Privacy policy

Vitrolife Sweden AB, Swedish company registration number 556546-6298, with address Box 9080, 400 92 Gothenburg, Sweden, telephone number +46 31 7218000, is responsible for the processing of your personal data (the controller).

If you have any questions or queries regarding Vitrolife Sweden AB’s processing of your personal data, you are welcome to contact our Data Protection Coordinator by sending an e-mail to [email protected].

2.1 Type of personal data we are collecting about you

Vitrolife Group will obtain your personal data directly from you.
Examples of personal data about you that Vitrolife Group processes:

Please note that the below list is a list of examples only and is not intended as an exhaustive list. Vitrolife will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.

Personal identification data you directly provide: First Name, Last Name, Clinic/Company name, Work email address, Country/Region, IP address and information about your behaviour on our website, social media account where appropriate.

Data generated by your activity: Log information such as Internet protocol (IP) address, navigation behaviour through the website, device and software used, the time/date/duration of your visit, and other similar information and parameters related to your operating system and computer environment.

Vitrolife Group may also process personal data about you that is unstructured, for example, any personal data that you randomly share with us without Vitrolife Group requesting such data.

2.2. Purpose of the processing with the legal basis for the processing

The purpose of the data collection is 1) to communicate with you 2) to inform you about our Newsletter and Press release if you gave your consent 3) functionality, statistics, web traffic analysis by using cookies.

The legal basis of our data collection is i) our legitimate interest to communicate with you ii) or your freely given, unambiguous consent to receive our Newsletter and/or Press releases.

Vitrolife Group would like to send you information about products and services of ours that we think you might like, as well as those of Vitrolife Group companies. We will only send you marketing material, if you have consented. Please be informed, that you may always opt/out at a later date or stop us from contacting you for marketing purposes or giving your data to other members of the Vitrolife Group.

2.3. Recipients or categories of recipients of the personal data and Transfer of personal data Who can gain access to your personal data?

As a starting point, only Vitrolife Sweden AB processes your data, as the website manager. We also share your personal data with relevant companies in our company group and in accordance to below.

In some cases Vitrolife Group also shares your personal data with our different service providers e.g. distribution of Press releases. Also, other suppliers Vitrolife Group contract may possibly gain access to all of the personal data Vitrolife Group processes about you, however, only to the extent necessary to fulfill the suppliers’ obligations in relation to Vitrolife Group.
The list of processors is set forth in Appendix 1.

Generally, Vitrolife Group only process your personal data within the EU/EEA. However, Vitrolife Group intends to transfer your personal data within Vitrolife Group. In the event that your personal data is transferred to a recipient in a third country or to an international organisation Vitrolife Group will take suitable and appropriate safeguards to protect the personal data being processed. We inform you that Vitrolife Group has implemented a Group Data Transfer Agreement that secures the international data transfers within Vitrolife Group, and that we will use the Standard Contractual Clauses together with additional safeguards as applicable issued by the European Commission for international data transfers.

Links to other websites

Our websites may contain links to other websites. We have no influence on the compliance or non-compliance of the operators of these sites with the data protection provisions.

We use social media button for LinkedIn on our website. The buttons only provide a link to our company representation page on the respective social media platform. Vitrolife Group does not have control or responsibility over any data which such social media provider may collect for own purposes upon clicking on a social media button.

2.4. For how long do we process and store your personal data?

If consent has been given to send you Newsletters or Press releases, we store personal data until such consent has been withdrawn by unsubscribing.

If the legal basis is our legitimate interest to communicate with you, we store your personal data no longer than it is necessary to fulfill the purpose, but for a maximum of two (2) years from the last interaction with you.

In general, we retain personal data as long as it is necessary to fulfil the purpose of the data processing. In some cases, we may be required to retain personal data for a longer period of time by law or for other necessary purposes. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.

2.5. Is your data secure with us?

We are committed to protecting your personal data and ensuring that your choices are honoured. We have taken strong security measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

If you wish to exercise one of your rights, please send an email to: [email protected] or a letter to:

Vitrolife Sweden AB 
Group Legal
Gustaf Werners Gata, 421 32 GÖTEBORG, Sweden

We kindly inform you that Vitrolife may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of our legal obligations and the exception to such rights.

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.  

We will reply without delay, in accordance with the applicable regulations.

Quick summary — What you need to know

This notice explains how Vitrolife Group handles your personal data when you interact with us as a business partner, supplier, vendor or external consultant. Here are the key points:

• Who collects your data: The Vitrolife Group affiliate you work with.
• What data: Mainly your business contact details, company role and information needed to manage our working relationship.
• Why: To manage contracts, communicate with you, comply with legal obligations, and ensure supply chain security.
• How long: Generally for the length of our relationship and thereafter for the period required by applicable laws and for legal compliance purposes.
• Your rights: You can access, correct, delete or object to use of your data — details in Section 7.
• Contact: [email protected]

Questions? We're here to help.

