We at Findmy AS safeguard the privacy of our customers and their employees, as well as others (including the ‘Data Subjects’). In this document, we provide information about when, why and how we process your personal data. We also inform you of the rights you have in connection with this. This document has been prepared in accordance with data protection regulations, e.g. the General Data Protection Regulation 2016/679 (‘GDPR’) and the Personal Data Act with regulations. This privacy policy is dated 27 March 2020. If changes occur with regard to the processing of your personal data, this may consequently also result in changes to the information provided here. We would like to make you aware of these changes.

1- WHY DO WE PROCESS YOUR PERSONAL DATA?

Processing of personal data about our customers

a) Administration and management of the customer relationship: the personal data of our customers and their employees will primarily be used to administer and manage the customer relationship, including to communicate with and follow up on the customer, carry out deliveries and otherwise fulfil agreements with the customer, invoice the customer, handle any complaints and disputes, and investigate customer satisfaction. Our legal basis for processing your personal data for this purpose is Article 6(1)(b) of the GDPR (contract).

b) Fulfilment of our legal obligations: in some cases, we are required by law to process your personal data as our customer. This applies, for example, to rules in the Bookkeeping Act and the Accounting Act. Our legal basis for processing your personal data for this purpose is Article 6(1)(c) GDPR (legal obligations).

c) Product and service improvement: information about the customer's use of our products may also be
may also be used in our work on product improvement and service improvement/service and for
statistics related to this. We consider that we have a legitimate interest in
to process your personal data for this purpose in accordance with Article 6(1)(f) of the GDPR. In the balancing of interests, we have, among other things, taken into account the nature and scope of your
personal data, whether, based on the information we have provided to you, you can reasonably expect your personal data to be reused in connection with our product and service improvement, as well as our need to use your personal data for this purpose.

d) Product development: our product mainly consists of a database that we are constantly developing based on positioning/location data of animals that our satellite system has tracked over several years. In some individual cases, our satellite system may also capture the location/address of the animal owner (e.g. customers). Our legal basis for processing your personal data for this purpose is Article 6(1)(f) of the GDPR (legitimate interest). In the balancing of interests, we take into account the same conditions as mentioned above.

e) Marketing: we may also use personal data about our customers to send out
information about offers and marketing material, as well as to assess when it would be
to send out what type of material to the individual customer in accordance with section 15 of the
Our basis for processing your personal data for this purpose is Article 6(1) of the GDPR.
purpose is GDPR Article 6 (1) (f) (legitimate interest). In the balancing of interests, we take into account the same conditions as mentioned above.

• Processing of personal data about others

The personal data of others such as our suppliers and partners, as well as their employees, will primarily be used to administer and manage our relationship with them, including to communicate and fulfil our agreements with them in accordance with GDPR Article 6(1)(b). In some cases, we will also be required by law to process personal data about others such as our suppliers in accordance with GDPR Article 6(1)(c). Where we have no established relationship or where we wish to process personal data for purposes other than to fulfil our agreements or legal obligations, we will consider whether we have a legitimate interest under Article 6(1)(f) of the GDPR to do so. In the balancing of interests, we will take into account the same conditions as mentioned above.

2- WHAT PERSONAL DATA DO WE PROCESS?

In general, we will only process personal data about our customers and others that is necessary to fulfil the purposes mentioned in section 1 above. Specifically, this may mean that we process the following personal data:

a) Contact information, such as address, telephone number and e-mail address - note that
the address of the customer may also be captured by the E-Bell satellite system that tracks customers' animal movements;

b) Information about the Data Subjects' employees, such as name, position and role, employer;

c) Financial information where relevant to our relationship with Data Subjects, such as
credit card numbers and other card numbers, account numbers for any payments,
payment history, any credit checks for as long as permitted by law, any use of financing partners, membership of any
financing partners, membership of any bonus schemes or associations that provide
discounts;

d) Information about history, such as what has been bought and sold when, etc.
preferences, any information about customer/supplier history with our competitors, contact, meetings and correspondence between the Data Subjects and our representatives, any complaints and disputes; We do not process any sensitive personal data about our customers, etc.

3- HOW DO WE COLLECT YOUR PERSONAL DATA?

Directly from the Data Subjects: the source of the data we hold about the Data Subjects will normally be the Data Subjects themselves, by them providing information through electronic registration or through personal contact, either when the relationship is established or later. Information about the Data Subjects

may also be generated through their activity in connection with the relationship, including, for example, when they order or sell products or communicate with us. From others than the Data Subjects themselves: in certain cases, we may supplement the Data Subjects' personal data with information from external sources, e.g. in connection with credit checks or where we obtain additional information that is publicly available on the internet. We may also obtain lists of potential customers and information about them from players in the market who offer this, as long as it is permitted by law.

4- WHO HAS ACCESS TO YOUR PERSONAL DATA WITH US?

We will limit access to the personal data of Data Subjects to those individuals Find My who have a business need for such access based on the purposes mentioned in section 1 above. We may also share this information with our suppliers and their subcontractors where it is necessary to fulfil the purposes, and in case of special need or if required by law with our advisors, auditors, lawyers, IT consultants and others. We will in all cases ensure that your personal data is processed fully in accordance with the individual purposes for which it is shared and that our suppliers and their subcontractors assume responsibility for maintaining the necessary security mechanisms to protect your personal data against loss, damage or the like in accordance with the requirements set out in the data protection regulations. Where our suppliers process personal data on our behalf and are by definition to be regarded as data processors, we have entered into data processing agreements that fulfil the requirements of GDPR Article 28. Where we share/transfer your personal data to our suppliers or partners and these have operations in countries outside the EU/EEA area, we will ensure that the transfer to this third country is made in accordance with GDPR Chapter 5, i.e. on the basis of a decision by the European Commission on an adequate level of protection or on the basis of necessary guarantees such as the EU's ‘standard contractual clauses’.

