Privacy Statement Data Controller This privacy statement explains how we collect and use (process) personal data in our business. COVERTRO KÄLDMAN, through the CEO, is responsible for the data processing. Our contact information is: COVERTRO KÄLDMAN Business Address: OSLO, Radarveien 13, Norway, 1152 Organization Number: 932936534 Email Address: emil0110@hotmail.no We take your privacy seriously and have taken several steps to ensure that we provide you with clear information on how we process your data, and what rights you have. If you feel something is unclear or missing, do not hesitate to contact us.

Your Rights Please contact us if you have questions about or want to exercise any of your rights. You are entitled to a response within 30 days at the latest. Read more on the Norwegian Data Protection Authority's pages.

Access to and Correction of Personal Information: You can request a copy of all the information we process about you, and ask us to correct information that is incorrect.

Deletion or Restriction: In some situations, you can ask us to delete and/or restrict the processing of information about yourself, but we cannot delete data we are required to process.

Objecting to Processing: If we process information about you based on legitimate interest, you have the right to object to that.

Data Portability: If we process information about you based on consent or a contract, you can ask us to transfer information about you to yourself or to another data controller. You also have the right to withdraw your consent at any time. If you are not satisfied with how we process your data, you can complain to the Norwegian Data Protection Authority, but we hope that you will contact us directly first so we can try to resolve the issue for you in a good way.

Whom We Process Personal Data About We process personal data about: Customers

How We Collect Personal Data It is voluntary to provide personal data to us, but in order to complete a transaction, we need a number of details from you. We process personal data when you: purchase our products/services

Purpose, Legal Basis, and Storage According to Article 6(1) of the General Data Protection Regulation, personal data may be processed on the basis of: Your consent A contract we have entered into A legal obligation we have To protect the vital interests of the data subject or another natural person To perform a task in the public interest or in the exercise of official authority A legitimate interest we believe we have As a general rule, personal data should not be processed and stored for longer than necessary to fulfill the purpose of the processing. If we process your personal data based on a legitimate interest we believe we have, you can object to the processing by contacting us. We will then consider your objection and provide you with prompt feedback. To comply with this, we conduct annual GDPR audits where we formally review and go through our privacy work. The purpose is to change, update, and if necessary, delete personal data. We retain data as long as we are required to do so by applicable legal obligations, for example related to accounting, tax, or employment legislation, and/or other relevant rules and regulations. You can contact us at any time if you want us to stop processing or delete your personal data, but note that we cannot delete personal data we are legally obligated to process. We have procedures in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis to continue processing them. Accounting materials are stored for up to 5 years, according to the rules in the Accounting Act.

How We Process Personal Data Here we describe in detail when and how we process your personal data, for what purposes, on what legal basis, and for how long. We process personal data when: You purchase our products and services When you purchase products and services from us, we process personal data such as name, contact information, order and payment information, and purchase history. The purpose is to be able to deliver products and services to you following an order/purchase, to have a history of sold products and services, and otherwise to manage and follow up on the customer relationship with you. The legal basis can be: Your consent. A contract we have entered into. A legal obligation we have, according to among others the Accounting and Tax Laws.

Marketing in Existing Customer Relationships When you become a customer with us, we process personal data as mentioned above. If you have an existing customer relationship with us, we may send you marketing by email and SMS, in line with the Marketing Act § 15. The legal basis will then be legitimate interest, but can also be consent. The purpose of the marketing is to be able to provide good customer service. You can unsubscribe from marketing emails and SMS at any time. Information on how to unsubscribe is provided in all emails and SMS messages we send related to marketing. The information is processed as long as the customer relationship exists, or until you unsubscribe from the marketing list.

Whom We Share Personal Data With To run our business efficiently and securely, we sometimes need to share your personal data with parties such as: Public authorities we are obligated to report to Professional advisors from industries such as law, finance, accounting, auditing, and insurance We require that all those we share your personal data with secure your data according to good information security and the requirements of the General Data Protection Regulation. We enter into data processing agreements with all who process data on our behalf, and confidentiality agreements as needed. For security reasons, we have not specified these by name, but please contact us if you want to know more.

Transfer of Personal Data Outside the EU/EEA In some cases, your personal data is transferred outside the EU/EEA. For example, we have outside the EU/EEA: suppliers to make products and services available on our website suppliers to enable payment suppliers for website security and otherwise to be able to run our business in a safe and efficient manner. The transfer of personal data to outside the EU/EEA is only allowed to countries the EU Commission has approved, or under necessary guarantees according to the General Data Protection Regulation. This can, for example, be the EU's standard contracts. For security reasons, we have not specified these by name. Please contact us if you want to know more about which such data processors we use, what necessary guarantees apply for such transfer, and what additional security measures we have implemented.

Security We take information security seriously, and we will always do our utmost to protect your personal data in the best possible way. Among other things, we use: strong passwords backup to secure our data and prevent unauthorized access to view, alter, delete, or in any way affect the data we store, including your personal data. We only use recognized providers of IT and administration services such as web hosting, website security, and PC, antivirus programs, email providers, backup, and more. We only allow others to access and/or process your personal data according to our instructions, and only where it is strictly necessary (e.g., for IT support). We have established procedures for handling breaches of data security, and we will, in case of deviations, send a deviation report to the Norwegian Data Protection Authority within 72 hours after the breach has been discovered. If the breach entails a high risk to privacy, we will also notify the affected registrants. This privacy statement was last updated: 12.02.2024