At OTERRA we respect the privacy of our on-line visitors. At the same time, we continuously work to improve our website according to our users' needs and interests, and for that purpose we collect and use information from you on a limited scale. The following is the legal way to express that you are most welcome to visit our website and interact with us online, as well as what rules apply to your visit and our communication and how we respect your rights. OTERRA is a global company and has affiliates all over the world. Find a list of all OTERRA entities and locations here. This Privacy Policy is issued on behalf of the entire OTERRA Group, so when we mention “OTERRA”, “we”, “us” or “our” in this Privacy Policy we are referring to the relevant company in the OTERRA Group responsible for processing your data. Oterra A/S Agern Alle 24, 2970 Hørsholm, Danmark , 2970 Hørsholm, Denmark, is the controller and responsible for this website. 1. What personal data do we collect and use? 2. What cookies do we use? 3. Do we sell or share your data with others? 4. What security measures do we used to protect your personal data? 5. What rights do you have to your data? 7. How can you contact us?

1. Personal data

Personal data is any information that directly or indirectly identifies a natural person. The personal data which we collect, use, store and transfer fall within the following groups of information: • Identity Data will include first name, last name, username or similar identifier, marital status, title, date of birth and gender. • Contact Data will include email address and telephone numbers. • Technical Data will include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. • Profile Data will include information such as your username and password, purchases or orders made by the company you work for, your interests, preferences, feedback and survey responses. • Usage Data will include information about how you use our website, products and services. • Marketing and Communications Data will include your preferences in receiving marketing materials from us and our third parties and your communication preferences. We process your personal data in compliance with the General Data Protection Regulation (“GDPR”) and other applicable data protection laws. We do collect certain personal data via cookies; please find more information under paragraph 2. We collect and process your data e.g. when you sign up for an event or subscribe to our periodic newsletter or provide us with other personal data. We do so in order to provide better customer service or to provide you with requested information and we want to provide information and service as best we can. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: • Where we need to perform the contract, we are about to enter into or have entered into with you. • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. • Where we need to comply with a legal or regulatory obligation. We use your data collected from the website to personalize your repeat visits to our website. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

2. Cookies

We use “cookie” technology, and other similar technologies, to collect additional website usage data and to enhance the user experience. A cookie is a simple text file that is stored on your device. Different types of cookies exist and they might be stored on the users’ devices for different timeframes: session cookies are cancelled at the end of each browsing session; persistent cookies may last up to a certain date that has been pre-set by their owner. You can see the full list of used cookies here Please note that we could be required under local law to obtain consent from you for the use of some of the cookie technologies. If so, we will ask you to consent with the placement of the cookies when you enter the Site. If you have consented with the use of cookies, you have the right to withdraw your consent at any time. You may choose to set your web browser to refuse cookies, withhold consent, or to get an alert when cookies are being sent. Please note though that some parts of the site may not function properly and some services or some of the Site’s functionalities may not be available or work smoothly, and you could be required to modify or manually fill in some information or preferences each time you visit the Site. More information with regard to activation, deactivation and deletion of cookies can be found in the instructions via the help-functionality of your web browser. Links to modify the cookie settings in various browsers can be found here: • Firefox • Google Chrome • Internet Explorer • Microsoft Edge • Safari

3. Selling/sharing your personal data

Sometimes we may have to share your personal data with internal and/or external third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with the law We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We may share your data with group entities located in- and outside the European Economic Area (“EEA”), such as for the purpose of developing and executing our marketing activities as set out above. To the extent you are located in EU/EEA, please be informed that whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring relevant safeguards are implemented. Any transfer of your data outside the EEA will be based on the EU Commission’s Standard Contractual Clauses, Binding Corporate Rules or other valid legal basis for such transfer. We may share your data with third parties that provide database-, server-, maintenance-, security-, or other similar services to us (hereinafter referred to as ‘data processors’). If we provide access to your data, we require the third parties to keep your data confidential and instruct these parties to process this data only on behalf of us. Finally, we may also disclose your data if we believe that the disclosure is required by law, or is in response to a legal request.

4. Security

Be aware your choice of password is your primary security protecting your data from external viewing, so please choose wisely. We implement appropriate technical and organizational measures to protect your personal data, username, password, transaction information and data stored on our Site against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other forms of unlawful processing. Also, we require our data processors to implement such appropriate technical and organizational measures. 5. Retention period We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will only keep your personal data for as long as it is reasonably necessary, taking into consideration our need to answer queries or resolve problems, provide improved and new products and services and comply with legal requirements under applicable law(s).

5. Your data – your rights

You are entitled to know whether we hold personal data about you and, if we do, obtain insight to that data and require the data to be corrected, if inaccurate. You are also entitled to know the purpose(s) and you may object to our use of your personal data and require such data erased. Please contact us as described at the bottom of the page if you wish to obtain insight in your personal data or if you have any concerns in this regard. We may request provision of additional information necessary to confirm your identity. We will provide information on the actions taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You have the right to lodge a complaint with the supervisory authority if we do not respond in time or for any other reason. Modifications It is possible that this statement will be amended in the future. The most recent version will be available at all times.

6. Contact us

If you have any questions about this privacy policy, the practices of this site, or your dealings with this site, please contact us at: OTERRA and its global affiliates Oterra A/S Agern Alle 24 DK-2970 Hoersholm DENMARK Privacy Officer  

These are the cookies on this site: