DATA PROTECTION POLICY

Effective Date: January 1st, 2026.

Nordic Acquisition AS (“Company”, “we”, “us”, or “our”) is committed to protecting personal data and ensuring it is handled securely, lawfully, and transparently in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. PURPOSE OF THIS POLICY

This policy explains how we collect, handle, store, and protect personal data in our business operations.

It applies to all personal data processed by Nordic Acquisition AS, including data relating to:

clients and prospective clients

website visitors

business partners

contractors and team members

2. OUR COMMITMENT

We are committed to:

processing personal data lawfully, fairly, and transparently

collecting data only for specific and legitimate purposes

minimizing the amount of data we collect

keeping data accurate and up to date

storing data securely

retaining data only as long as necessary

protecting individuals’ rights

3. WHAT IS PERSONAL DATA

Personal data means any information that can identify an individual, directly or indirectly.

This includes, but is not limited to:

name

email address

phone number

IP address

business information

online activity and interactions

Processing includes collecting, storing, using, sharing, or deleting personal data.

4. HOW WE COLLECT DATA

We collect personal data through:

website forms and applications

booking calls and inquiries

communication via email, phone, or messaging

cookies and tracking technologies

advertising platforms (including Meta/Facebook)

third-party tools used in our operations

5. HOW WE USE DATA

We use personal data to:

provide and deliver our services

communicate with clients and prospects

process payments and transactions

improve our website, systems, and marketing

run and optimize advertising campaigns

analyze performance and user behavior

We only process data where we have a lawful basis, including:

contract performance

legitimate business interests

legal obligations

user consent

6. DATA SHARING

We may share personal data with trusted third parties necessary to operate our business, including:

advertising platforms (e.g. Meta/Facebook)

CRM and automation systems

payment processors

communication tools

contractors and service providers

All third parties are required to process data securely and only for specified purposes.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data, including:

restricted access to data

secure systems and platforms

encryption where applicable

monitoring for unauthorized access

Only authorized individuals have access to personal data where required.

8. DATA RETENTION

We retain personal data only for as long as necessary to:

fulfill the purposes for which it was collected

comply with legal and regulatory requirements

resolve disputes and enforce agreements

When data is no longer needed, it is securely deleted or anonymized.

9. INTERNATIONAL DATA TRANSFERS

Some of our service providers operate outside the European Economic Area (EEA), including in the United States.

When transferring data internationally, we ensure appropriate safeguards are in place to protect personal data in accordance with GDPR requirements.

10. YOUR RIGHTS

Under applicable data protection laws, you have the right to:

access your personal data

correct inaccurate data

request deletion of your data

restrict or object to processing

request transfer of your data

withdraw consent at any time

To exercise your rights, contact us at:
[email protected]

11. DATA BREACHES

We have procedures in place to detect, report, and investigate data breaches.

Where required by law, we will notify relevant authorities and affected individuals.

12. POLICY UPDATES

We may update this Data Protection Policy from time to time.

Any updates will be posted on this page.

13. CONTACT

If you have any questions regarding this policy or how we handle data:

Nordic Acquisition AS
Email: [email protected]