Introduction

 

Last updated: 23.02.2026

1) Who we are

Exotek AS (“Exotek”, “we”, “us”) is the data controller for the personal data described in this Privacy Policy.

  • Company: Exotek AS

  • Address: Postvegen 12, 6018 Ålesund, Norway

  • Organisation number: 924 526 947

  • Email (privacy): sales@exotek.no

  • Phone: +47 702 39 650

If you have questions about how we process personal data or want to exercise your rights, contact us at sales@exotek.no.

2) What this policy covers

This policy applies when you:

  • visit our website,

  • contact us (e.g., “Book a demo”, request a quote, downloads, support),

  • buy products or services from Exotek,

  • communicate with us as a business contact, dealer, distributor, or partner.

3) What personal data we collect

We collect the categories below depending on how you interact with us:

A. Data you provide

  • Identity and contact details: name, email, phone, address, country/region

  • Enquiry details: what you ask for, comments you submit, preferences relevant to fulfilling the request

  • Purchase and customer information: orders, invoices, delivery details, communications with support

  • Marketing preferences: whether you subscribe/withdraw

B. Data we collect automatically

  • Technical and usage data: IP address, device/browser information, pages viewed, referral source, cookie identifiers (where used)

C. Data from third parties (limited)

  • If you are handled by a distributor/partner, we may receive status updates (e.g., whether contact was made), to manage the relationship and improve service.

Please avoid sensitive information: We do not need health or other special-category data (GDPR Art. 9) to handle enquiries. If you include sensitive information in a free-text field, we may delete it or limit processing to what is strictly necessary to respond.

4) Why we process your data and the legal bases (GDPR Art. 6)

We only process personal data when we have a lawful basis.

Purpose

Examples

Legal basis

Respond to enquiries and provide requested information/services

Demo requests, quote requests, brochure downloads, customer questions

Art. 6(1)(b) (steps at your request)

Route and forward your enquiry to the right local channel

Sharing contact details with an authorized distributor in your region so they can respond

Art. 6(1)(b) (necessary to respond) and/or Art. 6(1)(f) (legitimate interest in efficient handling)

Manage customer relationship and support

Warranty/service coordination, support tickets, follow-ups

Art. 6(1)(b) and/or Art. 6(1)(f)

Fulfil purchases and deliveries

Order processing, shipping arrangements, payment processing

Art. 6(1)(b)

Bookkeeping, accounting, and legal compliance

Keeping invoices/receipts, handling statutory obligations

Art. 6(1)(c) (legal obligation)

Security, fraud prevention, and website integrity

Abuse prevention, logs, security monitoring

Art. 6(1)(f) (legitimate interests)

Marketing communications (newsletter/updates)

Email updates, product news

Art. 6(1)(a) (consent)

Analytics and improvement (non-essential cookies)

Understanding site usage to improve content

Consent where required (cookie-based analytics)

 

Legitimate interests (Art. 6(1)(f))
Where we rely on legitimate interests, our interests are typically: operating a secure service, responding efficiently, maintaining CRM records, and improving customer experience. We balance these interests against your rights and expectations, and you can object where applicable.

5) Who we share personal data with (recipients)

We share personal data only when necessary for the purposes above.

A. Authorized distributors in your region
If you submit an enquiry (e.g., demo/quote), we may share your name and contact details and relevant enquiry information with our authorized distributor in your region so they can respond and handle your request.

  • In most cases, the distributor acts as an independent controller for their follow-up and will process your data under their own privacy policy.

  • We encourage you to review the distributor’s privacy information when they contact you.

B. Service providers (processors)
We use service providers that process personal data on our behalf, such as:

  • CRM and customer support tools: Hubspot and Monday.com

  • Website hosting and infrastructure: Hubspot

  • Email/marketing tools (if used): Hubspot

  • Payment providers (if applicable): Stripe and Tripletex

  • Shipping/logistics partners (if applicable): DHL and DSV

  • Cookie consent/cookie tools (if applicable): Hubspot
    These providers are required to protect personal data and only process it under our instructions where they act as processors.

C. Professional advisers and authorities
We may share data with auditors, lawyers, or public authorities when necessary for compliance, legal claims, or statutory requests.

6) International transfers (outside the EEA)

We are based in Norway (EEA). If we transfer personal data to recipients outside the EEA (for example, a distributor or an IT provider located outside the EEA), we ensure an appropriate transfer mechanism is used, such as:

  • an adequacy decision, or

  • EU Standard Contractual Clauses (SCCs) under GDPR Art. 46, plus supplementary measures where required.

You may request more information about the relevant safeguards by contacting us.

7) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described.

Typical retention periods:

  • Enquiries/leads (CRM): up to 8 years from last meaningful interaction, unless you become a customer or law requires longer.

  • Customer orders/invoices: stored in line with legal obligations, typically 8 years for primary accounting documentation.

  • Support and warranty cases: 8 years after case closure (or longer if required to document product safety, warranties, or legal claims).

  • Marketing consent records: for as long as we rely on consent, plus a limited period to document compliance (e.g., suppression list to respect opt-outs).

We may anonymize data instead of deleting it where appropriate.

8) Your rights

You have the rights granted by GDPR, including:

  • access to your personal data,

  • rectification,

  • erasure (in certain cases),

  • restriction,

  • data portability (where applicable),

  • objection (especially where we rely on legitimate interests),

  • withdrawal of consent at any time for consent-based processing (e.g., marketing).

To exercise your rights, contact us at sales@exotek.no.

Right to complain: You can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.

9) Cookies and similar technologies

We use necessary cookies for website functionality and may use optional cookies (analytics/marketing) depending on your consent settings. If we use non-essential cookies, we collect consent through our cookie banner and allow you to change preferences at any time.

10) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects on you (GDPR Art. 22). If this changes, we will update this policy and provide required information.

11) Security

We use appropriate technical and organizational measures to protect personal data, including access controls, least-privilege access, and vendor security requirements. No system is perfectly secure, but we work to reduce risk proportionate to the data processed.

12) Changes to this policy

We may update this policy from time to time. The “Last updated” date will show when changes were made.

13) Contact

For privacy questions or requests, contact:

  • Email: sales@exotek.no

Address: Postvegen 12, 6018 Ålesund, Norway

 

image

Join our newsletter to stay up to date on features and releases.

Quick Links
Book a Demo Service & Warranty Exotek Brochure Download Partners Become a Dealer
Contact
icon sales@exotek.no
icon +47 702 39 650
icon Postvegen 12, 6018 Ålesund
Follow Us

2025 Exotek. All rights reserved.

Privacy Policy Terms of Service