Effective Date: August 27, 2025

Last updated: August 27, 2025

This Privacy Policy describes how Chymir AS (hereinafter "we," "us," or "our") collects, uses, and protects your personal data when you use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the specific data protection laws of Norway, the Netherlands, and Germany.

1. Who We Are

Chymir AS
Address: Sunnlandsvegen 39, 7032 Trondheim, Norway
Email: contact@chymir.com
Phone: +47 41120301

We are the data controller for the personal data processed in accordance with this Privacy Policy.

2. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our data protection activities. The DPO's details are:

Name: Stian B. Mathisen (CEO)
Contact: stian.mathisen@chymir.com

3. What Personal Data We Collect

We collect the following types of personal data directly from you:

• First name and last name
• Company or Organization ID
• Title
• Address (address 1, address 2, city, country, state, province, postal code)
• Phone number and fax number
• Email address and recovery email address (if provided)
• Tax ID / VATIN

4. How We Collect Your Data

We collect this information directly from you when you sign up for and use our services. We do not use any automated processes to collect this information, such as cookies or other tracking technologies.

5. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

• To provide and maintain our services.
• To process payments and manage your account.
• To communicate with you regarding your account and our services.
• To comply with our legal obligations, particularly Norwegian law regarding tax records and customer verification.

The legal basis for processing your data is twofold:

1. Legal Obligation: The processing is necessary for compliance with a legal obligation to which we, as the data controller, are subject. This applies to data like your Tax ID/VATIN and other information required by law to verify tax records.
2. Consent: You have provided your consent to the processing of your personal data for one or more specific purposes.

6. Data Sharing and Disclosure

We share your personal data with the following third parties:

• Mollie: We share information necessary to process your payments with Mollie, our payment service provider.
• Infrastructure Providers: We use infrastructure providers to host our services. While we store our data with them, we do not share any personal data about our customers with them for their own use. They act as data processors on our behalf.

We will not disclose your personal data to other third parties unless we have your explicit consent or are required to do so by law.

7. International Data Transfers

We do not transfer your personal data to any country outside of the European Union (EU) or the European Economic Area (EEA). All our data processing activities take place within these regions.

8. Data Retention

We retain your personal data for as long as your account is active with us. Once you terminate your account, we will delete your personal information within one month, with the exception of invoices. Invoices are retained for a period of five years to comply with Norwegian tax laws.

9. Data Security

We have implemented technical and organizational security measures, including access controls and regular security audits, to protect your personal data from unauthorized access, loss, or damage.

10. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• The right to be informed: You have the right to be informed about how your data is collected and used. This policy serves that purpose.
• The right of access: You have the right to request a copy of the personal data we hold about you.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• The right to erasure ("right to be forgotten"): You have the right to request that we erase your personal data under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data under certain conditions.

To exercise any of these rights, please contact us at contact@chymir.com. We will respond to your request within one month.

11. Specifics for National Laws

For Germany:
While we are a small company, we have voluntarily appointed a Data Protection Officer (DPO) to ensure the highest standards of data protection.

For the Netherlands:
We do not conduct any direct or targeted marketing campaigns and therefore do not process your personal data for these purposes.

For Norway:
We do not process any sensitive personal data (such as health data, political opinions, religious beliefs, or biometric data) from our users.

12. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We also maintain a visible archive of all previous versions of this policy for transparency. We advise you to review this Privacy Policy periodically for any changes.

Effective Date: August 27, 2025

Last updated: August 28, 2025

This Cookie Policy explains how Chymir AS ("we," "us," or "our") uses cookies and similar technologies on our website and billing portal. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the specific data protection laws of Norway, the Netherlands, and Germany regarding the use of cookies.

By using our website, you consent to the use of non-essential cookies where applicable and with your explicit consent, which you provide through our cookie consent mechanism.

1. What are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owners. Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your device when you go offline, while session cookies are deleted as soon as you close your web browser.

2. How We Use Cookies

We use cookies for various purposes to enhance your user experience and ensure the functionality of our services. The exact list of cookies will be updated as our infrastructure development progresses, but we anticipate using the following categories:

2.1. Essential Cookies (Strictly Necessary Cookies)

These cookies are essential for you to browse our website and use its features, such as accessing secure areas of the site or making use of e-billing services. Without these cookies, services like secure login, shopping carts, or payment processing cannot be provided. These cookies do not collect personal information for marketing purposes and do not remember where you have been on the internet.

Examples:

• PHPSESSID: A session cookie used to identify a user's session on the server. (Session)
• _csrf: Used for Cross-Site Request Forgery protection, enhancing security. (Session/Persistent, short-term)
• cookie_consent: Records your consent preferences for cookies. (Persistent)

2.2. Functional Cookies

These cookies allow our website to remember choices you make (such as your username or language preference) and provide enhanced, more personal features. They may also be used to provide services you have asked for, such as persistent login. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites. We will only use these cookies with your explicit consent.