Contact our Data Protection Officer at [email protected] — or reach out to your local Vitrolife Group affiliate via vitrolifegroup.com/en/contact-us.

Vitrolife AB and its affiliates ("Vitrolife Group", "we", "us" or "our") care about your privacy. We are a multinational life science company with a global presence, and we are committed to protecting the personal data of all individuals we work with — including our business partners, customers, prospects, suppliers, vendors, distributors and external consultants.

This privacy notice applies specifically to individuals acting in a business capacity on behalf of companies that have or may have a business relationship with Vitrolife Group. This includes:

• Representatives of current or prospective customers
• Suppliers and sub-suppliers of goods or services
• Distributors and resellers
• Vendors providing professional or technical services
• External consultants and independent contractors
• Representatives of business partners and alliance partners
• Visitors to our websites acting in a professional capacity

Important: We only process personal data about you in your business role. We do not seek to process personal data about you in your capacity as a private individual or consumer. Please do not provide us with personal data of a private nature unless we explicitly request (such as dietary information during our events). Should we receive such data, we will inform you and erase it promptly.

This notice explains what personal data we collect, why we collect it, how long we keep it, who we share it with, and what rights you have. We have designed it to be as clear and plain-language as possible.

The Vitrolife Group company that you interact with is the data controller responsible for your personal data. Depending on your relationship with us, the relevant controller is the Vitrolife Group affiliate you work with directly.

For the avoidance of doubt:

• Website visitors (Vitrolife/Vitrolife Group domains): Vitrolife Sweden AB
• Website visitors (Igenomix domains): Igenomix S.L.U.
• Suppliers and vendors: The Vitrolife Group entity that entered or is entering into a supply or service agreement with your company

A full list of Vitrolife Group affiliates and their contact details is available at: Contact us

Throughout this notice, we use "Affiliate", "we", "us" or "our" to refer to the relevant Vitrolife Group company acting as controller.

If you have any questions about how we handle your data, or wish to exercise any of your privacy rights, please contact our Data Protection Officer (DPO):

Email: [email protected]

We collect your personal data from several sources:

• Directly from you: When you fill in a form on our website, sign or negotiate a contract, hand over a business card, attend one of our events, or contact us directly.
• From your employer: When your employer provides us with your details as their representative for the purposes of a business relationship.
• From publicly available sources: Such as your company's website, LinkedIn, or professional directories, where you have chosen to make your information publicly accessible.
• Automatically: When you visit our websites or interact with our emails (see Section 4.6 for details).

Categories of personal data we may process:

• Identity & contact details: Full name, job title, company name, business email address, work phone number, business address, country where you work.
• Account credentials: Username and password if you create a portal or webshop account.
• Financial & procurement data: Bank account details, payment information, VAT/tax registration numbers, procurement categories — for suppliers and vendors.
• Due diligence data: Information processed as part of supplier onboarding, compliance screening (sanctions, anti-bribery), and trade compliance checks.
• Contractual information: Details contained in or related to contracts, purchase orders, and agreements between our companies.
• Event data: Registration details, dietary preferences (if applicable), travel information for events you attend.
• Preferences and interactions: Your preferences about our products/services and events, your enquiries and feedback.
• Website behaviour & technical data: IP address, browser type, pages visited, and cookie data (see Section 4.6).
• Email engagement data: Information about how you interact with emails we send, including open times, approximate location (region or city), device type, and links clicked — collected via tracking pixels and encoded URL strings (see Section 4.6).

Sensitive personal data: We do not seek to collect sensitive personal data (e.g., health data, religious beliefs). The only exception is if you attend a physical event and voluntarily share dietary preferences, which we treat with appropriate care. We will only process sensitive data where legally required, with your explicit consent, or where you have clearly made it public.

The sections below describes each processing activity, the legal basis we rely on, the data involved, and how long we keep it.

To interact with you as a representative of a prospect (potential customer)

To interact with you as a representative of an existing customer

Webshop account (vitrolife.com)

This section applies to representatives of companies that supply goods or services to Vitrolife Group, including vendors, sub-contractors, distributors supplying to us, and external consultants.

Supplier/vendor onboarding and due diligence

Contract management and administration

Performance management and auditing

Commercial communications to former and existing customers

Marketing to prospects who have expressed interest

Profiling for marketing relevance

Your right to object: You have the right to object at any time to use of your data for direct marketing, including profiling. To unsubscribe/change your preferences, click the "change your preferences" link in any of our emails, or contact us at [email protected].

