Privacy Notice: Company Representatives Northvolt

1. Information regarding the processing of your personal data

The purpose of this privacy notice is to provide information on how Northvolt AB (“Northvolt” or “we”) process(es) personal data of company representatives. We respect your privacy and duly protect the Personal Data we process about you. All processing of Personal Data is made in accordance with the GDPR. The following describes how we collect, process and share your Personal Data.

2. What personal data will be processed?

Northvolt may collect and process the following Personal Data about you (as relevant from case to case); name, address, employer, title, department, business email and contact numbers (telephone, WhatsApp, Facetime, Skype, Jobylon, Line) (your ”Personal Data”). The Personal Data is collected from you directly, from your employer which we have a business relation with and, in certain circumstances, from a publicly accessible source such as Bisnode. 3. What is the purpose of processing your personal data?

The purpose of processing your Personal Data is that Northvolt needs to process contact details to a company representative of its suppliers, customers, partners or other collaborations in order to administrate and fulfil its agreements with such counterparties (the company representatives’ employers).

4. What is the legal basis for processing your personal data?

The processing of your Personal Data is necessary for the purposes of legitimate interest pursued by Northvolt. This means that we have carried out a balance of interest test where we have assessed that our interest in processing your Personal Data for the purposes described in Section 3 above outweighs the breach of privacy that you as company representative may be exposed to, taking into consideration that (i) the processing activities can be reasonably expected by you as company representative, that (ii) the processing of Personal Data is limited, and that (iii) we are not able to enter into an agreement with your employer without processing personal data of a company representative.

5. Who has access to your personal data?

We have implemented appropriate technical and organisational measures to protect your Personal Data against loss or unlawful access etc. The number of persons with access to your Personal Data is limited. Only individuals which need to process your Personal Data in accordance with the purposes above will have access to your Personal Data. We will share your Personal Data with suppliers and partners that carry out services on our behalf such as Outotec, Mannheimer Swartling, Åf, Accenture, Grant Thornton, DLA Piper, and other management advisors, legal advisors and technical advisors engaged from time to time. Furthermore we may share your Personal Data in relation to shipping, transportation, financing, insurance, warranties and claim processing and with third party enterprise software companies in order to coordinate our business and administrate the agreements with our customers and suppliers. Your Personal Data may be transferred to a country outside of EU/EEA such as Democratic Republic of the Congo, USA, Canada, the People’s Republic of China, the Republic of China, South Korea, Switzerland, Norway, India and Japan, which may have a lower level of protection than within the EU/EEA. The transfer is needed to conduct business with local suppliers or partners. When transferring Personal Data to countries outside the EU/EEA, Northvolt uses standard contractual clauses approved by the European Commission to ensure a sufficient level of protection for your Personal Data. Click here to view the EU standard contractual clauses.

6. For how long is your personal data stored?

Your Personal Data will be stored for as long as the agreement with the relevant customer/supplier remains valid and two years thereafter or until Northvolt is informed about that the company representative has been replaced by another company representative or as long as required by applicable laws.

7. What are your rights?

Northvolt AB, reg. no. 559015-8894, address Alströmergatan 20, 112 47 Stockholm, Sweden, is the controller of the processing of your Personal Data. This means that we are responsible for your Personal Data being processed correctly and in accordance with applicable laws. You are entitled to know what Personal Data we are processing regarding you, and you can request a copy of such data. You are entitled to have incorrect Personal Data regarding you corrected, and in some cases you may request that we delete your Personal Data (if, for example, the Personal Data is no longer necessary for the purpose for which it was collected or if you withdraw your consent). You also have the right to object to certain processing of your Personal Data, and request that the processing of your Personal Data be limited. If you have questions regarding how we process Personal Data concerning you, you are most welcome to contact us at gdpr@northvolt.com. If you have any objections or complaints with the way we process your Personal Data, you have the right to lodge a complaint with the Swedish Data Protection Authority (Sw. Datainspektionen under name change to Dataskyddsmyndigheten).