Privacy Notice
This privacy notice was last updated on 18 December 2025
1. General
Oxevia, officially registered as SG Oxevia Platform AB, org. number: 559548-3420, with registered address at Birger Jarlsgatan 20, 114 34, Stockholm (“we” or “Oxevia”), deliver instruments, consumables, reagents, and high value-add services, backed by personal customer service and local expertise. We are the trusted partner that helps laboratories achieve more, every day. To achieve this purpose, we process certain personal data about you.
This privacy notice explains how we collects and uses personal data in relation to:
· Persons involved in the acquisition process, such as the (prospective) selling entrepreneur or a person that holds a director position in a company targeted by us for acquisition or investment (the “Target Company”);
· Participants at events, seminars, and other activities organised by us;
· Individuals who otherwise contact us or send us enquiries, for example through our contact forms, by email, or in person at meetings or events;
· Recipients of business communication;
· Individuals who engage with us in a professional capacity, such as contact persons at our suppliers, business partners, or other organisations we work with.
We are the data controller, meaning we decide how your personal data is used. We follow all applicable data protection laws, including the GDPR.
You can jump to specific sections that are relevant for you by clicking on the title. Where we process your personal data based on our legitimate interest, we have made the assessment that the processing is legitimate and necessary. If you want to receive more information regarding this assessment, please contact us at Privacy@sygrowth.com.
2. Source of personal data
We collect personal data from:
· You or your representatives when you interact with us in relation to an Acquisition Process (see below for more information); and
· When you share personal data with us in other ways, such as through meetings, phone calls, correspondence, events, social media, or online forms in a general business context.
We may also collect or receive personal data about you from other sources, such as:
· From our business contacts, such as suppliers, advisors, and vendors;
· Public records and official registers (e.g., the Swedish Companies Registration Office (Bolagsverket) and other public authorities);
· Company websites and other publicly available online sources;
· Third-party providers who supply us with business contact details, for example regarding prospective portfolio companies or their majority shareholders;
· Professional advisors (such as law firms, auditors, consultants, or investment banks) in the context of transactions or due diligence processes; and
· Industry publications, databases, and media reports.
3. How we process personal data
3.1 Processing of personal data in relation to the Acquisition Process
3.1.1 Identifying opportunities and building relationships
We process personal data when identifying promising companies and engaging with entrepreneurs and key stakeholders. Our initial assessment focuses on companies and does not involve personal data. When a company is shortlisted, we process contact details of shareholders, directors, or representatives of the Target Company to initiate discussions, arrange meetings, and assess potential partnerships. This may lead to negotiating and signing a Letter of Intent (“LOI”). We may also send gifts as tokens of appreciation in line with our business ethics and applicable law.
The personal data processed includes contact details, professional background and role, relevant ownership or shareholding information, and communication content. At the LOI stage, we process contractual data necessary to prepare, review, and sign the LOI, such as names, roles, signatures, and related correspondence.
Processing is based on our legitimate interest in identifying business opportunities and maintaining business relationships. Where required under marketing or communications laws, we will contact you only with your consent. For the LOI stage, processing is necessary for the performance of a contract or to take steps prior to entering into a contract. Gifts are provided on the basis of our legitimate interest in maintaining strong business relationships.
We retain personal data only as long as needed. Contact and correspondence data are stored for up to 24 months after the last interaction if no transaction follows. LOI documentation is retained for up to 10 years for legal and evidentiary purposes in accordance with the Swedish Limitation Act.
3.1.2 Transaction Process
We process personal data to conduct transactions, including due diligence, preparation of the Share Purchase Agreement (“SPA”), and closing administration.
The personal data processed may include: contact and identification details of shareholders, their representatives, directors, and company representatives; ownership and shareholding information; materials provided during due diligence; financial, contractual, and regulatory documentation; transaction data; and correspondence and negotiation records. Where required by law, anti-money-laundering checks may be performed, which in exceptional circumstances could include criminal conviction data.
The processing is based on: our legitimate interest in conducting due diligence, structuring the partnership, and handling legal claims; compliance with legal, tax, and anti-money-laundering obligations and the Swedish Companies Act (Aktiebolagslagen); and the performance of a contract where necessary to prepare and enter into the SPA. Anti-money-laundering checks and the processing of criminal conviction data are only carried out when permitted by law.
Personal data is retained as needed for these purposes. Due diligence and transaction documentation are generally stored for up to 10 years after closing under the Swedish Limitation Act. Accounting materials must be kept for at least 7 years in accordance with the Swedish Accounting Act (Bokföringslagen). Anti-money-laundering rules require retention of due diligence documentation for 5 years after the end of the business relationship under the Anti-Money Laundering Act (Penningtvättslagen).
3.1.3 Post-transaction
We process personal data when supporting entrepreneurs and their companies after completing a transaction. This includes strategic development, group integration, administering employee incentive programmes, and maintaining share registers.
The personal data processed may include contact details and professional information of company representatives and employees; information needed for internal communication, reporting, and coordination; and details relating to incentive programmes offered to Group employees.
The processing is based on our legitimate interest in managing and supporting portfolio companies, ensuring effective group collaboration and value creation, and handling legal claims. Where processing relates directly to obligations under transaction agreements or cooperation arrangements, it is carried out based on our legitimate interest in fulfilling such obligations.
Personal data is retained as needed for these purposes. Contact and work-related information is stored while relevant. Certain records may be kept for up to 10 years to address potential legal claims under the Swedish Limitation Act. Accounting-related records are retained for at least 7 years in accordance with the Swedish Accounting Act.