Examples:

• user_preferences: Stores user preferences like language or theme settings. (Persistent)
• session_remember_me: Allows a user to remain logged in across sessions. (Persistent)

3. Legal Basis for Using Cookies

Under GDPR, as well as Norwegian, Dutch, and German data protection laws, we require your explicit consent for the use of any cookies that are not strictly necessary for the functioning of our website or services. This means:

• Strictly Necessary Cookies: These cookies do not require your consent as they are essential for the website to function.
• Functional Cookies:> We will only place these types of cookies on your device if you have provided your explicit, informed consent through our cookie consent mechanism.

You have the right to withdraw your consent at any time.

4. How to Manage Your Cookie Preferences

When you visit our website for the first time, you will be presented with a cookie banner allowing you to accept or decline different categories of cookies. You can change your cookie preferences at any time by accessing the "Cookie Settings" link, typically found in the footer of our website. This will allow you to revisit your consent choices and withdraw your consent for non-essential cookies.

Most web browsers also allow you to control cookies through their settings. You can usually find these settings in the "options" or "preferences" menu of your browser. Please note that if you choose to block or delete cookies, some parts of our website may not function correctly.

5. Third-Party Cookies

Some cookies may be placed by third-party services that appear on our pages. For example, if you view content embedded from a third-party platform or use a third-party payment gateway. We do not have control over these third-party cookies. For more information about their cookie practices, please refer to the respective third party's privacy and cookie policies.

6. Changes to this Cookie Policy

We may update our Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Cookie Policy on this page. We also maintain a visible archive of all previous versions of this policy for transparency. We advise you to review this Cookie Policy periodically for any changes.

Last updated: August 27, 2025

Welcome to Chymir AS. These Terms of Service ("Terms") govern your access to and use of the services provided by Chymir AS ("we," "us," or "our"). By accessing or using our services, you agree to be bound by these Terms and to comply with all applicable laws and regulations in Norway, the Netherlands, Germany, and the European Union.

Please read these Terms carefully before using our services. If you do not agree with any part of these Terms, you may not use our services.

1. Acceptable Use Policy - Prohibited Content

While we believe in transparency and do not generally moderate the content of websites hosted on our platform, certain types of content are strictly prohibited. You agree not to use our services to create, upload, store, display, transmit, or otherwise make available any content that:

• Is illegal under Norwegian, Dutch, German, or European Union law. This includes, but is not limited to, content related to child pornography, terrorism, or illegal drug activities.
• Promotes or depicts child pornography, child sexual abuse material, or any exploitation of children.
• Supports, promotes, or is associated with extremism, terrorism, or violent movements.
• Promotes or incites violence, hatred, or discrimination against any group or individual based on race, ethnic origin, religion, disability, gender, age, sexual orientation, gender identity, or any other characteristic.
• Is defamatory, libelous, fraudulent, or otherwise unlawful.
• Infringes upon the intellectual property rights of others.

2. Abuse Reporting and Enforcement

We are committed to maintaining a safe and lawful platform. If you discover any content on our platform that violates these Terms, particularly the prohibited content guidelines, please report it immediately to our dedicated abuse email:

Abuse Email: abuse@chymir.com

Upon receiving a report, we will promptly investigate the alleged violation. In addition to manual reports, we also partner with external security analytics and content checkers, such as CSAM (Child Sexual Abuse Material) detection services, to proactively identify and address prohibited content.

We reserve the right to take swift action in response to confirmed violations, which may include:

• Issuing takedown requests for the offending content.
• Immediately terminating the account of the user responsible for the content.
• For serious offenses, such as the hosting of child pornography, we will immediately terminate the account and transmit all available evidence to the relevant law enforcement authorities without prior notice to the account holder.

Please note that no refunds will be provided for services terminated due to violations of these Terms, especially in cases involving prohibited content.

3. Abuse of Support Personnel

We provide support to our customers through various channels, including tickets, calls, and other support cases. We expect respectful and constructive communication with our support team. We have a zero-tolerance policy for abuse, harassment, or disrespectful behavior towards our support personnel. This includes, but is not limited to, verbal abuse, threats, insults, or excessive and unreasonable demands.

Offenses will be handled as follows:

• First Offense: A warning will be issued to the customer, reiterating our policy.
• Repeat Offenses: Continued abusive behavior after a warning may lead to the termination of the customer's account without a refund.

We reserve the right to temporarily or permanently suspend communication and services with customers who engage in abusive behavior, and to refuse to respond to abusive customers.

4. Changes to these Terms

We may revise these Terms of Service from time to time. We will notify you of any changes by posting the updated Terms on this page, and updating the "Last updated" date at the top of this document. We also maintain a visible archive of all previous versions of this policy for transparency. Your continued use of our services after such changes constitutes your acceptance of the new Terms.