Marketing and targeted advertising (third-party platforms)

Webinars and virtual events

Workshops and physical events

E-learning activities

Email engagement tracking: When we send you marketing or informational emails, we may use the following technologies to understand how you interact with them:

• Tracking pixels: Small image files embedded in emails. They tell us when you opened the email, your IP address, device type, and approximate location. You can disable this by turning off automatic image loading in your email client.
• Encoded URL strings: Identifiers added to links in emails. These do not use device-based technologies like cookies, but allow us to see which links you clicked.
• Subscription key: A unique identifier linked to you in our marketing system, allowing us to recognise your interactions consistently without using your email address as the main identifier.

We share your personal data only where necessary and always with appropriate safeguards in place. Recipients may include:

• Other companies within Vitrolife Group, for legitimate business and operational purposes.
• Data processors we engage (e.g. CRM providers, IT platforms, marketing tools, e-learning platforms) — these process data only on our documented instructions.
• Trade compliance and sanctions screening services.
• Governmental, legal and regulatory authorities, where required by law or to protect our rights.
• Accountants, auditors, lawyers and other professional advisors, subject to strict confidentiality obligations.
• Payment service providers, logistics companies and other third-party vendors involved in fulfilling our contracts.
• Advertising platforms such as LinkedIn (for matched audience advertising — see Section 4.3.3).
• Relevant parties in the event of a business sale, merger or restructuring.

Processors: Any third party that processes data on our behalf is bound by a data processing agreement ensuring they act only on our instructions and maintain appropriate security measures.

Independent controllers: Where third parties process data for their own purposes, they act as independent controllers and are responsible for their own compliance. We only share the minimum data necessary.

As a global group, your personal data may be transferred to, and processed in, countries outside your country of residence, including countries outside the European Economic Area (EEA).

For EU/EEA residents: Any transfer of personal data outside the EEA is subject to EU data protection law. We implement appropriate safeguards, including:

• EU Standard Contractual Clauses (SCCs) with receiving entities
• Adequacy decisions by the European Commission (where applicable)
• Binding Corporate Rules (BCRs) (where applicable)

For non-EU/EEA residents: Transfers between countries are governed by applicable local law. We apply appropriate protections in all cases.

All Vitrolife Group affiliates are required to comply with applicable data protection requirements regardless of location.

We keep your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our general retention principles are:

• Customer/prospect relationships: Up to 2 years after the end of the relationship or last contact, unless legal requirements mandate longer retention.
• Supplier/vendor contracts and invoices: Up to 10 years after the end of the contract for accounting, tax and legal compliance purposes.
• Due diligence and compliance records: Up to 10 years, or as required by applicable sanctions, export control or anti-bribery laws.
• Legal claims: For as long as relevant statutory limitation periods apply.
• Marketing data: Up to 2 years from last interaction, or until you unsubscribe (whichever is earlier).
• Event data: Up to 2 years from last event attendance; sensitive data (e.g. dietary) not stored after the event.
• Website/cookie data: As specified in the relevant Cookie Policy.

Where possible, we anonymise or pseudonymise data that we need to retain beyond the applicable retention period.

Depending on where you are located, you have a number of rights regarding your personal data. Most of these rights apply regardless of geography, though the scope and enforcement mechanisms may differ. Here is a plain-language summary:

How to exercise your rights: Contact us at [email protected] or through the contact details of the relevant Affiliate. We will respond within the legally required timeframe (usually within 1 month for GDPR requests). We may ask you to verify your identity before processing your request.

Please note that in some circumstances we may not be obliged to comply with your request, for example where retention is legally required. We will always explain our reasoning in such cases.

We implement robust technical and organisational security measures to protect your personal data from loss, unauthorised access, disclosure, alteration or destruction. These include access controls, encryption, security monitoring, staff training, and contractual obligations on all third parties who handle data on our behalf.

If you have any security concerns or believe your data has been compromised, please contact us at [email protected] immediately.

Data Protection Officer: [email protected]

Vitrolife Group affiliate contacts: Contact us

Updates to this notice: We may update this privacy notice from time to time to reflect changes in our processing activities or applicable law. The current version will always be available on our websites. We will notify you of material changes where we have your contact details.

Applies to: Data subjects resident in the EU or EEA, and to all processing by Vitrolife Group affiliates established in the EU/EEA.

Governing law: Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR); national implementing legislation; the ePrivacy Directive.

A.1 Legal Bases Under GDPR

Our processing activities rely on one or more of the following legal bases under Article 6 GDPR (and Article 9 GDPR for sensitive data):

• Article 6(1)(a) — Consent: Where you have freely given, specific, informed and unambiguous consent (e.g. profiling, e-learning, certain marketing).
• Article 6(1)(b) — Contract: Where processing is necessary to perform or prepare a contract with you or your employer.
• Article 6(1)(c) — Legal obligation: Where processing is required by EU or Member State law (e.g. accounting, medical device traceability, sanctions).
• Article 6(1)(f) — Legitimate interests: Where our interests (or those of a third party) override your interests, rights and freedoms — e.g. customer relationship management, direct marketing to existing contacts, intra-group data sharing, fraud prevention. We have carried out Legitimate Interest Assessments (LIAs) for these activities.

