privacy policy

Stego Privacy Policy

Effective Date: 15 July 2026

1. INTRODUCTION

STEGO Technologies Inc. respects the privacy of individuals who visit our website, communicate with us, apply for employment, request product information or interact with our business.

This Privacy Policy explains how STEGO collects, uses, stores, shares and protects personal information.

References to “STEGO”, “we”, “us” and “our” mean STEGO Technologies Inc. and, where applicable, its affiliated companies, operating offices and authorised representatives.

References to “you” and “your” mean any individual whose personal information is processed by STEGO.

This Privacy Policy applies to the STEGO website available at www.stegosafety.com, including its subdomains, successor domains, publicly accessible development environments, product tools, forms, downloadable resources and associated digital services, collectively referred to as the “Website.”

It also applies to personal information received through business enquiries, product enquiries, safety audit requests, glove trial activities, recruitment applications, distributor communications and related commercial interactions.

2. RESPONSIBILITY FOR PERSONAL INFORMATION

STEGO Technologies Inc. is responsible for personal information under its control.

STEGO designates an authorised Privacy Officer to oversee compliance with this Privacy Policy, respond to privacy requests and manage concerns regarding the handling of personal information.

Where another STEGO affiliate determines how personal information will be processed for a specific activity, that affiliate may also act as a data controller or responsible organisation under applicable law.

3. WHAT PERSONAL INFORMATION MEANS

Personal information means information about an identifiable individual.

This may include:

1. A person’s name 2. Contact information 3. Employment information 4. Online identifiers 5. Device information 6. Communications with STEGO 7. Application documents 8. Information relating to a product enquiry or workplace assessment

Personal information does not normally include properly anonymised information that can no longer be linked to an identifiable individual.

Information relating only to a business, such as a general company address or general business telephone number, may not constitute personal information under some laws. Information identifying an individual business contact may still be protected.

4. INFORMATION YOU PROVIDE DIRECTLY

STEGO may collect personal information that you voluntarily provide through the Website or through direct communication with us.

4.1 Contact enquiries

When you complete the Contact Us form or communicate with STEGO, we may collect:

1. First name 2. Last name 3. Email address 4. Mobile or telephone number 5. Company name 6. Job title 7. Country or location 8. Enquiry subject 9. Message content 10. Any information included in attachments or subsequent correspondence

4.2 Safety Audit and Glove Trial enquiries

When you request a STEGO Safety Audit, Glove Trial Program or product assessment, we may collect:

1. Your name 2. Business contact details 3. Employer or organisation 4. Worksite location 5. Industry and operating activity 6. Information about workplace tasks 7. Information about hazards and exposure conditions 8. Current glove usage 9. Product performance concerns 10. Workforce requirements 11. Trial results and evaluation feedback 12. Communications relating to the assessment

Safety Audit information may contain operational or commercial information belonging to your organisation. You must ensure that you are authorised to provide this information to STEGO.

4.3 Career applications

When you apply for employment, we may collect:

1. First name 2. Last name 3. Email address 4. Telephone number 5. Employment history 6. Education and qualifications 7. Professional certifications 8. Skills and experience 9. References 10. Curriculum vitae 11. Cover letter 12. Work authorisation information 13. Interview information 14. Compensation expectations 15. Information provided in uploaded files 16. Other information relevant to the recruitment process

Please do not include sensitive personal information in an application unless it is necessary for the recruitment process or specifically requested by STEGO.

4.4 Business and distributor communications

Where you communicate with STEGO as a customer, prospective customer, distributor, supplier, consultant or commercial partner, we may collect:

1. Your name 2. Employer or organisation 3. Position and department 4. Business email address 5. Business telephone number 6. Business location 7. Product interests 8. Purchasing or supply requirements 9. Meeting records 10. Commercial correspondence 11. Contract and transaction information 12. Customer service history

4.5 Events, training and communications

Where STEGO provides training, seminars, product demonstrations, events, newsletters or technical updates, we may collect:

1. Registration information 2. Attendance information 3. Professional interests 4. Communication preferences 5. Feedback 6. Questions submitted during an event 7. Photographs or recordings where appropriate notice and consent have been provided

5. INFORMATION COLLECTED AUTOMATICALLY When you visit or use the Website, certain information may be collected automatically by our servers, hosting providers, security services and approved technology providers.

