I.  INTRODUCTION AND SCOPE

This statement, referred to as  the “Terms of Use and Privacy Policy for Namron Simplify”, has been prepared to set out the rights and obligations between you as a user of the service (“User”) and Elektroimportøren AS (the “Company”, “we”, “us”). The document applies to any use of Namron Simplify, including the application, associated products, websites, services and features, whether provided directly by Elektroimportøren or through approved partners.

Namron Simplify is more than an application – it is a platform for intelligent, data-driven and automatic management of your residential or commercial building, based on connected devices from Namron and supported third-party products.

By installing, using, signing up for, or otherwise accessing Namron

Simplify, you agree to be bound by this document, which constitutes a legal agreement. If you do not agree to the terms of this Statement, please do not use the Service.

The Statement is drafted in accordance with applicable law, including:

• Personal Data Act (with incorporated GDPR)

•       Marketing

• The Electronic Communications Act
  • As well as other Norwegian and European regulations and practices in consumer and data protection.

The document is structured to provide maximum transparency, user safety and compliance, and includes both:

•       Terms of Service

• Privacy Policy (how your data is processed, stored and protected)

II.  DEFINITIONS AND BASIC CONCEPTS

1.    User

“User” means any natural person who has reached the age of 16 and who, on a voluntary basis, enters into a customer relationship by using the Namron Simplify App and related services. The user undertakes, through acceptance of these terms and conditions, to comply with applicable laws and regulations, as well as to act in accordance with the principles of sound and secure digital practice. A User can be both an end customer, a household member or a responsible technical installer, as long as the use is in accordance with the purpose of the service.

2.    Service

The Service encompasses the entire ecosystem associated with Namron Simplify, including the mobile application, website, user account, Simplify Hub, connected components, cloud-based backend solutions and any other functionality provided by Elektroimportøren AS or its approved technology partners. The service has been developed to enable intelligent control and monitoring of smart home solutions, with the aim of providing the user with increased comfort, energy efficiency, security and insight into their own consumption and indoor climate. In order to use the service, the User is required to agree to these terms and conditions and register a user profile.

3.    Personal data

Personal data is any form of information that can be directly or indirectly linked to an identified or identifiable natural person. This includes, but is not limited to, name, address, email, phone number, device ID, location data, power consumption, indoor climate data (such as temperature and humidity), as well as interaction history in the app. All processing of personal data takes place in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act, and is processed with strict technical and organizational security measures to ensure confidentiality, integrity and availability.

4.    Processing of personal data

“Processing” means any operation or series of operations that is performed with Personal Data, whether by automated or manual means. This includes, but is not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, reading, use, disclosure by transmission, dissemination or any other form of making available, compilation or combination, restriction, erasure or destruction. All processing that takes place in connection with Namron Simplify takes place in line with the purposes set out in this Notice and subject to relevant safeguards.

5.    Data Controller

Controller is the entity that determines the purposes and means of the processing of personal data. In this context, it is Elektroimportøren AS, organization number 913 250 524, with its head office at Nedre Kalbakkvei 88B, 1081 Oslo, which holds the legal and operational responsibility for the personal data you register or generate through the use of Simplify. As a data controller, the company undertakes to:

safeguard your rights and ensure that the processing is in accordance with legislation, industry standards and ethical guidelines.

6.    Data processor

A data processor is an external legal or natural person who, on behalf of the data controller, processes personal data pursuant to a written agreement specifying the purpose and scope. Data processors who assist Elektroimportøren AS with technical operations, cloud storage, analysis or user support are only given access to data to the extent necessary, and are obliged to implement robust security measures and comply with the requirements of GDPR Article 28. We set requirements for documented compliance, auditability and transparent data processing from all our data processors.

7.    Assent

A consent is a voluntary, specific, informed and unambiguous declaration of your will as a User, where, through an active action (e.g. ticking or setting in the app), you consent to the processing of personal data for one or more specific purposes. Consent can be withdrawn at any time, and the withdrawal will have effect for all future processing. If the basis for processing is consent, you will always be explicitly informed of this, and the consent must be clearly separated from other terms and conditions.

