In this Privacy statement "we", "us" and "our" refers to all the companies of the NORNORM group. As this Privacy statement applies globally, there may be differences in how we collect, use or disclose your personal data from country to country, in which case we will inform you about any specific processing activities that take place in your country.

Your personal data is controlled by A Place That Works A/S (having a registered office at Badsmandsstraede 19B, Copenhagen) or our NORNORM company located in your country. As regards this website, A Place That Works A/S is the data controller.

For purposes of this Privacy Policy, "Personal Data" means any information through which we can identify you as an individual, as further described below in "Personal Data we collect".

We may collect your personal data from you directly, e.g. when you use our services, when you sign up for our newsletters, buy products from us, fill out a survey, reach out to us, share information via our social media pages, etc. Personal data we collect this way may include: Your contact details (your name, postal address and other contact details, such as your telephone number and e-mail address, and any other contact details you provide to us).

- Your contact details (your name, postal address and other contact details, such as your telephone number and e-mail address, and any other contact details you provide to us).
- Your financial details. The financial information that has been disclosed to us (either upon request or voluntarily) and can be linked to you as a customer representative, such as bank account details or invoicing details.
- Your personal characteristics. Including your gender or other personal characteristics that are requested to identify you as a representative of our customer.
- Your profession and job title. This may include information on the specific (sub)sector that you operate in.
- Your use of our services. We collect information relating your use of our services, such as the purchases made, the amount and date of the purchase, location of purchase, payment method, etc.
- Your communication data. Your requests, any complaints you may have and any other data that we receive if we communicate with you via email, online or via social media.
- Any other personal data. This includes any personal data that you disclose to us during the course of your contractual relationship with us, either voluntarily or upon request.
‍
Also, some personal data may be collected automatically when you visit or use our website, such as information collected by cookies and other technologies (such as web analytic tools and pixel tags) on our websites. Please also consult our Cookie Policy for more information on how we make use of cookies and other automated means of data collection. Personal data we collect this way may include: information about your (mobile) device or your type of browser; information about the way you use our websites, such as details of the web pages you have viewed, the banners and the hyperlinks you have clicked, etc.; whether you have opened e-mails sent by us to you; the websites you have visited before arriving at one of our websites; your IP address; the hyperlinks you have clicked; your MAC address; and information you choose to share by using social media tools incorporated in our websites or using your social media log-in details.

We collect your Personal Data for the purposes below:

For the performance of our agreement with you: In order to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services that you request, including managing and handling your requests, inquiries or complaints. This also includes responding to your requests to provide customer service, respond to your inquiries, providing you with technical support, provide you with essential information regarding the services you use and product you have purchased, etc.

For our legitimate commercial interests: We may use your Personal Data (both on aggregated and on individual basis), such as your contact details and your electronic identification data for the purpose of advertising our products and services, making contact with you for marketing or other commercial purposes if you are an existing customer. We may also use your Personal Data for analysing and improving the quality of our products and services, such as providing you with customer services and aftersales, and to understand you as a customer (customer optimization.

We may also use your Personal Data, for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our services, to generate aggregated statistics about the users of our services; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes; for system integrity purposes (for example the prevention of hacking, spamming etc.); to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of our assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.

Use of information based on your consent: We may use your Personal Data referred to above in the section ‘Personal Data we collect’ to send you marketing communications (such as newsletters, promotions, news on products or service updates) via email or other electronic means, via telephone or via hardcopy mail (such as flyers), but we will only do so after we have received your consent to do so. You can withdraw your consent at any time; see the section Your rights below.

To comply with our legal obligations: Any information referred to above in the section ‘Personal Data we collect' may be used to comply with a legal obligation to which we are subject, such as maintaining appropriate business records, complying with lawful requests by governmental agencies and public authorities and to comply with applicable laws and regulations or as otherwise required by law.

The following paragraph applies to visitors and customers in Singapore:

If you provide us with any Personal Data relating to a third party (e.g. information on your customers, employees or your company representatives), by submitting such information to us, you represent to us that you have obtained the consent of such third party to you providing us with their Personal Data for the purposes set out in this Privacy statement.

Your Personal Data may be transferred to and processed in other countries where laws governing the processing of Personal Data may be less stringent than the laws in your country (including jurisdictions outside the European Economic Area).

In such cases, where required by local law we will ensure that there are adequate safeguards in place to protect your Personal Data. Depending on the location of the NORNORM entity exporting the relevant Personal Data, this adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission. Where we are legally required to do so, further details of these transfers and copies of these agreements are available from us on request.

To the extent required and valid under your local law, you consent to your Personal Data being transferred and processed this way.

NORNORM will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.

We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Privacy statement. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.

We retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary for our legal obligations or to defend a legal claim.

NORNORM does not knowingly collect any Personal Data from children under the age of 16. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

NORNORM's Privacy statement does not apply to other advertisers or websites. Thus, we are advising you to consult the respective privacy policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

Depending on your location, you may have various rights in relation to your Personal Data. In particular, you may have the right to:

- request a copy of Personal Data we hold about you and information on how your data has been used or disclosed by us in the past year;
- ask that we restrict the way in which we use your Personal Data;
- ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete;
- ask that we delete personal data that we hold about you (the “right to be forgotten”);
- withdraw consent at any time for the future to our processing of your Personal Data (to the extent such processing is based on consent);
- object to our processing of your Personal Data (including for direct marketing purposes); or
- request your personal data be transferred to you or another data controller (the “data portability” right).
‍
Also, if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us, you have a right to complain to your local data protection regulator.

In addition, in certain circumstances we may process your personal data through automated decision-making, including profiling. This may include segmenting and tailoring the data to enable us to match our communication and products to your perceived needs. In the case we process your Personal Data through automated decision-making, we will inform you about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Depending on your location, you may be able to request not to be subject to automated decision-making, including profiling.

If you would like to exercise these rights or understand if they apply to you, please get in touch using the details set out at “how to contact us” below.

This Privacy Policy may be revised from time to time. If a fundamental change to the nature of the use of your personal data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect. Where required under applicable law, we will obtain your consent to such changes.

If you have any queries about this Privacy Policy or our handling of your Personal Data in general, or if you want to exercise your rights, please email us at legal@nornorm.com and be sure to indicate the nature of your query.