Our Policies
Integrity Policy
Introduction
Because of GDPR *, we have clarified our handling of personal data in an integrity policy, which more fully describes how we collect and store personal information.
Our integrity policy will ensure that personal information from our customers, business partners, suppliers and other partners are processed and protected in a secure manner. The private policy regarding our employees and applicants is stated in our employee terms, which you will be informed about in case of an employment.
The integrity policy handles personal data provided to us when making business with our company such as collaboration agreements, purchase orders, sales orders, PR events.
Types of personal data handled by rt-labs AB
- Customers: Phone number, email and, if necessary, title. Stored in our CRM-system, hosted by rt-labs AB and in mail application (Google G-suite). Is used when personal contact is needed concerning delivery, projects, sales and other business cases. Reviews of customers’ personal data is made every year, where deletion of personal data is made, if no longer needed.
- Suppliers: Same personal data is stored as for customer.
- Leads/prospects: In order to process new business opportunities we in some cases need to store phone number, email and if necessary title to our potential customers. This personal data is stored in our CRM system (hosted by rt-labs AB) and in our mail application (Google G-suite). Review of our leads/prospects personal data is made every year, where deletion of personal data is made, if no longer needed. All employees at rt-labs AB have access to our prospects’/leads’ data.
- Employees: The private policy for employees/subcontractors/applicants are stated in our employee terms.
Registration and authentication
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Depending on what is described below, third parties may provide registration and authentication services. In this case, this Application will be able to access some Data, stored by these third-party services, for registration or identification purposes.
Auth0 Service Provider
Auth0 is a robust identity management service provider, used in our registration and authentication process. When a user register or log in using Auth0, the Application accesses only the necessary Data stored by Auth0 to ensure the identity and provide our services. This integration ensures a seamless user experience while maintaining high standards of security and privacy. Personal Data processed: various types of Data as specified in the privacy policy of the service.
Google OAuth
Google OAuth is a registration and authentication service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, and is connected to the Google network. Personal Data processed: login credentials and email for marketing services.
Personal data transferred
No personal data is transferred to any other country.
rt-labs AB never forward personal data to third part for marketing purposes. If personal delivery of products or any other distribution to personal addresses is necessary in our projects or contracts, personal data may be mandatory to provide to the distributor in order to fulfil our agreements.
Review of personal data
rt-labs AB offers anyone who wish, a possibility to review their personal data stored at our part. If the data is incorrect or in any other way irrelevant, you will be able to demand deletion of your personal data. If the data is for some reason (e.g. accounting purposes) needs to be kept on our account, you will be informed about why rt-labs AB needs your specific data.
Personal data for marketing
You can at any time recall your consent to using your personal data for rt-labs AB’s marketing purposes, either by sending a direct mail to support@rt-labs.com or by disable marketing activities in the settings of your rt-labs account.
Links
Our website contains links to other companies’ or community websites, which naturally we do not supervise and can not be responsible for their policies. These links are only for simplifying our visitors’ experience and for finding relevant information about different subjects related to our business.
Security
All data is stored encrypted and is secured by login only authorized has access to.
Contact information for personal data issues
RT-Labs AB
Första Långgatan 18
413 28 Göteborg
Sverige
Telefon: +46 (0)31 240 250
E-post: info@rt-labs.com
Företagsregister: Bolagsverket
Organisationsnummer: 556662-4614
Momsregisteringsnummer: VAT-NR SE556662461401
* General Data Protection Regulation (European Parliament and Council Regulation (EU) No 2016/679), abbreviated GDPR (General Data Protection Regulation) is a new EU regulation which will apply throughout the European Union May 25, 2018. GDPR replaces the Swedish Personal Data Act.
2024-12-14
Safety Policy
At RT-Labs, we are dedicated to providing safe and high-quality embedded technology products and services.
To achieve this, we commit to:
- Developing, maintaining, and improving our functional safety processes and tools in alignment with relevant standards (IEC 61508 and ISO 13849).
- Fostering a safety-oriented culture across all aspects of our organization, ensuring all team member contributes to safe products.
- Staff involved in functional safety development have the necessary competencies for their roles.
- Ensuring continuous knowledge and understanding of the functional safety requirements and guidelines associated with the functional safety products and systems.
- Upholding our commitment to functional safety by applying good safety engineering practices.
- Communicating and enforcing this policy throughout the company.
It is imperative that all members in our organization understands and actively supports the fulfilment of this policy.
Olof Lennerstedt, CEO
Vulnerability Disclosure Policy
1. Introduction
RT-Labs is committed to ensuring the security and integrity of its products, services, and infrastructure. This Vulnerability Disclosure Policy (VDP) aligns with IEC 62443 and ISO 27001 standards, providing a structured approach for responsible disclosure and remediation of security vulnerabilities.
2. Scope
This policy applies to all RT-Labs software, hardware, services, and digital infrastructure, including:
- Industrial automation and control systems (IACS)
- Embedded systems and software applications
- Cloud-based and on-premise solutions
- Third-party components and integrations
3. Reporting a Vulnerability
We encourage security researchers, partners, customers, and the general public to report potential security vulnerabilities responsibly. Reports should include:
- A detailed description of the vulnerability
- Steps to reproduce (PoC, screenshots, logs if applicable)
- Potential security impact
- Contact information for follow-up
Vulnerabilities should be reported via:
- Email: security@rt-labs.com
- PGP Key: Available for encrypted communications
4. Disclosure Process
Upon receiving a vulnerability report, RT-Labs will:
- Acknowledge receipt within 5 business days.
- Assess the severity and validate the vulnerability within 10 business days.
- Work with the reporter to confirm details and mitigate false positives.
- Develop a remediation plan, prioritizing based on risk impact.
- Release a security advisory, update, or patch within a reasonable timeframe (typically 30-90 days based on severity).
- Publicly disclose the vulnerability in coordination with the reporter if mutually agreed.
5. Safe Harbor & Legal Considerations
RT-Labs is committed to fostering responsible security research and will not take legal action against good-faith security researchers who:
- Act in compliance with this policy
- Avoid privacy violations, service disruptions, or data exfiltration
- Provide sufficient details for responsible remediation
6. Coordination with Regulatory & Industry Bodies
RT-Labs may collaborate with CERTs, ISACs, and relevant regulatory authorities when necessary to mitigate critical vulnerabilities affecting industry-wide systems.
7. Continuous Improvement
This policy is reviewed annually to align with evolving cybersecurity standards and best practices as per IEC 62443 and ISO 27001.
For any inquiries regarding this policy, contact security@rt-labs.com.
Last Updated: 2025-01-28