A.2 Your GDPR Rights

All rights set out in Section 7 of the main notice apply in full under the GDPR. You may exercise them by contacting our DPO at [email protected]. We will respond within 30 days (extendable by a further 2 months for complex requests). Please note that your right of access under Article 15 GDPR may be subject to certain exceptions, including situations where the information requested:

• adversely affects the rights and freedoms of others,
• relates to ongoing legal proceedings, or
• cannot be disclosed due to statutory or contractual confidentiality obligations.

There is no fee for making a request. Normally, there is no fee for making a request. However, a reasonable fee may be charged for requests that are manifestly unfounded, excessive, or repetitive, in accordance with Article 15(3) GDPR.

A.3 Supervisory Authority

You have the right to lodge a complaint with your national data protection supervisory authority. Vitrolife's lead supervisory authority for EU-wide processing is the Swedish Authority for Privacy Protection (IMY). A full list of EU/EEA supervisory authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en.

A.4 Automated Decision-Making & Profiling

We use profiling to improve the relevance of our marketing. This does not produce legal or similarly significant effects on you. Where we do use profiling, it is based on your consent (for e-learning persona assignment) or legitimate interest (for marketing personalisation). You have the right to object to profiling for direct marketing at any time (Article 21(2) GDPR).

Applies to: Data subjects resident in the United Kingdom.

Governing law: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

All provisions of the main notice and Addendum A apply with the following modifications:

• Legal transfers to the UK: The UK is treated as having an adequate level of protection by the EU Commission (and vice versa under the UK's own adequacy regulations). Transfers between the UK and EU operate under standard mechanisms as described in Section 5.1.
• Supervisory authority: You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. Our UK representative is contactable through [email protected].
• Rights: All rights under the UK GDPR mirror those under the EU GDPR, as described in Section 7 of the main notice.

Applies to: Residents of US states with applicable privacy laws. Note: the CCPA/CPRA contains an exemption for B2B data (personal information collected in the context of a business-to-business relationship). However, we provide this addendum as a matter of transparency and good practice.

C.1 Categories of Personal Information Collected (CCPA)

In the preceding 12 months, we have collected the following categories of personal information (as defined by the CCPA):

• Identifiers (name, email address, IP address, professional identifiers)
• Professional or employment-related information (job title, employer, professional contact details)
• Internet or other electronic network activity (browsing history on our websites, email engagement data)
• Geolocation data (approximate location based on IP address)
• Commercial information (purchasing/ordering history, supplier/vendor contract information)

C.2 Sources, Purposes and Disclosure of Personal Information

Sources, purposes and categories of third parties to whom we disclose personal information are described in Sections 3, 4 and 5 of the main notice.

Do we "sell" or "share" personal information? We do not sell personal information for monetary consideration. We may share personal information (as defined by CPRA) with advertising platforms for targeted advertising purposes (see Section 4.3.3). California residents have the right to opt out of this sharing.

C.3 Your Rights (California & Other US States)

Depending on the state in which you reside, you may have the following rights:

• Right to know: To request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: To request deletion of personal information we have collected from you, subject to exceptions.
• Right to correct: To request correction of inaccurate personal information (CPRA).
• Right to opt out of sale/sharing: To opt out of the sale or sharing of your personal information for cross-context behavioural advertising.
• Right to limit use of sensitive personal information: To limit how we use sensitive personal information (CPRA).
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

How to exercise these rights: Submit a verifiable consumer request to [email protected]. We will respond within 45 days (extendable by a further 45 days where reasonably necessary).

Authorised agents: You may designate an authorised agent to make a request on your behalf, provided you provide written authorisation and we can verify both your identity and the agent's authority.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA) and other US state laws: We honour rights equivalent to those described above for residents of all US states that have enacted comprehensive privacy laws.

Applies to: Processing of personal information of individuals located in China.

Governing law: Personal Information Protection Law (PIPL), effective 1 November 2021; Cybersecurity Law; Data Security Law.

Where we process personal information of individuals located in China:

• Legal basis: We obtain separate consent where required by PIPL, or rely on PIPL-recognised bases such as contract performance, legal obligation, or legitimate interest.
• Cross-border transfers: Any transfer of personal information from China requires compliance with applicable transfer mechanisms under PIPL, which may include: passing a security assessment by the Cyberspace Administration of China (CAC), obtaining a personal information protection certification, or entering into standard contracts issued by the CAC.
• Data localisation: Critical information infrastructure operators and personal information processors who process large volumes of data may be subject to data localisation requirements. We comply with these requirements where applicable.
• Individual rights: Individuals in China have rights to access, copy, correct, delete and restrict processing of their personal information, and to withdraw consent. You may exercise these rights by contacting [email protected].