5- HOW AND FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

Personal Data about Data Subjects shall only be stored for as long as necessary for the purposes of the processing. Typically, this means that when our relationship with you has ended, we will delete your personal data that we no longer need to process without undue delay. In principle, you can ask us to delete information related to you at any time, unless we need to store your personal data for a certain period of time. We consider that we will have a legitimate interest in storing your contact information and history with us 2 years after the last contact with you, in the event that you wish to establish a new relationship with us, based on your previous experiences as a customer, supplier or partner at Findmy. We also consider that we will be able to store some of your personal data, and in particular your history, for as long as it is necessary to safeguard our interests in connection with possible complaints and disputes with you as a customer or supplier, limited to the Limitation Act's general deadlines of 3 years with any additional deadlines. In addition, in some individual cases we will have to store some of your personal data for a maximum period of 5 years, when this is required by law, for example under the Bookkeeping Act. Personal data we collect in connection with the use of our product is mainly stored electronically with access restriction and password protection to our CRM system and information stored on the servers. For the paper-based personal data that is not anonymised, these are stored in lockable cabinets that only those who need access to them to perform their work tasks have access to. The filing cabinets are placed in archives in offices that are kept locked outside ordinary working hours.

6- HOW DO WE SECURE THE PROCESSING OF YOUR PERSONAL DATA?

We have established procedures and measures at various levels to ensure that unauthorised persons do not gain access to your personal data and that all processing of the data otherwise takes place in accordance with applicable legislation. These measures include regular risk assessments, technical systems and physical procedures to safeguard information security and procedures to verify access and correction requests. More detailed information about these risk assessments and security measures can be obtained by contacting us.

7- WHAT ARE YOUR RIGHTS?

As a Data Subject with us, you should be confident that you have received all necessary information about the way we process your personal data. This notice should therefore be available to you at all times, and you will find it at the bottom of our website, when you register information about yourself or place orders or attached to your agreement with us. For those of you who are in contact with us in other ways, please note that this information is available at the same time as when we collect your personal data. If you have any further questions regarding our processing of your personal data or if you wish to exercise your rights as mentioned below, please contact us via [contact info]. As a Data Subject, you have the right to:

• to gain access to the personal data that we process about you
• demand that incorrect, unnecessary, inadequate or outdated personal data corrected or removed
• to object to the processing of any direct marketing, and to know about any profiling
• to withdraw any consent to process the personal data that you have provided to us have given us
• to receive the personal data about yourself that you have provided to us and transfer it to another data controller (data portability)
• to contact us if you have suggestions or questions related to our processing of personal data
• complain directly to the Norwegian Data Protection Authority if you consider that the processing of your personal data is in violation of applicable legislation

It is important to note that you will be able to exercise your rights as long as we are not obliged by law to or have compelling legitimate interests in continuing with the processing. In the interest assessment, we always take into account whether the processing constitutes a data protection disadvantage for you and whether we have an operational need to continue with the processing. For example, your right to be forgotten will be limited where we are required under, for example, the Bookkeeping Act to store your personal data even if the customer relationship has ended. Your right of access will also be limited where it would violate the rights and freedoms of others. In all cases, we will ensure that you receive a reasoned response from us within one month of your enquiry, and no later than two months later if your enquiry is complicated and requires us to spend extra time and resources on it.

8- HOW DO WE USE COOKIES?

Cookies are alphanumeric identifiers that allow our systems to recognise your browser so that we can provide you with easy and efficient use of the various services that we offer on our website. This allows the website to remember your actions or preferences over time, as well as remember your login. We place cookies on our website that are either session-based (i.e. they are deleted when you leave our website) or that remain on your computer even after you have left the website. We use:

• necessary cookies, which are essential for the functionality of our website i.e. storing user data for authentication and authorisation purposes
• functional cookies, which help to recognise you when you return to our website to our website and remember your preferences, e.g. your language settings
• analytical cookies, which help to count the number of visitors, how long the visit lasts, which browsers are used and which websites users come from, and how our website is used in general. Google Analytics is our data processor to analyse the traffic on our website. You are encouraged to read more about how Google Analytics uses analytical cookies here:
  https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

As a rule, we do not use marketing cookies that record your behaviour on our website and are used to send you tailored advertisements when you visit other websites. Nor do we allow other third parties to place cookies on our website for their own purposes. In accordance with section § 2-7 b of the Norwegian Electronic Communications Act, we do not require your consent to our use of necessary/functional cookies. When it comes to analytical cookies, you are deemed to have consented to such use as long as you have not opted out. Your consent is obtained via your browser's settings. This is in accordance with the Norwegian cookie regulations enforced by Nkom. You can read more about the use of cookies here https://www.nkom.no/teknisk/taushetsplikt-og-personvern/elektroniske-spor/informasjonskapsler-cookies. If you do not want VI to use such cookies, you can control your browser settings as follows https://nettvett.no/slik-administrer-du-informasjonskapsler/.