8.    Profiling

Profiling involves any form of automated processing of personal data that is used to assess, analyze or predict personal aspects of the User, including behavioral patterns, preferences, consumption habits or technical use of devices. In Simplify, any profiling only takes place where it is strictly necessary to provide intelligent functions, such as automatic temperature control based on movement patterns, and never for commercial purposes or without a legal basis. No decisions that have legal effect on you will be made solely on the basis of profiling.

9.    Pseudonymization

Pseudonymization is a technique in which identifying elements of the data are removed or replaced, so that they can no longer be directly linked to an individual without access to separate and protected additional information. This process reduces the risk of processing, especially in connection with error analysis, product development and statistics. In such cases, the data will not be able to identify you without the link being restored through separate security control, which is only available to authorized system administrators.

10.   Account

A User Account is the personal profile that is created when a User registers in Namron Simplify. The account represents the User’s digital identity within the platform, and is linked to all connected devices, stored preferences, automation settings, sensor data and usage patterns. The user account provides access to the full functionality of the service and is protected by passwords and authentication routines. Information related to the account is stored for as long as the account is active or there is a legal basis for processing.

11.   System Data

System data is technical information that is generated automatically when the User uses the Service. This includes, but is not limited to, app events, system logs, version numbers, error reports, load time, uptime, and other diagnostic indicators. Such data is used to ensure system availability, detect anomalies, prevent abuse, and improve performance and user experience. System data is stored in accordance with strict security procedures and analyzed only in pseudonymized or aggregated form, unless otherwise agreed.

III.  TERMS OF USE AND PLATFORM FEATURES

Namron Simplify is designed to give you as a user intelligent and intuitive control over your home, through a secure, user-friendly and flexible digital platform. This chapter describes the terms of use, the system’s functions and responsibilities between you as a user and Elektroimportøren AS.

1.    Access and user registration

In order to use the service fully, you must create a personal user account. This is done by registering in the Simplify app, where you provide basic information such as name, email and address. Access is individual and cannot be transferred or shared with unauthorized persons.

You are responsible for keeping your login details (username and password) safe. Any suspicion of unauthorised use or loss of control of the account must be reported to us immediately. In the event of a security breach, we reserve the right to suspend or temporarily disable your account to protect you.

2.    What the service includes

Namron Simplify consists of the following core components:

• The mobile application: The control center for your smart home – here you control lights, heating, awnings, sensors and power consumption directly from your phone.
  • Simplify Hub: The on-premises device that connects your physical components and communicates securely with our cloud services.
  • Cloud-based operation and storage: All data is processed and stored securely on servers in the EEA, with high availability and redundancy.
  • Namron components and approved third-party products: Compatible devices in lighting, heating, power management, sensors, and scenario management.

Examples of features you can access:

• Turn off all lights and lower the heat with one touch when you leave the home
  • Get alerts if the window is open and the heating is on
  • See real-time data for energy consumption and indoor climate throughout the home
  • Set up timed actions or automation based on sensor data Simplify isn’t just control – it’s proactive home optimization.

3.    System Requirements & Compatibility

To ensure optimal functionality, the following must be in place:

• Mobile device with updated iOS or Android operating system
  • Stable internet connection, both locally (Wi-Fi) and for Hub
  • Simplify Hub, properly installed in the home

• Compatible Namron devices, or other approved products from partner vendors

Updated requirements and compatibility lists can be found at any time on https://simplify.namron.com/kompatibilitet

In the event of changes in technical requirements or support for products, we will always seek to provide reasonable notice and provide alternatives where possible.