Applies to: Processing of personal data of individuals located in Brazil, or where processing occurs in Brazil.

Governing law: Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13,709/2018, as amended.

Where we process personal data subject to LGPD:

• Legal bases: We rely on LGPD-recognised legal bases including consent, contract performance, legitimate interest, legal obligation, and the protection of credit (for supplier/financial data).
• Consent: Where we rely on consent, it is freely given, specific and informed. You may withdraw consent at any time.
• Cross-border transfers: Transfers outside Brazil require adequate protection via contractual clauses, BCRs, specific consent, or regulatory authorisation.
• Your rights under LGPD: You have the right to access, correct, delete, anonymise, and port your personal data. You also have the right to know the entities with which we have shared your data, and to receive information about the possibility of not providing consent and the consequences of denial. You may exercise these rights at [email protected].
• Supervisory authority: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd.

Applies to: Individuals located in Australia.

Governing law: Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

• Collection notice: This notice serves as our collection notice under APP 5.
• Cross-border disclosure: When we transfer your personal information overseas (including to Vitrolife Group entities in other countries), we take reasonable steps to ensure the overseas recipient handles it consistently with the APPs.
• Your rights: You may access and correct your personal information by contacting [email protected].
• Complaints: You may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have interfered with your privacy.

Applies to: Individuals located in Japan and other APAC jurisdictions where we operate.

Japan (APPI): Vitrolife Group complies with the Act on the Protection of Personal Information (APPI) as amended. Where required, we obtain consent before sharing personal information with third parties. Cross-border transfers require the recipient to maintain a comparable level of protection or the individual's consent. You may request disclosure, correction or deletion of your personal information held by us.

South Korea (PIPA): Where we process personal information of South Korean residents, we comply with the Personal Information Protection Act (PIPA). This includes providing required notices, obtaining consent where mandated, and ensuring cross-border transfer requirements are met.

Other APAC jurisdictions: We comply with applicable data protection laws in all APAC jurisdictions where Vitrolife Group operates, including Singapore (PDPA), India (DPDP Act 2023), and others. Contact us for jurisdiction-specific information.

Applies to: Individuals located in Canada.

Governing law: Personal Information Protection and Electronic Documents Act (PIPEDA), as amended; provincial laws (PIPA Alberta, PIPA BC, Law 25 Quebec where applicable).

• Consent: Where we collect personal information in Canada, we obtain meaningful consent for collection, use and disclosure, except where an applicable exception applies.
• Cross-border transfers: Personal information transferred outside Canada receives comparable protection through contracts or other appropriate means.
• Quebec (Law 25): For Quebec residents, we comply with enhanced requirements including privacy impact assessments for high-risk processing, mandatory breach notification, and the right to request technology-based decision-making explanations.
• Your rights: You may access, correct or withdraw consent for the use of your personal information. Contact: [email protected].
• Complaints: Office of the Privacy Commissioner of Canada (priv.gc.ca), or applicable provincial commissioner.

1.1 As part of handling investor relations, Vitrolife AB (“Vitrolife Group”) will be processing personal data about its shareholders, proxies and advisors. This privacy notice sets out how and why we process personal data in connection with administration of our relationship with our shareholders, proxies and advisors, including registration in the register of shareholders and when providing notice of and holding general meetings.

1.2 Vitrolife Group (also referred to as “we”, “our” in this privacy policy) is the data controller for the processing activities set out in this privacy notice.

2.1 Below, it is listed what type of personal data we collect about our shareholders, proxies and advisors and for which purposes we use the personal data.

3.1 We may share the personal data about shareholders, proxies and advisors with relevant employees of Vitrolife Group and with relevant third-party advisors and service providers. We may also share the personal data with public authorities, Nasdaq Sweden as well as the general public through publication on our website in accordance with applicable law. Some of these parties may be located in countries outside of the EU/EEA. Please be informed that the level of data protection as currently applied and enforced in some countries outside the European Union does not conform to the level of data protection for personal data currently applied and enforced within the European Union. If personal data is being processed outside of the EU/EEA, such transfer of personal data will be subject to appropriate security measures such as European Commission’s standard contractual clauses or measures subsequent to this level of security. You can request a copy of the agreement covering the transfer of personal data by sending an e-mail to [email protected].

4.1 We will only store the personal data for as long as it is necessary to fulfill the purposes outlined in this privacy notice. With respect to information about shareholders, proxies and advisors, unless stated otherwise above, we will generally be keeping the personal data for 5 years after the end of the financial year in which the shareholder no longer owns shares in Vitrolife Group.