3.1.4 Communication and enquiries
We process personal data to enable and administer communication when you contact us through various channels, including our website contact forms, email, telephone, or in-person meetings.
The personal data processed includes your name, email address, phone number, job title, company affiliation, address, and any information you provide in your enquiry or communication.
The processing is based on our legitimate interest in maintaining business relationships, responding to enquiries, and communicating with individuals who express interest in our business activities.
Personal data is retained only as long as necessary for the purpose of the communication. We regularly assess and delete personal data that is no longer needed, with a maximum retention period of two years from the last interaction.
3.1.5 Marketing and business communications
We process personal data to communicate updates about our business activities, industry developments, and other relevant information to contact persons at target companies and portfolio companies.
For this purpose, we process your name and email address.
The processing is based on our legitimate interest in maintaining stakeholder relationships, promoting business development, and enhancing brand awareness.
We retain your personal data for these communications until you object by contacting us at [Contact email].
3.1.6 Business operations and relationship management
We process personal data to manage relationships and agreements with partners, suppliers, and other external parties. This includes maintaining contact lists, ensuring effective communication, and handling matters necessary to defend, establish, or exercise legal claims.
The personal data processed includes contact details such as name, address, email address, and phone number; work-related information including employer, role, and job title; case- or agreement-related information provided in connection with client or supplier engagements; and transaction-related information such as invoice reference numbers.
The processing is based on our legitimate interest in managing relationships with organisations and their representatives and in addressing potential legal claims.
We retain personal data only as long as necessary. Contact and work-related information is stored while relevant, for example for the duration of your role as a contact person or the ongoing business relationship. Documents containing personal data that must be kept for accounting purposes are retained for seven years after the end of the financial year under the Swedish Accounting Act. Agreements and related records may be stored for up to ten years to address potential legal claims in accordance with the Swedish Limitation Act.
3.1.7 When you visit our website
When you visit our website, www.oxevia.com, we use cookies to provide you with a functioning website.
We process personal data through strictly necessary cookies to ensure the website functions properly. The processing of personal data is based on our legitimate interest in providing a functioning website. Personal data is only processed for other purposes if you have given your consent.
For more information about the types of cookies we use, what we use them for and how you can prevent the use of cookies, please see our Cookie Notice www.oxevia.com/cookie-notice.
4. Recipients of personal data
We may share your personal data with the following recipients:
· Professional advisors (e.g., legal counsel, auditors, consultants);
· Group companies and group portfolio companies;
· Third-party service providers, such as those providing IT infrastructure, cloud services, CRM and email services, and other support functions;
· Authorities and regulators, where required by law; and
· Third parties in connection with a merger, acquisition, or restructuring, such as potential acquirers or investors
When we disclose your personal data to third parties, we do so only where we have a legitimate interest in achieving the relevant purpose of the disclosure or where we are under a legal obligation to do so.
5. Transfer of personal data outside the EU/EEA
We and our suppliers and partners generally process your personal data only within the EU/EEA. If personal data is transferred outside the EU/EEA, we ensure adequate protection through either (i) a European Commission adequacy decision confirming that the country in question ensures an adequate level of protection, or (ii) appropriate safeguards that protect your rights, such as standard contractual clauses. To ensure transparency, you have the right to obtain a copy of any standard contractual clauses by contacting us. You can find more information about countries with adequate protection levels on the European Commission’s website, and about standard contractual clauses on the Swedish Authority for Privacy Protection's website. For further information, please contact us at [Contact email].
6. Your rights
· Right to information and access: You have the right to know what personal data we process about you and to request a copy of such data, together with certain additional information about how we process your personal data.
· Right to rectification: You have the right to request correction of inaccurate or incomplete personal data. If you believe the information we hold about you is incorrect, you may ask for it to be amended or completed.
· Right to erasure: Under certain circumstances, you may request that your personal data be erased. This may apply when the data is no longer needed for the purpose for which it was originally collected or if it was processed based on your consent and you subsequently withdraw that consent. However, there may be instances where we cannot delete your data, such as when we must retain it to comply with legal requirements, when it remains essential for the original purpose of collection, or when our interest in continuing to process the information outweighs your interest in having it erased.
· Right to object: You have the right to object to the processing of your personal data that is based on our legitimate interest. If we cannot demonstrate legitimate grounds to continue processing your personal data, we must discontinue such processing. You also have the right to object to our processing of your personal data for direct marketing purposes.
· Right to restriction: You have the right to request restriction of the processing of your personal data, which means it can only be processed for certain limited purposes. This may apply if you have objected to the processing, disputed the accuracy of your data, or if the processing is unlawful. Please note that restriction or deletion of your personal data may result in us not being able to fulfil our obligations under any agreement with the company you represent or provide you with our services.
· Right to data portability: If we process your personal data to fulfil a contract or based on your consent, you may, in certain cases, obtain your personal data for use elsewhere. For example, you may request a copy of your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller.
· Right to withdraw consent: If we process your personal data based on your consent, you may withdraw that consent at any time. Once withdrawn, we will discontinue any processing activities carried out under your consent.
If you have questions regarding how we process personal data about you, please contact us at privacy@sygrowth.com. If you have any objections or complaints about the way we process your personal data, you have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
7. Contact information
We may update this privacy notice from time to time. Any changes will be published on our website at oxevia.com.
This privacy notice was last updated on 18 December 2025