposes for which the personal data was initially collected. Please note that we are not obliged to delete your personal data if it is necessary to retain it to comply with legal obligations, or for the establishment, exercise, or defence of legal claims.
11.5 Right to restriction of processing
You have the right to request that we restrict our processing of your personal if you for example believe that the information, we have about you is inaccurate, our processing is unlawful, or we no longer need the information for the purposes they were collected.
11.6 Right to object
You have the right to object to our processing of your personal data if our processing is based on a legitimate interest.
11.7 Right to data portability
You have the right to request a copy of the personal data in a machine-readable format that concerns you and which we process to perform a contract or based on your consent. If technically feasible, you can then have such personal data transmitted to a different data controller.
11.8 Right to withdraw your consent
You have the right to withdraw your consent. Please refer to Section 5 (How can you withdraw your consent?) for more information.
11.9 Right to lodge a complaint
If you have any complaints about the way in which we process your personal data, you are always welcome to reach out to us. You also have the right to lodge a complaint to a supervisory authority (such as the Swedish Authority for Privacy Protection) here.

12. CHANGES TO THIS PRIVACY POLICY
We reserve the right to introduce updates and make amendments to this privacy policy. This is necessary to ensure that we have the ability to constantly improve our services to you and to introduce new functionalities. We may also be required to make changes to the way in which we process your personal data pursuant to applicable law or a decision issued by a public authority or court of law. If we make any changes to this policy, we will update the "Last updated" date at the top of this policy, so please make sure to check in from time to time.

13. HOW TO CONTACT US
If you have any questions about the processing of your personal data, this privacy policy or if you have concerns regarding our processing of your personal data, please contact us using the following contact information:
Theo AB
c/o CMNTY
Stureplan 6
114 35 Stockholm, Sweden
Email: dpo@theo.ai
Website: https://theo.ai
Appendix to Privacy policy
Categories of personal data we collect:
For what purpose and legal grounds to we your personal data