6.1 We may change this privacy notice from time to time by issuing a new version on this website.

If you wish to exercise one of your rights, please send an email to [email protected] or a letter to:

Vitrolife Sweden AB
Group Legal
Gustaf Werners Gata, 421 32 GÖTEBORG, Sweden

We kindly inform you that Vitrolife Group may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of our legal obligations and the exception to such rights.

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.

We will reply without delay, in accordance with the applicable regulations.

Vitrolife Sweden AB and its affiliates (“Vitrolife Group” or “us”) care about your privacy. Therefore, Vitrolife Group always strives to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data.

In this privacy notice, Vitrolife Group wants to inform you as a job applicant for an open position at Vitrolife Sweden AB or any company within Vitrolife Group about how Vitrolife Group processes your personal data during the recruitment process.

If Vitrolife Group enters into an employment agreement with you, our processing of your personal data will be governed by a separate privacy policy.

The Global HR department of Vitrolife Sweden AB, Swedish company registration number 556546-6298, with address Box 9080, 400 92 Gothenburg, Sweden, telephone number +46 31 7218000, is responsible for the processing of your personal data (the controller). 

In addition, the company announcing the position you are applying for will process your personal data as an independent controller, as may be communicated to the candidate from time to time. The data processing shall be the same as described in this privacy notice, but the controller may differ as it will be communicated to you.

If you have any questions or queries regarding Vitrolife Group’s processing of your personal data, you are welcome to contact us by sending an e-mail to [email protected].

The personal data that Vitrolife Group processes about you as a job applicant (data subject) is the information you provide to us in connection with your application for an open position at Vitrolife Group or that a third party has provided to us in the recruitment process.

Vitrolife Group will primarily obtain your personal data from you, e.g. during the application process. Your personal data may also be obtained via a third party, e.g. from someone you have directed us to obtain your personal data from e.g. when we contact references that were provided to Vitrolife Group by you, or from service providers acting on Vitrolife Group’s behalf (e.g. background screening and verification including education, past employment, references).

Examples of personal data about you that Vitrolife Group processes:

Please note that the below list is a list of examples only and not intended as an exhaustive list. Vitrolife Group will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.

Name, address, email address, phone number, date of birth, gender, photo, resumes, cover letter, performance and evaluation data (such as personal and analytical tests in connection with recruitment processes) current employment data (such as current compensation package and expectations and notice period under current employment contract, if any)

Vitrolife Group may also process personal data about you that is unstructured, for example, any documentation that someone else produced in which you are mentioned. This also includes e-mail correspondence which you are mentioned in.

The purpose of the data collection is to evaluate your personality, skills and experience to determine your suitability for the open position.

The legal basis of our data collection is i) the need for fulfilling Vitrolife Group’s obligation with legal requirements ii) Vitrolife Group’s legitimate interest to communicate with you, to evaluate your competence for the position iii) or your freely given, unambiguous consent.

As a starting point, only Vitrolife Sweden AB and the relevant Vitrolife Group company who has the open position process your data. We also shares your personal data with relevant companies in our company group.

In some cases Vitrolife Group also shares your personal data with our internal and external IT suppliers. Also, other suppliers Vitrolife Group contract may possibly gain access to all of the personal data Vitrolife Group processes about you, however, only to the extent necessary to fulfill the suppliers’ obligations in relation to Vitrolife Group. It can be, for example, companies that work with administration of salaries or insurance.

The list of processors is set forth in Appendix 1.

Generally, Vitrolife Group only process your personal data within the EU/EEA. However, Vitrolife Group intends to transfer your personal data within Vitrolife Group. In the event that your personal data is transferred to a recipient in a third country or to an international organisation Vitrolife Group will take suitable and appropriate safeguards to protect the personal data being processed. We inform you that Vitrolife Group has implemented a Group Data Transfer Agreement that secures the international data transfers within Vitrolife Group, and that we will use the Standard Contractual Clauses together with additional safeguards as applicable issued by the European Commission for international data transfers.

Vitrolife Group will normally keep your personal data until the recruitment process has been concluded, and two (2)  years (shorter or longer dependent on applicable employment legislation) to satisfy the need to use such personal data in the event of an actual, threatened or anticipated dispute or claim (e.g. on grounds of discrimination).

If consent has been given to store personal data for future recruitment needs, it will be stored until a future recruitment of the applicant is no longer relevant and/or until such consent has been withdrawn.

We are committed to protecting your personal data and ensuring that your choices are honoured. We have taken strong security measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

If you wish to exercise one of your rights, please send an email to: [email protected] or a letter to:
Vitrolife Sweden AB 
Group Legal
Gustaf Werners Gata, 421 32 GÖTEBORG, Sweden

We kindly inform you that Vitrolife Group may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of our legal obligations and the exception to such rights.

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.  

We will reply in a reasonable delay, in accordance with the applicable regulations.

