Privacy Policy

This Privacy Policy explains how xrNORD ApS ("we," "us," "our," or "xrNORD") collects, uses, discloses, and otherwise processes personal data in connection with our website, services, and business operations. We take your privacy seriously and are committed to being transparent about our data practices. This policy applies to all interactions with xrNORD, including our website (xrnord.com), services, and communications. If you have any questions about this Privacy Policy or our privacy practices, please contact us at the end of this document.

We collect personal data in the following ways: • Information You Provide: When you contact us, request our services, subscribe to our newsletter, or fill out forms on our website, you provide us with information such as your name, email address, phone number, company details, and any other information included in your communications. • Automatically Collected Data: When you visit our website, we automatically collect certain technical information, including IP address, browser type, operating system, referring URLs, and pages visited. We use cookies and similar tracking technologies to enhance your experience and understand how you interact with our site. • Analytics Data: We use Google Analytics and other analytics tools to understand website usage patterns, which help us improve our services and user experience. • Communication Records: We maintain records of emails, phone calls, and other communications with our clients and partners.

We use the personal data we collect for the following purposes: • Service Delivery: To provide, maintain, and improve our services, including AI consulting, workshops, and strategic planning. • Communication: To respond to your inquiries, send you requested information, and keep you updated about our services and news. • Newsletter: To send you our newsletter and marketing communications (only if you have opted in). • Business Operations: To manage client relationships, process payments, and handle administrative matters. • Legal Compliance: To comply with legal obligations, enforce our agreements, and protect our rights. • Analytics and Research: To analyze usage patterns, improve our website functionality, and develop better services. • Fraud Prevention: To detect, investigate, and prevent fraudulent activities or security threats. We process your data based on the following legal bases: • Your consent (for marketing communications) • Contract performance (to deliver our services) • Legal obligations (to comply with laws) • Legitimate interests (to improve our services and protect our business)

We implement comprehensive technical and organizational measures to protect your personal data from unauthorized access, alteration, or destruction. These include: • Encryption: We use SSL/TLS encryption for data transmitted over the internet. • Access Controls: We restrict access to personal data to employees and contractors who need to access it for legitimate business purposes. • Regular Audits: We regularly review our security practices and update them to address emerging threats. • GDPR Compliance: We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. While we strive to protect your data, no security system is impenetrable. We cannot guarantee absolute security, but we continuously work to improve our protective measures. We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. When data is no longer needed, we securely delete or anonymize it.

Under GDPR and other applicable data protection laws, you have the following rights: • Right of Access: You can request a copy of the personal data we hold about you. • Right to Rectification: You can request that we correct inaccurate or incomplete data. • Right to Erasure: Under certain circumstances, you can request that we delete your personal data (the "right to be forgotten"). • Right to Restrict Processing: You can ask us to limit how we use your data. • Right to Data Portability: You can request your data in a portable format suitable for transfer to another service provider. • Right to Object: You can object to our processing of your data, including for marketing purposes. • Right to Withdraw Consent: If you have provided consent, you can withdraw it at any time. To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days (or as required by applicable law).

Our website uses cookies and similar tracking technologies to enhance your experience and collect analytics data. Cookies are small files stored on your device that allow us to recognize you and remember your preferences. • Necessary Cookies: These are required for the website to function properly and cannot be disabled. • Analytics Cookies: We use these to understand how you interact with our site, which helps us improve our services. • Marketing Cookies: We use these to deliver personalized content and measure the effectiveness of our marketing campaigns. You can manage your cookie preferences through your browser settings or our cookie preference center on our website. However, disabling certain cookies may affect your experience on our site. We also use similar technologies like web beacons and pixels to track engagement with our communications.

We may share your personal data with third-party service providers who assist us in operating our website, conducting business, and serving you. These include: • Cloud Storage Providers: We use services like Microsoft Azure and similar platforms to securely store data. • Email Service Providers: We use email platforms to send newsletters and communications. • Analytics Providers: We use Google Analytics and similar tools to understand website usage. • Payment Processors: If applicable, we use third-party payment processors to handle transactions. • Communications Platforms: We may use platforms for video conferencing and team collaboration. We ensure that all third-party providers comply with GDPR and other applicable data protection regulations. We do not sell or rent your personal data to unrelated third parties for their marketing purposes. If we are involved in a merger, acquisition, or bankruptcy, your data may be transferred as part of that transaction. We will notify you of any such change.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: • Update the "Last Updated" date at the bottom of this policy. • Notify you via email if the changes significantly affect your rights or privacy. • Ask for your consent if required by applicable law. Your continued use of our website and services after such modifications constitute your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our privacy practices, please contact us: xrNORD ApS Hægvej 11 8250 Egå, Denmark Email: info@xrnord.com Phone: +45 23 65 42 83 Data Protection Officer: For GDPR-related inquiries, you can also reach out to our Data Protection Officer at: dpo@xrnord.com You also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable laws.