Dynavox Group Privacy Notice

Tobii Dynavox, a part of Dynavox Group AB and its affiliates ("we," "us," or "our"), is dedicated to providing accessible communication solutions while safeguarding your privacy. Dynavox Group AB acts as the Data Controller for the personal data collected from you when you use our products and services or interact with our website.

For questions about this Privacy Notice or how we handle your personal data, please contact us at privacymanager@tobiidynavox.com.

We collect personal data in connection with your use of our services. The types of data we collect include:

• Contact Information: such as name, address, email address, and phone number.
• Technical Information: device ID, IP address, and data related to your interaction with our products.
• User Data: information about how you use our devices and services, including settings, preferences, and feedback.
• Health Data (where applicable): if you use our assistive technologies, we may process health-related data only to the extent necessary to provide the service. This processing is done based on explicit consent.

In addition to personal data, you provide directly, we may collect information from third-party sources to enhance our services or provide a more personalized experience. For example, if you interact with us through social media or other platforms, we may collect personal data from those services in accordance with your privacy settings on those platforms.

We process personal data to deliver, maintain, and improve our products and services, as well as to comply with legal obligations. Specifically, we may process your data for:

• Service Delivery: Ensuring our products and services function correctly and meet your needs.
• Product Improvement: Analyzing usage to enhance our products and customer experience.
• Marketing: Sending marketing materials where you have provided consent.
• Legal Compliance: Complying with legal obligations and protecting our interests in cases of fraud prevention, security, and other legitimate interests.

Legal Basis for Processing: We process personal data based on the following lawful grounds:

• Performance of a Contract: Processing necessary to fulfill our contractual obligations to you.
• Consent: Where you have given explicit consent, particularly for sensitive data.
• Legitimate Interests: Legitimate Interests: For purposes such as fraud prevention, ensuring network and data security, and improving our products and services. We ensure these interests do not override your privacy rights by balancing our interests with your expectations.
• Legal Obligations: When required by law to process data, such as for regulatory compliance.

We may share personal data with trusted third parties to support our business operations, including but not limited to:

• Service Providers: Partners who help us operate and improve our products and services.
• HealthCare Providers: Such as Recommenders, Insurance Companies and other similar institutions to assist with the funding or evaluation process of our Products.
• Affiliates within Dynavox Group: For administrative and customer support purposes.
• Legal Authorities: When required by law, we may share data in compliance with legal obligations or for the defence of legal claims.

We may transfer personal data outside the European Economic Area (EEA) only when adequate protections are in place, such as Standard Contractual Clauses, ensuring your data receives the same level of protection as within the EEA.

To provide our services effectively and securely, Tobii Dynavox engages certain trusted third parties (“Sub-Processors”) to process personal data on our behalf. These Sub-Processors support a range of business functions, including product development, technical support, cybersecurity, sales, finance, marketing, and internal operations such as HR and IT services.

We ensure that all Sub-Processors are contractually bound to adhere to data protection obligations that are consistent with the requirements of the GDPR and other applicable privacy laws. Where required, we implement appropriate safeguards, such as the use of Standard Contractual Clauses, to protect personal data transferred outside the EU/EEA.

A current list of our Sub-Processors, including the type of services they provide and their processing locations, is available here. This list is reviewed and updated regularly to reflect any changes.

We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Notice, considering legal, regulatory, or contractual obligations. For instance:

• Account Information: Retained as long as your account is active and for a period afterward to comply with legal requirements.
• Health Data: Retained only for the duration necessary to deliver assistive services, subject to your consent. Once personal data is no longer required, it will be securely deleted or anonymized to ensure continued privacy.

Once data is no longer required, we securely delete or anonymize it, in line with data protection regulations.

You may wish to exercise a right to obtain information about yourself or to correct, update or delete that information. Some of these rights may be subject to some exceptions or limitations in local law. Please note your rights and choices vary depending upon your location. We will take reasonable steps to verify your identity, and we will respond to your request to exercise these rights within a reasonable time, subject to the below for specific categories of person.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Access: You have the right to request access to the personal data we hold about you.
• Rectification: You may request that we correct inaccurate or incomplete personal data.
• Erasure: You have the right to request that we delete your personal data under certain conditions.
• Restriction of processing: You may request that we limit the processing of your personal data in certain circumstances.
• Data portability: You may request a copy of your personal data in a structured, commonly used format.
• Objection: You may object to the processing of your personal data in certain situations, such as for direct marketing purposes.

To exercise any of these rights, please contact us at privacymanager@tobiidynavox.com.

Find out more about these rights, and how you can exercise them by either contacting Tobii Dynavox AB (Publ) or obtain information from the appropriate supervisory authority. Please see below for contact information.

Many of our products and services are intended for children under 13 years of age, and we do not knowingly collect personal data from children under this age without verifiable parental consent. If we discover that we have inadvertently collected such data, we will delete it promptly. If you believe that we have collected data from a minor, please contact us at privacymanager@tobiidynavox.com.

We prioritize the security of your personal data. To prevent unauthorized access, loss, or misuse, we use a combination of technical and organizational measures, including encryption, access controls, and secure servers, to protect your information. These measures are continuously reviewed to ensure they meet evolving security standards.

We may update this Privacy Notice from time to time to reflect changes in our services, legal or regulatory requirements, or data processing practices. If we make material changes, we will inform you through appropriate channels, which may include email notifications, updates on our website, or in-app notifications.

For users of our software applications, notice of significant updates to this Privacy Notice will typically be provided in the patch notes or release information displayed within the app at the time of an update. We encourage you to review these patch notes and this Privacy Notice regularly to stay informed about how we protect your personal data.

If you have any concerns or questions about our use of your personal information, you can contact us via the following contact information.

Website: www.tobiidynavox.com
Email: privacymanager@tobiidynavox.com
Postal Address: Löjtnantsgatan 25, 115 15, Stockholm, Sweden
Attn: Data Privacy Team

The Data Privacy Team for Dynavox Group AB can always be contacted at privacymanager@tobiidynavox.com. You also have the right to lodge a complaint with the Swedish lead supervisory authority, Intergritetsskyddsmyndigheten.