Welcome to Vitrolife AB (hereinafter “Vitrolife Group” or “We/Us”). Vitrolife Group values your privacy and wants to ensure that you are informed about how we collect, use and protect your personal data when you participate in earning calls with us.

The data controller for the processing activities set out in this privacy notice is: Vitrolife AB (publ), Box 9080, SE-400 92 Gothenburg, Sweden. Corporate identity number 556354-3452.Tel: +46 31 721 80 00. Fax: +46 31 721 80 99 E-mail: [email protected]

Below, it is listed what type of personal data we collect about you and for which purposes we use the personal data.

2.1 What Personal Data We Collect

When you participate in earning calls with Us, we may collect the following personal data about you:

• Full Name
• Contact Information (email address, phone number)
• Professional Information (company name, job title)
• Any additional information voluntarily provided during the earning call

2.2. How We Use Your Personal Data

We collect and use your personal data for the following purposes:

• To organize and facilitate earning calls
• To communicate with you before, during, and after earning calls
• To analyze and improve our earning call processes

2.3. Legal Basis for Processing

The legal basis for processing your personal data is your consent, which is obtained when you choose to participate in earning calls with us, and also our legitimate interest in communicating with you.

2.4.   Security of our data processing

We are committed to protecting your personal data and ensuring that your choices are honoured. We have taken strong security measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction.

We may share the personal data about you with relevant employees of Vitrolife Group and with our trusted relevant third-party advisors and service providers.

We will only store the personal data for as long as it is necessary to fulfill the purposes outlined in this privacy notice.

We may change this privacy notice from time to time by issuing a new version on this website.

If you wish to exercise one of your rights, please send an email to: [email protected] or a letter to:

Vitrolife Sweden AB
Group Legal
Gustaf Werners Gata, 421 32 GÖTEBORG, Sweden

We kindly inform you that Vitrolife Group may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of our legal obligations and the exception to such rights.

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.  

We will reply without delay, in accordance with the applicable regulations.

“This call will be recorded for quality, training, and service improvement purposes. During the conversation, you may share personal or health-related information. These recordings are stored securely in Vitrolife Group’s systems with role-based access, and only authorized employees bound by confidentiality may access them. For more details about how we handle your information and your rights under applicable privacy laws, please visit our privacy notice at www.vitrolifegroup.com or contact [email protected]”

Vitrolife AB, a Swedish company with its registered address at Gustaf Werners Gata 2, 421 32 Västra Frölunda, Sweden, and its affiliates (“Vitrolife Group”) care about your privacy. Vitrolife Group (www.vitrolifegroup.com), as a multinational company with a global presence, strives to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data.

This notice applies to calls handled by Vitrolife Group entities that record customer service calls. Callers may be located in a different country than the entity they are contacting, and in such cases the most protective applicable data privacy standard will govern.

The Vitrolife Group entity you interact with acts as the data controller for the processing of your personal data. Depending on where you are calling from and which entity you are contacting, the relevant controller may include:

• Vitrolife Sweden AB (Sweden / EU) – Gustaf Werners Gata 2, 421 32 Västra Frölunda, Sweden
• Vitrolife Inc. (United States) – serving callers in the US and Canada
• Igenomix Brazil Ltda. (Brazil) – serving callers in Brazil and Latin America
• Igenomix Spain S.L. (Spain) – serving callers in Spain and the EU/EEA
• Other Vitrolife Group affiliates as applicable based on your location and the service you are contacting.

A full list of Vitrolife Group entities and their contact information is available at Contact us | Vitrolife Group.

If you are located in a jurisdiction other than that of the entity you are calling, both the law of the entity’s country and your local privacy law may apply. We apply the more protective standard in such cases.

• Call audio recordings: Conversations with our representatives, which may include sensitive information such as health-related or genetic data.
• Metadata: Call date, time, duration, direction (inbound/outbound), and caller/recipient identifiers.
• Identifiers: Name, phone number, email address, company name, or other information you choose to provide during the call.
• Health-related data: Where relevant to the service (e.g., genetic services, IVF support), information about health conditions, diagnoses, or treatments.

We may record and process calls for the following purposes:

1. To provide and improve customer support and services.
2. To ensure quality assurance and staff training.
3. To confirm instructions, requests, and contractual arrangements.
4. To comply with legal, regulatory, or accreditation requirements.
5. To handle complaints, disputes, or legal claims.
6. To maintain business and clinical safety records.
7. To support genetic counselling sessions, where calls are recorded by certified genetic counsellors to ensure accurate documentation of clinical guidance, test results, and recommendations provided to patients. This applies currently in the United States and may extend to additional markets over time.