4.    User’s Responsibility and Acceptable Use

By using the Service, you agree to the following responsibilities:

• You shall use the Service in accordance with its purpose: comfort, efficiency, and peace of mind
  • You are responsible for the right installations – whether you do it yourself or use a professional
  • You shall not use the Service for surveillance, data collection or manipulation without the consent of all affected persons
  • You will not attempt to modify, copy, tamper with, or reproduce the Service’s software, in whole or in part
  • You are responsible for the use of the service in your household, including children and other family members with access

In the event of a breach of these obligations, we reserve the right to temporarily suspend or permanently deactivate the user account.

5.    Availability, uptime and maintenance

We strive for high availability, but at the same time point out that no digital service can guarantee 100% uptime. To ensure stable operations and continuous improvement, we must from time to time perform:

• Planned maintenance (will be notified in good time)
  • Security updates and software enhancements
  • Emergency measures in the event of technical faults or safety incidents

We do not accept financial responsibility for direct or indirect losses as a result of interruption of service, unless there is gross negligence on our part.

Force majeure that may affect the Service includes, but is not limited to:

• Natural disasters, fire, power outages
  • War, pandemic, strike, or government restrictions
  • Remote cyberattacks or global infrastructure failures

6.    Discontinuation and modification of the service

The Service is constantly evolving and we reserve the right to:

• Introduce new features or remove old ones
  • Gradually phasing out support for outdated devices
  • Discontinue all or part of the Service, if market conditions, security or technological developments so warrant

In the event of permanent termination of the service, you will receive:

• Minimum 90 days’ notice
  • Information on how to download or transfer your data
  • Any compensation, where applicable

IV.  PRIVACY STATEMENT

Part 1: Introduction and our commitments

At Elektroimportøren AS, we understand that privacy is more than a formality – it is a fundamental right and a prerequisite for you as a user to feel safe in your encounters with our digital services. When you use Namron Simplify, you leave control of parts of your everyday life to technology. This means that we get access to data about you, your home and your habits. We take this responsibility extremely seriously.

Therefore, we have developed this privacy policy to provide you with full insight, maximum transparency and clear information about how we relate to your personal data – from the first data point to eventual deletion.

All processing of personal data takes place in accordance with:

• The Personal Data Act of 2018 (implementation of GDPR in Norwegian law)
  • EU Regulation 2016/679 (GDPR)
  • The Electronic Communications Act (Electronic Communications Act)
  • The Marketing Practices Act and other relevant regulations

We have embedded privacy in every part of our business – from product development to end-user experience. This is reflected in our seven core principles:

1. Legality, fairness and transparency

We never process your personal data without a lawful basis. Every single processing – whether it is registration, storage, analysis or deletion – must be rooted in clear purposes, with clear justification, and you must always know what we are doing and why. We will never use your data for purposes that are hidden from you, and we will never disclose information to third parties without a legal basis or based on explicit consent.

• Purpose limitation

We collect personal data for clearly defined and legitimate purposes, such as: to provide the service you have requested, to ensure stable operation, maintenance and development of the service, to provide you with insight into your consumption and indoor climate, to notify you of status, deviations or events in your home, and to provide support and technical troubleshooting. We never use personal data for purposes that are incompatible with the original, unless we either explicitly inform you or have another legal basis.

• Data minimization

We only collect data that is necessary to provide the service. This means that we do not ask for or store unnecessary information “just in case”. Examples: We ask for an address to associate devices with the correct location. We need power consumption data to show you measurements in the app. We log system status to detect technical errors. We store contact information so that you can receive notifications and updates. Everything that is not necessary, we do not collect.

• Correctness

We make sure that the information we store about you is correct and up-to-date. This is done through automatic updates from the app, the ability for you as a user to edit account information, and continuous validation of registered data at the

operational changes. You have the right to request correction at any time – and we will make the change immediately after you contact us.

• Storage limitation

We do not store personal data for longer than is necessary. When you close your account, the purpose of the processing no longer exists, you withdraw consent, or we no longer have a legal basis, we delete or anonymize the data according to clear and documented procedures. Exceptions apply where we are required to store information, for example in accordance with the Bookkeeping Act (up to 5 years).

