Privacy Policy

Nordheim Capital AB (publ)

Company Registration No.: 559553-3968

Address: Skogsövägen 22, 133 33 Saltsjöbaden, Sweden

Version: 1.1

Date: 2026-05-26

Nordheim Capital AB (publ) ("Nordheim", "we", "us") respects your privacy. This Privacy Policy describes how we collect, use, store and share personal data when you visit our website, contact us, subscribe to information, or otherwise interact with us.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection legislation.

1. Data Controller

Nordheim Capital AB is the data controller for the processing of personal data described in this Privacy Policy.

Contact Details

Address: Skogsövägen 22, 133 33 Saltsjöbaden, Sweden
Email: a@nordheimcapital.com

If we appoint a Data Protection Officer (DPO), the relevant contact details will be published on our website.

2. How We Process Personal Data

Below we describe our most common processing activities involving personal data.

2.1 Contact and Enquiry Management

Purpose

To respond to enquiries, provide feedback and manage matters, including support requests and complaints.

Personal Data

  • Name

  • Email address

  • Telephone number (if provided)

  • Contents of messages and correspondence

Legal Basis

Legitimate interest and/or contract (taking steps at your request prior to entering into a contract).

We have conducted a balancing test and concluded that the processing is necessary to communicate with individuals who contact us and to operate and develop our business.

Retention Period

During the handling of the matter and normally for up to 24 months thereafter.

2.2 Newsletters and Marketing Communications

Purpose

To send news, market information, product updates and other communications relating to our business.

Personal Data

  • Email address

  • Name (if provided)

  • Open and click statistics, where such functionality is used

Legal Basis

Consent.

Retention Period

Until you withdraw your consent or unsubscribe from future communications.

You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.

2.3 Investor and Market Relations

Purpose

To manage relationships and communications with existing and prospective investors, business partners and other market participants.

Personal Data

  • Name

  • Title and role

  • Employer/company

  • Contact details

  • Correspondence and meeting notes to the extent they contain personal data

Legal Basis

Legitimate interest.

We have conducted a balancing test and concluded that the processing is necessary for conducting and developing our business and professional relationships.

Retention Period

Normally up to 36 months from the most recent contact.

2.4 Recruitment

Purpose

To manage applications and conduct recruitment processes.

Personal Data

  • Name

  • Contact details

  • CV

  • Cover letter

  • References and other qualifications provided by you

Legal Basis

Legitimate interest and/or consent.

Retention Period

Normally up to 24 months after completion of the recruitment process.

2.5 Website Visits, Cookies and Analytics Tools

Purpose

To provide the website, improve functionality and security, troubleshoot issues and analyse how the website is used.

Personal Data

  • IP address

  • Device and browser information

  • Language preferences and settings

  • Pages visited

  • Time and duration of visits

  • Cookie IDs and other online identifiers

Legal Basis

Legitimate interest for necessary operation and security.

For non-essential cookies and analytics/marketing tools, personal data is processed only after consent has been provided through our cookie settings.

Third-Party Services We Use

Google Analytics

We use Google Analytics for statistics and analysis regarding how the website is used. Google Analytics may collect information regarding user behaviour, pages visited, device information and IP addresses.

Read more here: Google Privacy Policy

Meta Platforms Pixel

We use Meta Pixel to analyse and measure the effectiveness of our marketing activities and to understand how users interact with the website after viewing or clicking advertisements on Meta's platforms.

Read more here: Meta Privacy Policy

Retention Period

Retention periods vary depending on the type of cookie, log and system settings used by the relevant provider, but are typically between 12 and 24 months.

For more information about how we use cookies, please see our Cookie Policy.

2.6 Legal Obligations

In certain cases, we process personal data in order to comply with legal obligations, such as accounting requirements, regulatory obligations or decisions by public authorities.

Legal Basis

Legal obligation.

Retention Period

As required by applicable law.

3. Sources of Personal Data

We collect personal data:

  • Directly from you when you contact us or use our services;

  • Through your use of our website, including via cookies and logs;

  • To a limited extent from third parties and publicly available sources where relevant for professional dialogue or business development.

4. Sharing of Personal Data

We never sell personal data.

We may share personal data with the following categories of recipients where necessary:

  • IT and operational service providers

  • Hosting and cloud service providers

  • Communication and CRM providers

  • Analytics and cookie providers

  • Professional advisers such as lawyers, auditors and consultants

  • Public authorities where required by law or legal obligation

All recipients process personal data in accordance with contractual obligations and applicable data protection legislation.

5. Transfers of Personal Data Outside the EU/EEA

Personal data is normally processed within the EU/EEA.

However, some of our service providers may process personal data outside the EU/EEA, including in the United States.

Where such transfers occur, we ensure that they are carried out in accordance with GDPR, for example through:

  • European Commission adequacy decisions;

  • Standard Contractual Clauses (SCCs);

  • Supplementary safeguards where required.

6. Your Rights

Under GDPR, you have the right to:

  • Request access to your personal data;

  • Request correction of inaccurate personal data;

  • Request erasure in certain circumstances;

  • Request restriction of processing in certain circumstances;

  • Object to processing based on legitimate interests;

  • Request data portability in certain circumstances;

  • Withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

To exercise your rights, please contact us using the details provided below.

7. Cookies

We use cookies and similar technologies to ensure that the website functions properly, improve the user experience and — where you provide your consent — for statistics, analytics and marketing purposes.

When you visit the website, you are given the opportunity to consent to non-essential cookies through our cookie settings.

You may change your preferences at any time through the cookie settings or your browser settings.

For more information, please see our Cookie Policy.

8. Security

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, misuse and unlawful disclosure.

Examples of such measures include access controls, security procedures and incident management processes.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example if we change how we process personal data or introduce new services.

The most recent version will always be published on our website together with the date of the latest update.

10. Contact

Nordheim Capital AB (publ)

Address: Skogsövägen 22, 133 33 Saltsjöbaden, Sweden

Email: a@nordheimcapital.com