ChemoMetec A/S : Data Ethics policy (English)

Policies - Data ethics

Data ethics policy

Introduction

The purpose of this policy is to set out ChemoMetec's data ethics principles. The policy applies to all employees across the entire group.

ChemoMetec's data ethics policy aims to ensure a reasonable balance between, on the one hand, the many benefits offered by the use of data and new technologies and, on the other, the implications which the use of data may have for individuals and society at large in the short as well as the long term.

At ChemoMetec, we generally work on the basis of an ethical compass, seeking to take into consideration what best serves the interests of individuals and society.

At ChemoMetec, we process data in compliance with the legislation applicable, including the General Data Protection Regulation (GDPR) and the Danish Data Protection Act. However, this data ethics policy should be seen in a wider context than just current regulation, as its primary focus is on ethics.

Background

ChemoMetec develops, manufactures and markets cell counting and cell analysis equipment. Accord- ingly, ChemoMetec primarily processes data concerning persons (employees), companies and institutions (customers and suppliers) and other confidential data concerning R&D activities. As such, ChemoMetec's handling of data comprises both the creation, collection, storage, analysis and use of data.

ChemoMetec is a digitally responsible company committed to ensuring that the data of our employees, suppliers and customers are processed in a respectful and careful manner.

Fundamental data ethics values

ChemoMetec's data ethics policy is based on a set of data ethics values that may be summarised as follows:

Data security

The processing of data must be secure, robust and reliable. Data must be stored and shared in a secure manner to avoid data being unintentionally made accessible to any unauthorised party.

Respectful use

Data must not be processed for purposes of harming individuals, and people should be the primary beneficiaries of data processing. In other words, people rank above commercial and institutional interests.

ChemoMetec A/S (CVR no. 19 82 81 31)

Page 1 of 3

Policies - Data ethics

Equality

The processing of data must not discriminate on the basis of ethnicity, sexuality, gender, socioeconomic background, political beliefs, religion, union membership, genetic data, biometric data, disability or other health-related data.

Legal rights

Data must be processed in compliance with fundamental legal guarantees and rights.

Data ethics in general

Data are only collected in order to achieve a specific purpose.

ChemoMetec collects and uses such data on customers, suppliers and other business partners that is necessary for the operation and development of the group's activities. As all ChemoMetec's customers and suppliers are registered companies and institutions, we only to a very limited extent process data from external parties which can be attributed to a specific data subject.

Use of data

Human rights must be respected in the processing of data and the design of technologies used to process data. For example, the processing of data and the use of data processing technologies must be impartial so as to avoid the risk of discrimination, marginalisation or stigmatisation of individuals.

ChemoMetec primarily uses data for the operation and development of the group's activities and for analysis, statistics and customer service.

Security

As cybercrime and unauthorised access to data pose an ongoing risk to ChemoMetec, we strive to implement an adequate level of security in and around the systems and technologies we use for purposes of processing data. Our security measures must be technical as well as organisational, and the necessary level of security must be determined on the basis of a risk assessment of the specific processing activity and the technology used for processing data.

ChemoMetec endeavours to have an effective emergency plan in place for the handling of potential attacks and threats that could harm the group's technologies and systems.

The consequences of and risks associated with new activities, systems and technologies used specifically for processing data must always be considered, thought through and documented prior to implementation.

Technologies for the processing of data - in particular new technologies - must be designed so as to ensure that they comply with best data ethics practices, including the principles set out in this policy, and general data processing principles, see the GDPR.

Responsibility and updating of policy

This policy must be available to our employees and to all our stakeholders. Accordingly, the policy is available on ChemoMetec's website.

ChemoMetec A/S (CVR no. 19 82 81 31)

Page 2 of 3

Policies - Data ethics

Decisions concerning ChemoMetec's data processing, including the design, purchase or implementation of data processing systems and technologies, must be made by relevant managers possessing the requisite knowledge of the contents of this policy.

Any data ethics dilemmas arising within ChemoMetec must be discussed and considered by the relevant responsible persons.

The reporting on ChemoMetec's data ethics efforts is undertaken by the group's IT department, which, in collaboration with the finance department, reports significant risks to the Executive Management.

The Board of Directors is responsible for preparing and updating this policy. The Board of Directors assesses on an ongoing basis and at least once annually whether the policy needs to be updated.

Approved by the Board of Directors on 28 June 2022

ChemoMetec A/S (CVR no. 19 82 81 31)

Page 3 of 3