Personal data­policy

1.1 This personal data policy (from now on referred to as "the Policy") describes how Kruso A / S (from now on referred to as "us", "we" or "our") collects and processes personal data in connection with the purchase of services, membership, products or general use of our Homepage.

1.2 The policy is formulated and made available to comply with the Data Protection Regulation (2016/679 of 27 April 2016) (from now on referred to as the "GDPR") and the rules therein on the duty of disclosure.

2.1 When visiting and using our website(s), cookies are collected and used on a background basis of consent. Information in these cookies includes browser type, IP address, and search terms on our website(s) (from now on, "Cookie Data").

2.2 Cookie data is used to improve our website and the user experience to do targeted marketing.

2.3 The use of cookies to collect information and data is otherwise in accordance with the cookie order (no. 1148 of 9 December 2011), § 3.

2.4 If you wish to reject or restrict the cookies placed on your computer when visiting our website, you can always do so by changing the settings in your browser. However, you must be aware that the rejection or restriction of cookies impacts the website's functionality, which will mean that there are functions on the website that you cannot see. All browsers allow you to delete cookies collectively or individually. How this is done depends on the browser used. If you use several different browsers, remember to delete cookies in all browsers.

3.1 We process personal data about you when this is relevant and per applicable law. Depending on the specific circumstances, the personal data processed may include the following types of personal data: name, address, phone number, email, username, password, billing and posting documents.

3.2 If we need to collect and process additional personal information than indicated above, we will inform you of this at collection. We may also provide such information by updating this Policy.

4.1 We only process your personal data for legitimate purposes in accordance with the GDPR. The personal data may, depending on the circumstances, be processed for the following purposes:

a) To be able to deliver or offer the services or products and/or sales offers that we provide. b) To provide service announcements and information to users, customers or members. c)To store personal data to the extent that it is a requirement under applicable law, including, inter alia, the storage of accounting and book keeping documents in accordance with applicable law. d) To provide support and service announcements, including answering questions or complaints and sending updates about our products and services. e) To improve our products, services or website. f) To send newsletters by e-mail. g) To prevent fraud and deception or improper use of our products, services, and website, including processing personal data for use in connection with lawsuits.

5.1 We only process your personal data when we have a legal basis for processing by the GDPR. The processing of personal data takes place depending on the specific circumstances based on the following processing authority: (a) If we have asked for your consent to processing any specific personal data, the processing basis for the particular personal data is your consent, cf. GDPR, Article 6, para. 1, letter a. You can always withdraw the consent by contacting us via the contact information specified at the bottom of this Policy. If the consent is withdrawn, the personal data processed based on the consent will be deleted unless they can or must be processed. For example, to comply with a legal obligation. (b) The processing is necessary for the performance of a contract with the data subject, per Article 6 (1) of the GDPR. 1, letter b, first indent. (c) The processing is necessary for implementing measures taken at the data subject's request prior to the conclusion of a contract, cf. GDPR, art. 6 pieces. 1, letter b, last indent. (d) The processing is necessary to comply with applicable legislation according to Article 6 (1) of the GDPR. 1, letter c. (e) The processing is necessary to pursue a legitimate interest where the interests of the data subject or fundamental rights and freedoms requiring personal data protection do not precede it, per Article 6 (1) of the GDPR. 1, letter f.

6.1 We only pass on personal information to others when the law allows or requires it, including when relevant and on your and/or the data controller's specific request.

6.2 We pass on personal data to the following recipients from the EU/EEA: a) TAX (in connection with bookkeeping, etc.) b) Banks (in connection with disbursements, receipt of payments, etc.) c) Data processors d) Suppliers e) Collaborators

6.3 We generally use various external and professional organizations, such as suppliers and partners, to deliver or assist us in providing our services and products. The external organizations will not receive or process personal data unless the law allows the transfer and processing thereof. If the external organizations or partners are data processors for us, their processing of personal data always takes place per a data processor agreement, which meets the legal requirements for this. Suppose the external organizations or partners are independent data controllers. In that case, their processing takes place by personal data by their own privacy, data protection or personal data policies, which will be brought to the attention by the external organizations unless the law provides otherwise. 6.4 We do not transfer personal data to countries or international organizations outside of EU/EEA unless necessary at your specific request.

7.1 We ensure that personal information is deleted when it is no longer relevant for our processing purposes as described above. We always store personal data for the time that applicable law obliges us to, including for use in documenting compliance with, among other things, the provisions of the Accounting Act. If you have questions about the storage and processing of personal data, please contact us at the email address provided under Section 10 of this Policy.

8.1 Registered persons have a number of rights that we can help with. As a registered person, if you want to use your rights, you must contact us. Rights include the following: Right to see information (right of access): Registered persons have the right to access the information that is processed about them and a number of additional information. 8.1.1 Right to rectification (correction): Registered persons have the right to have incorrect information about themselves corrected. 8.1.2 Right of deletion: In special cases, registered persons have the right to have information about themselves deleted before the time of our ordinary general deletion occurs. 8.1.3 8.1.4 Right to restrict processing: In certain cases, registered persons have the right to restrict their personal data processing. Suppose a registered person restricts their personal data processing. In that case, we may in the future only process the information - apart from storage - with consent, or for the purpose of legal claims being established, asserted or defended, or to protect a person or important societal interests. Right of objection: In certain cases, registered persons have the right to object to our otherwise lawful processing of their personal data. 8.1.5 Right to transmit information (data portability): In certain cases, data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.

8.2 You can read more about your rights in the Danish Data Protection Agency's guide to the data subjects' rights, which you will find at www.datatilsynet.dk If you wish to exercise your rights as described above, please use the contact information provided at the bottom of this Policy. We endeavour to make every effort to meet your wishes regarding our processing of personal data and your rights as a registered person. If you wish to complain despite our efforts, you can do so by contacting the Danish Data Protection Agency (www.datatilsynet.dk).

9.1 We reserve the right to update and change this policy. If we change the policy, we change the date and version at the top of the document. In the event of significant changes, we will give notice in the form of a visible message on our website, email or using other means of communication.

10. Contact 10.1 For questions or comments on this policy, or by invoking one or more rights, you can contact us at gdpr@kruso.dk.