• Integrity and confidentiality

We protect your data with multiple layers of security measures, including: transport encryption (TLS) between app, hub, and cloud, encrypted storage at the server level, access control and logging of all data requests, security monitoring and notification of suspicious incidents, regular auditing and third-party penetration testing, as well as internal data minimization and access restriction – only people with business needs are granted access. In the event of a security breach, you will be notified in accordance with GDPR art. 33 and 34 – within 72 hours.

• Accountability

We document all processing, assess risk on an ongoing basis and conduct data protection impact assessments (DPIAs) where required. We have appointed a dedicated responsible privacy team, and all our employees with access to data have been trained in confidentiality, compliance and data security. We are committed to continuous improvement and are open to audits by relevant supervisory authorities.

Part 2: What personal data we collect, how and why

When you use Namron Simplify, a variety of personal data is collected that is necessary to provide, improve, and secure the service. We take a structured and controlled approach to data collection, where all information is processed in accordance with the principles of purpose limitation, data minimisation and security. Below we describe the categories of personal data that are processed, how the data is collected, and what is the legal and practical basis for the processing.

1. Identification and contact information

We collect basic information about you in order to create and manage your user account. This includes your full name, address, email address, phone number, and language selection. The address is linked to the location where your smart home components are installed and is used for correct system configuration, notifications and customer support.

Contact information enables dialogue, security measures and operation of the service.

• Account information and authentication

When you create a user account, username, encrypted password, time of registration and login, as well as any division of roles between users in the household, are registered. This gives you, as the account owner, control over who has access, and makes it possible to ensure authentication and protection against unauthorized use.

• Device and location data

Simplify Hub and connected components report which devices are connected to the system, what type each device represents, and what room or area they are located in. The user can name the units themselves, for example “Living room panel right” or

“Basement light”. Location data is only used to ensure that functionality and automation are properly adapted to your actual living environment.

• Sensor and system data

When smart home components are in use, real-time data and history are generated, including temperature, humidity, power consumption, motion detection, status of lights, heating, awnings and the like. Timestamps are associated with events and scenario management. This data is necessary to deliver the core functions of the app, and gives you an overview, history and control over energy use and indoor climate.

• Technical and diagnostic information

The app and system generate technical data such as IP address, mobile operating system, app version, language settings, error codes, uptime, response times, and crash logs. This helps us to ensure stable operations, perform troubleshooting, as well as to improve performance and user experience. The data is stored in logs that are only accessible to authorized technical personnel.

• Communication and support dialogues

If you contact customer service, or participate in user surveys, information related to the case is registered. This can include emails, chat dialogues, phone calls, and feedback from questionnaires. These are only used to follow up on the inquiry, improve customer support and ensure the quality of the service.

• Third-party data and integrations

If you connect third-party devices to Simplify (e.g. electricity supplier, voice control or smart meter), we may receive information through integrated APIs. All such data collection takes place with your consent and within the framework of the necessary data processing agreements. We do not share information back to third parties without an explicit legal basis.

• How the information is collected

The data is obtained either directly from you when you register or change settings, automatically from your devices during normal use, or through communication with our systems and support channels. Certain technical data is also retrieved from your mobile device (such as operating system and network status) to optimize the user experience.

• Why we collect the information

The purpose of the processing of personal data is to be able to offer a full-fledged and secure smart home experience. This includes service delivery, authentication, scenario management, troubleshooting, security follow-up, customer support, and continuous development. We also analyze aggregated and anonymized data to identify improvement points in the system. We never use your personal data for marketing or sharing without your explicit consent.

Part 3: What we use your information for

The personal data we collect through Namron Simplify is only used for clearly defined, lawful and legitimate purposes. Any use is based on either a contract you have entered into with us, a valid consent, a legal obligation, or a legitimate interest that has been assessed and documented. We conduct thorough assessments of the legal basis for each data category and ensure that the data is never used for any purpose other than that described here.