This information may include:

1. Internet Protocol address 2. Browser type and version 3. Device type 4. Operating system 5. Language settings 6. Approximate geographic region 7. Date and time of access 8. Referring website 9. Pages viewed 10. Time spent on pages 11. Website searches 12. Product finder interactions 13. Documents viewed or downloaded 14. Links selected 15. Form interaction data 16. Error records 17. Security and diagnostic records 18. Cookie and similar technology identifiers

Some of this information may identify a device rather than a named individual. It may still constitute personal information under applicable law.

Further information about cookies and similar technologies is provided in the STEGO Cookie Policy.

6. INFORMATION RECEIVED FROM OTHER SOURCES

STEGO may receive personal information from:

1. STEGO affiliates and operating offices 2. Authorised distributors and commercial partners 3. Employers requesting a safety assessment 4. Recruitment agencies 5. Professional references 6. Event organisers 7. Public business directories 8. Public professional profiles 9. Social media platforms 10. Website, analytics and security providers 11. Organisations involved in a business transaction 12. Government or regulatory authorities where legally permitted

We process information received from another source only where we have a lawful and legitimate reason to do so.

7. SENSITIVE PERSONAL INFORMATION

STEGO does not intentionally collect sensitive personal information through its general website forms.

Sensitive information may include health information, biometric information, government identification numbers, financial account information, racial or ethnic origin, religious beliefs, political opinions, trade union membership or information concerning a person’s sexual life or orientation.

Applicants and website users should not provide sensitive information unless:

1. It is necessary for a legitimate purpose 2. STEGO has specifically requested it 3. Its collection is permitted by law 4. Appropriate safeguards are available

Where sensitive information is required, STEGO will apply additional protection and obtain consent where required.

8. PURPOSES FOR WHICH INFORMATION IS USED

STEGO may use personal information to:

1. Respond to enquiries and communications 2. Provide requested product information 3. Recommend suitable product categories for further evaluation 4. Arrange Safety Audits and Glove Trial Programs 5. Manage product samples and trial evaluations 6. Provide technical, commercial and customer support 7. Identify distributors or representatives able to assist in a particular market 8. Process employment applications 9. Communicate with applicants 10. Assess qualifications and suitability for employment 11. Manage supplier, distributor and customer relationships 12. Prepare quotations and commercial proposals 13. Perform contractual obligations 14. Manage events, seminars and training activities 15. Deliver requested publications and communications 16. Maintain communication preferences 17. Improve website content, navigation and performance 18. Understand how Website resources are used 19. Maintain Website security 20. Detect fraud, abuse and unauthorised access 21. Diagnose technical problems 22. Protect STEGO’s legal rights and intellectual property 23. Comply with legal, tax, regulatory and reporting requirements 24. Establish, exercise or defend legal claims 25. Support corporate administration, audits and risk management 26. Complete a merger, acquisition, restructuring or other legitimate business transaction

STEGO will not use personal information for an incompatible new purpose without obtaining further consent or establishing another lawful basis where required.

9. LEGAL BASIS FOR PROCESSING

Where applicable law requires STEGO to identify a legal basis, personal information may be processed on one or more of the following grounds.

9.1 Consent

We may process information where you have provided valid consent.

Examples may include:

1. Optional marketing communications 2. Nonessential cookies 3. Event photographs or recordings 4. Retaining an unsuccessful employment application for future opportunities

You may withdraw consent at any time, subject to legal or contractual restrictions.

9.2 Contractual necessity We may process information where it is necessary to:

1. Take steps requested before entering into a contract 2. Provide requested services 3. Perform a contract 4. Manage a commercial relationship

9.3 Legitimate business interests

We may process information where necessary for legitimate business purposes, provided those interests are not overridden by your rights.

These interests may include:

1. Responding to business enquiries 2. Managing customer and distributor relationships 3. Improving the Website 4. Protecting systems and information 5. Preventing fraud 6. Maintaining business records 7. Developing STEGO products and services 8. Communicating with professional business contacts

9.4 Legal obligations

We may process information to comply with:

1. Applicable law 2. Regulatory requirements 3. Court orders 4. Tax and accounting obligations 5. Employment requirements 6. Record keeping obligations 7. Lawful requests from public authorities

9.5 Legal claims and protection

We may process information where necessary to protect the rights, property, security or legitimate interests of STEGO, our personnel, customers, business partners or others. 10. CONSENT

Consent may be express or implied, depending on:

1. The sensitivity of the information 2. The purpose of collection 3. The reasonable expectations of the individual 4. Applicable law Submitting a form constitutes consent for STEGO to use the submitted information to review and respond to the relevant request.

Submitting an employment application constitutes consent for STEGO to assess the application and communicate regarding recruitment.

Consent to one activity does not automatically constitute consent to unrelated marketing or secondary uses.

STEGO will seek clear consent where required for optional processing activities.

11. MARKETING COMMUNICATIONS STEGO may send product information, company updates, technical publications, event invitations or other business communications where:

1. You have requested them

2. You have provided consent

3. An existing business relationship permits the communication

4. Another lawful basis is available Marketing messages will include an appropriate method for unsubscribing where required by law. You may withdraw from marketing communications at any time.

An unsubscribe request will not prevent STEGO from sending communications required to:

1. Respond to an active enquiry

2. Administer a contract

3. Provide requested support 4. Deliver a service 5. Communicate important legal, security or operational information

STEGO may retain a minimal suppression record to ensure that an unsubscribe request continues to be respected.

12. COOKIES AND SIMILAR TECHNOLOGIES

The Website may use cookies, pixels, local storage, tags and similar technologies.

These technologies may be used to:

1. Operate essential Website functions 2. Maintain security 3. Remember user preferences 4. Measure Website performance 5. Understand page and document usage 6. Diagnose technical issues 7. Improve Website content 8. Support embedded media or external services

Nonessential cookies will be used only where permitted by applicable law and, where required, after consent has been obtained.

Users can manage available preferences through the Website cookie controls and browser settings.

Detailed information is provided in the STEGO Cookie Policy.

13. WHEN PERSONAL INFORMATION MAY BE SHARED

STEGO may share personal information with the following categories of recipients where reasonably necessary.

13.1 STEGO affiliates and authorised offices

Information may be shared within the STEGO organisation to:

1. Respond to enquiries 2. Provide local commercial support 3. Manage recruitment 4. Administer business operations 5. Maintain information systems 6. Meet legal and compliance obligations

13.2 Service providers

STEGO may engage service providers for:

1. Website hosting 2. Website development and maintenance 3. Email delivery 4. Business communications 5. Customer relationship management 6. File storage 7. Cybersecurity 8. Analytics 9. Recruitment support 10. Document management 11. Professional advisory services

Service providers may process personal information only for authorised purposes and subject to appropriate confidentiality, security and contractual controls.

13.3 Distributors and commercial partners

Where an enquiry requires local product availability, a quotation, a sample, a trial or regional support, STEGO may provide relevant contact and enquiry information to an authorised distributor or commercial representative.

Only information reasonably necessary to address the request will be shared.

13.4 Professional advisers

Information may be shared with lawyers, accountants, auditors, insurers, consultants and other advisers where necessary for legitimate professional purposes.

13.5 Government and regulatory authorities

Information may be disclosed where required or permitted by law, including in response to: 1. A court order 2. A lawful government request 3. A regulatory requirement 4. A law enforcement request 5. A legal investigation 6. A threat to safety or security

13.6 Corporate transactions

Information may be disclosed in connection with a proposed or completed merger, acquisition, financing, restructuring, sale of assets or transfer of business.

Recipients will be required to handle the information appropriately and consistently with applicable law.

14. SALE OF PERSONAL INFORMATION

STEGO does not sell or rent personal information in exchange for money.

STEGO does not provide personal information to unrelated organisations for their independent direct marketing without consent.

The use of analytics, embedded content or advertising technologies, if introduced, will be explained through the Cookie Policy and applicable consent controls.

15. INTERNATIONAL TRANSFERS

STEGO operates and conducts business internationally.

Personal information may be processed or stored in countries outside the country in which it was collected, including countries where STEGO affiliates, hosting providers, technology providers, distributors or advisers operate.

The privacy and government access laws of another country may differ from those of your country.

