Privacy at Oda Systems

Oda is a technology company that has always focused on protecting and respecting user information right from the start. We value customer privacy and we know that we must strive to earn and maintain trust.

To live up to both your and our own expectations, we have written this privacy statement which gives you a full overview of how we use your data.

All our collection and use of personal data is subject to relevant rules for the protection of personal data, including the EU General Data Protection Regulation, also known as GDPR. We consider compliance with these regulations as a minimum, and we will always work hard to exceed this baseline when it comes to the ethical and sensible use of your data.

Oda Systems's privacy statement tells you how the information you share with us, or that you generate by using our services is stored, used, and protected.

When we talk about "services," we mean our websites and apps, in addition to any other websites and things we do as part of our relationship with customers that are covered by the same statement.

Simply put: When you use our services, you share some information with us. We want to be completely open about what we know about you, how we use that information, who we share it with, and the choices you have to control, change, and access it.

We have written this privacy statement to:

• show what we do to protect and respect your privacy
• explain how we collect, use, and store your personal data
• give you information about your rights

We do our best to explain all of this in an understandable way and keep the information free of complex legal jargon. If you still have questions, you can contact us at .

When we talk about personal data, we mean information that can be linked to an individual. In the context of this statement, this may include name, address, phone number, email address, etc.

Sometimes we refer to this type of information simply as "data," and in cases where the data has been anonymized, it will be stated (in other words, details that identify you as an individual will have been removed).

The data we collect about you depends on which parts of our services you use.

We collect personal data that:

• you provide to us, for example when you contact us with questions
• are automatically registered when you use the service, for example when you visit our website

You are under no obligation to provide personal data to us, but if you choose not to, we may not be able to provide our services to you. An example of this is that we cannot answer your questions if we do not know your contact information.

We collect personal data in the following categories:

• Basic information such as name, address, and ways to contact you, such as your email address or phone
• Conversations, emails, and communication between you and us.
• Technical information about the devices you use to access our services, emails and messages we have sent you, coupons and personalized content, cookies, etc.
• Information about your settings
• Information that is based on how you navigate through our app or website, for example, how long you spent on our front page before clicking somewhere
• Any other data collected with your consent. In such cases, when we ask for your consent, you will receive specific information about what data we collect and what it is used for.

We use data we register about you for the following purposes:

• To offer services:
  • We process data to be able to offer you our services.
• Development and analysis: We process data to understand your needs and to improve and expand the services we offer. The legal basis for this is our legitimate interest in improving our services, as we consider the consequences of this processing not to be significant for you. We limit the personal data processed, assess the impact of the processing, and implement security measures and other measures to limit the impact of such processing. Examples of this purpose are:
  • collection and analysis of data to understand usage patterns and needs, for example to improve and optimize the service, communication, product offerings, capacity, etc.
  • use of statistical data that groups users into similar usage patterns. In such cases, the data is collected and/or anonymized, so that you are not personally identifiable;
  • to be able to troubleshoot and correct errors you may encounter; and
• Sales and marketing: We process data for marketing purposes in accordance with all applicable laws. The legal basis for this is our legitimate interest in marketing our services.
• Security and prevention of misuse: We may process personal data to maintain security in all our services, and to detect or prevent various types of misuse and fraud, such as money laundering or identity theft. The legal basis for this is our legitimate interest in detecting and preventing fraud or misuse of our services or payment methods. As previously, we consider the consequences of this processing not to be significant for you. We always limit the personal data processed, assess the impact of the processing, and implement security measures and measures to limit the impact of such processing.
• Transactions, restructuring, and other changes in the company: We may process and transfer data in connection with acquisitions and sales of businesses, shares, and changes in our group structure or liquidation. In such cases, personal data may also be shared with advisors, counterparties, suppliers, and partners. We always use security measures to the fullest to prevent misuse. The legal basis for processing, transferring, and sharing personal data for this purpose is our legitimate interest in carrying out business development, adapting our services, and regulatory considerations.
• Compliance with laws and regulations: We process personal data to comply with accounting laws and similar regulations, including presenting information to authorities when required by law.
• Other purposes you have given your consent to: We may process your personal data for other purposes, but only when you have given us your consent.

Protecting your data is one of our top priorities. Our security includes physical, technical, and administrative measures and includes risk assessments, access management, archiving routines, data management routines, and much more. The security measures we have in place prevent your data from being lost. We regularly assess whether we can make changes or improvements in connection with risk exposure, choice of technology, training, and in connection with legal requirements. You can be confident that Oda always stores your data securely.

We mainly process data in Norway and within the EU/EEA. In some cases, we cooperate with partners outside the EU/EEA (sometimes referred to as "third countries"), and in such cases, we take extra precautions to ensure that your data is processed in accordance with our standards through measures such as:

• use of the European Commission's standard agreement that ensures the transfer of data to third countries (standard contractual clauses); and
• transfer of data to countries pre-approved by the European Commission.

Our precautions include organizational, contractual, and technical measures that include risk assessments, access management, archiving routines, data management routines, and more.

If you want to know more about our precautions regarding the transfer of personal data outside the EU/EEA, you can contact us via .

We retain your personal data for as long as we are required to do so. For example, we may require it to fulfill our legitimate business purposes, to fulfill our contractual obligations, or if required by law or regulations. All data that is no longer necessary for the purpose will be deleted. Note that anonymized data is not subject to this type of retention requirement.

In the event of deviations or breaches of personal data security, we will notify the relevant data protection authority as soon as we can, and in most cases no later than 72 hours after we become aware of it. The only exception to this routine is if the breach is unlikely to result in a risk to our customers' rights and freedoms.

We disclose personal data to:

• Companies in the Oda group. For example, we may need to do this so that we can offer our services to you or in connection with business changes. You can see a list of entities that make up the Oda group here .

We may also disclose personal data:

• In legal matters, for example by court order, the police, or other public authorities, in accordance with strict predefined processes.
• In connection with transactions, restructuring, or other business changes, e.g., as part of a merger, acquisition, sale of Oda's assets, or transfer of services to another company.

We do not use cookies at all. We respect your privacy and have chosen not to use any cookies on our website, including essential, functional, analytical, or marketing cookies.

Instead, we use anonymous tracking methods that do not collect personally identifiable information. This anonymous tracking helps us understand general usage patterns and improve our services without compromising your privacy. The data we collect through this anonymous tracking:

• Cannot be linked to you as an individual
• Does not store any personal information
• Is used solely for website performance and service improvement
• Does not track you across other websites or services

This approach ensures that your browsing experience remains private while still allowing us to maintain and improve our website's functionality and performance.

This website respects the "Do Not Track" header, which you can activate in most browsers. You can also read more about advertising with cookies and completely opt out of one or more third-party providers on the opt-out page of the Network Advertising Initiative .

Your rights