The legal basis for processing your personal data depends on your location and the applicable law:

GDPR (EU/EEA, including Spain)

• Processing is based on: (a) your explicit consent when sensitive health or genetic data is discussed; (b) our legitimate interests in quality assurance, training, and dispute resolution; and (c) compliance with legal obligations where applicable.
• For special category data (health/genetic data), we rely on your explicit consent or, where applicable, substantial public interest grounds under Art. 9 GDPR.

HIPAA & US State Privacy Laws (United States)

• Health-related information is treated as Protected Health Information (PHI) and processed in compliance with HIPAA. Recordings may only be accessed, used, or disclosed as permitted under HIPAA.
• California residents: processing also complies with the California Consumer Privacy Act (CCPA/CPRA), including rights to know, delete, correct, and opt-out of certain sharing.
• Other US state privacy laws may apply depending on your state of residence.

Canada (PIPEDA / Provincial Laws)

• We collect, use, and disclose personal information with your knowledge and consent, except where otherwise permitted by law. Quebec residents have additional rights under Law 25 (Bill 64).

Brazil (LGPD)

• Processing is based on: (a) your consent; (b) compliance with a legal or regulatory obligation; and (c) legitimate interests, provided such processing does not override your fundamental rights.

Callers from Other Jurisdictions

• If you are calling from a country not listed above, we will process your data in accordance with the law applicable to the Vitrolife Group entity you are contacting, and respect any additional rights you may have under your local law.

• Call recordings are stored in Vitrolife Group’s secure Customer Relationship Management (CRM) systems, protected with role-based access controls.
• Only employees who require access to perform their job duties may access the recordings, and all such employees are bound by strict confidentiality obligations.
• We apply technical safeguards including encryption (in transit and at rest), access logging, and secure storage infrastructure.
• Access to recordings involving health or genetic information is further restricted to authorized clinical and compliance personnel only.

We may share recordings only with:

• Authorized Vitrolife Group employees who require access to perform their duties.
• Data processors and service providers (e.g., call recording platform providers, call center operators, transcription services, and secure cloud storage providers). We carefully select all processors and require them to process personal data only on our documented instructions. Each processor is bound by appropriate contractual obligations (including, where applicable, Data Processing Agreements under GDPR, HIPAA Business Associate Agreements, and equivalent mechanisms under other applicable laws) covering confidentiality, security, sub-processing controls, and data deletion obligations.
• Regulatory or legal authorities, if required or permitted by applicable law.
• Other Vitrolife Group affiliates for internal administrative purposes, subject to intragroup data sharing agreements.
• Other parties with your explicit consent or as otherwise required by law.

We do not sell your personal or health information.

Recordings will be retained only for as long as necessary to fulfill the purposes described in this notice, or as required by applicable law. After this period, they will be securely deleted or anonymized. Retention periods may differ depending on jurisdiction and specific legal requirements (e.g., healthcare or accreditation record-keeping obligations).

Vitrolife Group operates globally. Your data may be transferred to, stored in, or processed in a country different from your own, including to countries that may not offer the same level of data protection as your home country.

Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers from the EU/EEA.
• HIPAA Business Associate Agreements (BAAs), for transfers involving US health information.
• Equivalent contractual mechanisms required under LGPD, PIPEDA, or other applicable laws.
• Intra-group data transfer agreements covering all Vitrolife Group entities.

Depending on your location, you may have the following rights regarding your personal data:

EU/EEA & Spain (GDPR)

• Right to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, withdrawal of consent, and the right to lodge a complaint with your national supervisory authority.

United States (HIPAA / CCPA)

• Right to access your health information, request amendments, request an accounting of disclosures, and (in California) the right to know, delete, correct, opt-out of sale/sharing, and non-discrimination.

Canada (PIPEDA / Law 25)

• Right to access and correct your personal information, and the right to challenge compliance with applicable privacy principles. Quebec residents have additional rights under Law 25.

Brazil (LGPD)

• Right to access, correct, anonymize, block, or delete unnecessary or unlawfully processed data; data portability; information about sharing; withdrawal of consent; and the right to lodge a complaint with the ANPD.

You may exercise any of these rights by contacting us as described in Section 11 below.

We implement appropriate technical, organizational, and administrative safeguards to protect call recordings and associated personal data against unauthorized access, disclosure, alteration, or destruction. Access is restricted to trained and authorized personnel only, under confidentiality obligations, and supported by encryption, access controls, and secure storage. We review and update our security measures regularly.

If you have questions, requests, or complaints regarding this notice or your privacy rights, please contact:

Vitrolife Group’s Data Protection Officer / Privacy Office

Vitrolife Sweden AB (registration number 556546-6298)
Gustaf Werners Gata 2, 400 92, Gothenburg, Sweden

[email protected] or contact the relevant local Vitrolife Group affiliate for your region (see Section 1 and the full contact list at www.vitrolifegroup.com/contact-us).

You also have the right to contact and lodge a complaint with the data protection supervisory authority in your country of residence.