Where required, STEGO will use appropriate measures for international transfers, which may include:

1. Contractual data protection clauses 2. Transfer agreements 3. Adequacy decisions 4. Consent 5. Other legally recognised safeguards

Access to transferred information will be limited to authorised recipients with a legitimate need to process it.

16. DATA RETENTION

STEGO retains personal information only for as long as reasonably necessary for the purposes for which it was collected and to meet legal, regulatory, operational and security requirements.

Unless a longer period is required by law, contract or an active legal matter, STEGO’s standard retention periods are:

1. General enquiries and correspondence: up to 24 months after the enquiry is resolved 2. Safety Audit and Glove Trial records: up to 5 years after the assessment or trial is completed 3. Unsuccessful employment applications: up to 24 months after the recruitment decision 4. Successful employment applications: transferred to the applicable employee record and

retained according to the employee retention schedule 5. Customer, distributor and supplier records: for the duration of the relationship and up to 7

years after its conclusion 6. Contract, transaction, accounting and tax records: up to 7 years or any longer period required

by law 7. Website security and access records: normally up to 12 months unless required for an

investigation 8. Marketing records: until consent is withdrawn, the communication becomes inactive or the

information is no longer required 9. Consent and suppression records: for as long as reasonably required to demonstrate

compliance and respect communication preferences 10. Legal claim information: until the relevant limitation period, dispute or proceeding has

concluded

Information may be retained longer where reasonably necessary to:

1. Investigate fraud or a security incident 2. Preserve evidence 3. Respond to litigation 4. Meet regulatory requirements 5. Enforce an agreement When personal information is no longer required, STEGO will securely delete, destroy or anonymise it.

17. INFORMATION SECURITY

STEGO uses administrative, technical and physical safeguards appropriate to the nature and sensitivity of the personal information under its control.

Safeguards may include:

1. Access controls 2. Role based permissions 3. Password protection 4. Multifactor authentication 5. Encryption during transmission 6. Secure hosting arrangements 7. Network and endpoint protection 8. Backup procedures 9. Security monitoring 10. Staff confidentiality obligations 11. Service provider assessments 12. Incident response procedures 13. Secure deletion practices

No internet transmission, information system or storage method is completely secure.

Users should not transmit confidential or highly sensitive information through a general Website form unless specifically instructed to do so.

18. SECURITY INCIDENTS

STEGO maintains procedures for identifying, assessing and responding to suspected personal information breaches.

Where a breach creates a legally reportable risk, STEGO will notify the appropriate regulator and affected individuals as required by applicable law.

STEGO may also: 1. Preserve records of the incident 2. Restrict affected systems 3. Investigate the cause 4. Engage security or legal specialists 5. Take measures to reduce further harm 6. Cooperate with authorities where required

19. ACCURACY OF INFORMATION

STEGO takes reasonable steps to ensure that personal information used for an active purpose is accurate, complete and current.

You are responsible for providing accurate information and informing STEGO when relevant information changes.

STEGO may request updated information where necessary to continue a business, recruitment or service relationship.

20. YOUR PRIVACY RIGHTS

Depending on your location and applicable law, you may have the right to:

1. Know whether STEGO holds personal information about you 2. Request access to your personal information 3. Request correction of inaccurate or incomplete information 4. Request deletion of information 5. Withdraw consent 6. Object to certain processing 7. Request restriction of processing 8. Request transfer of information in a structured format 9. Obtain information about recipients of your information 10. Make a complaint to a privacy regulator 11. Request information about international transfers 12. Challenge STEGO’s compliance with applicable privacy requirements

Some rights are subject to legal limitations.

STEGO may be unable to delete or provide certain information where:

1. Retention is required by law 2. The information is subject to legal privilege 3. Disclosure would reveal another person’s personal information 4. The request would interfere with an active investigation 5. The information is required to establish, exercise or defend a legal claim 6. Another lawful exception applies

21. EXERCISING YOUR RIGHTS

Privacy requests may be submitted through the Contact Us page of the Website or by writing to the STEGO Privacy Officer at the address stated in Section 29.

A request should include:

1. Your full name 2. Your contact information 3. A clear description of the request 4. Details that allow us to locate the relevant information

STEGO may request reasonable proof of identity before processing a request.

Only information required to verify identity will be requested.

STEGO will respond within the period required by applicable law.

Where a request is unusually complex, repetitive, excessive or legally restricted, STEGO may extend the response period, charge a permitted fee or decline the request. The reason will be explained where required.

An authorised representative may submit a request where appropriate proof of authority is provided.

22. CANADIAN PRIVACY RIGHTS

Where Canadian privacy law applies, individuals may request access to personal information under STEGO’s control and challenge its accuracy and completeness.

Individuals may also challenge STEGO’s compliance with applicable Canadian privacy requirements.

Where a concern is not resolved directly with STEGO, an individual may submit a complaint to the Office of the Privacy Commissioner of Canada or another competent provincial privacy authority. 23. EUROPEAN AND UNITED KINGDOM PRIVACY RIGHTS

Where the European General Data Protection Regulation or United Kingdom data protection law applies, you may have rights including:

1. Access 2. Rectification 3. Erasure 4. Restriction 5. Data portability 6. Objection 7. Withdrawal of consent 8. Complaint to a competent supervisory authority

Where processing is based on legitimate interests, you may object based on your particular circumstances.

Where personal information is used for direct marketing, you may object to that use at any time.

Withdrawal of consent does not affect processing that was lawful before consent was withdrawn.

24. UNITED ARAB EMIRATES PRIVACY RIGHTS

Where United Arab Emirates personal data protection law applies, you may have rights concerning:

1. Access to personal information 2. Correction of inaccurate information 3. Deletion where legally available 4. Restriction or cessation of certain processing 5. Transfer of information where applicable 6. Objection to certain automated processing 7. Withdrawal of consent 8. Complaint to the competent authority

These rights are subject to the conditions and exceptions established by applicable law.

25. RECRUITMENT INFORMATION

Employment application information will be used only for legitimate recruitment, workforce planning, compliance and employment administration purposes. Application information may be reviewed by:

1. Human resources personnel

2. Relevant hiring managers

3. Authorised management personnel

4. Recruitment service providers

5. Legal or compliance advisers where necessary References will be contacted only where appropriate and legally permitted.

Submitting an application does not guarantee an interview, employment offer or future consideration.

Applicants should ensure that any reference or third person identified in an application is aware that their information may be provided to STEGO.

26. AUTOMATED DECISION MAKING

STEGO does not use personal information collected through the Website to make decisions based solely on automated processing that produce legal or similarly significant effects on individuals. Website analytics, security screening and form filtering may use automated processes, but these activities are intended to support Website operation, security and administration.

If STEGO introduces significant automated decision making, this Privacy Policy and any required notices will be updated.

27. CHILDREN’S PRIVACY

The Website is intended for business users, safety professionals, distributors, employers, applicants and adult visitors.

It is not directed to children under 16 years of age.

STEGO does not knowingly collect personal information from children through the Website.

Where STEGO becomes aware that a child’s information was submitted without appropriate authorisation, it will take reasonable steps to delete it.

28. EXTERNAL WEBSITES AND SOCIAL MEDIA

The Website may contain links to social media platforms, distributors, standards organisations and other external services.

External services operate under their own terms and privacy policies.

STEGO does not control how an external service collects or processes personal information after you leave the Website.

Social media platforms may collect information about your visit when their content, buttons, videos or other functions are embedded within the Website.

Users should review the privacy settings and policies of external services before interacting with them.

29. CONTACTING STEGO

Questions, requests or complaints regarding this Privacy Policy or the handling of personal information may be directed to:

Privacy Officer

STEGO Technologies Inc. Unit 10, 3400 Ridgeway Drive Mississauga, Ontario L5L 0A2 Canada

Privacy requests may also be submitted through the Contact Us page at www.stegosafety.com.

Please write “Privacy Request” in the subject field.

30. CHANGES TO THIS PRIVACY POLICY

STEGO may revise this Privacy Policy to reflect changes in:

1. Website functionality 2. Business operations 3. Information handling practices 4. Technology 5. Security requirements 6. Applicable law The effective date at the top of this page identifies the current version.

Material changes will be communicated through the Website or another appropriate method where required by law.

Continued use of the Website after publication does not replace any consent required for a new processing activity.

31. RELATED POLICIES This Privacy Policy should be read together with:

1. The STEGO Terms of Use

2. The STEGO Cookie Policy

3. The STEGO Legal Information page