1. Provision of the Service

We use your personal information to provide the service you have requested in a safe, stable and efficient manner. This includes user account creation and management, operation of Simplify Hub and connected devices, authentication,

configuration, display of sensor and status data, as well as communication between app, cloud and physical equipment. Data such as temperature, power consumption and movement must be processed continuously in order for you to be able to monitor and control your smart home.

• Maintaining security and stability

To protect both you as a user and our infrastructure, we use technical data and system logs to monitor the stability of the service, identify irregularities, avert attacks and correct errors. We don’t monitor people, but system performance.

Error history and crash logs are processed exclusively to ensure high uptime and ease of use.

• Support and troubleshooting

If you contact us, we use your registered information and technical logs to provide quick and targeted assistance. This includes access to anonymized or pseudonymized system data that allows our technicians to understand what has happened, without compromising privacy. Communication with customer service is documented for quality assurance and history.

• Automation and scenario management

In order to define and use automatic actions – such as turning off the lights when no one is home, or the awning being rolled in in windy conditions – the system must have access to ongoing sensor data and device status information. All such processing takes place locally in the hub or on secure servers, and only within the scope of the functionality you have chosen to configure.

• Insights and visualization

The user is offered visualization of data such as power consumption, temperature development and usage patterns in the app. These are displayed in the form of graphs, history and summaries, and are only available to the user themselves or people you have given access. We do not use these insights for profiling or legal decision-making, and the data is not shared with third parties.

• Further development of the service

We use aggregated, anonymized and statistically processed information to analyze usage patterns and improve the service. This could include, for example, seeing which features are used most often, which devices are connected, and which errors occur most frequently. No analysis takes place at the individual level unless you have consented to it, for example in beta testing or functional development.

• Notification and information sharing

If there are any discrepancies, updates or material changes to the Service, we may send you notifications via email, push notifications or app notifications. This is considered part of the service and does not require special consent. You will not receive marketing or third-party content without your prior consent.

• Compliance with legal requirements

We may be legally obliged to process or disclose certain information if required to do so by Norwegian law, court orders or orders from relevant authorities. This may be related to accounting, security legislation or criminal investigations, for example. In such cases, we limit the scope to what is strictly necessary.

• Processing based on consent

For some features – such as participating in surveys, beta testing, or using external integrations – we explicitly ask for your consent. You can withdraw this consent at any time, and we will then stop all further processing related to the relevant purpose.

1. No use for commercial profiling

We never use your personal data for profiling, tracking, resale or automated decision-making for the purpose of influencing your behaviour. We fully respect your privacy and have no commercial motivation related to the collection of behavioral data.

Part 4: How long we store data, and what happens upon deletion

We store personal data only for as long as it is necessary to fulfil the purpose of the processing, or for as long as we are required by law to retain the information. This means that we have established clear and verifiable routines for data storage, deletion and anonymization, adapted to different categories of information and their function in the service.

1. General principles of storage

Any personal data you register or that is generated through the use of Namron Simplify will be assessed in light of the purpose for which it is processed and will be deleted when the purpose no longer exists. This applies, for example, when you close your user account, when you withdraw your consent, or when a function is no longer used. We use technical deletion, anonymization and access restriction as tools for controlled phasing out of data.

• Account and contact information

As long as your user account is active, we will retain your name, address, email and phone number in order to provide the service and communicate with you. When your account is closed, this data will be permanently deleted within 30 days, unless you ask us to do so sooner. You can also request deletion of data while the account is active, as long as it does not compromise the necessary functioning of the service.

• Sensor and device data

Data from connected components such as temperature, power consumption, light status and indoor climate are stored in your personal account in a duration-based history system. We retain this data for up to 12 months for ongoing display in the app, after which it may be aggregated into anonymized datasets for general statistics and improvement purposes.

You can request that history associated with your devices be deleted immediately at any time.

• Technical logs and events

System logs that are recorded to detect errors, optimize performance, or analyze technical operations are generally stored for a maximum of 90 days, unless they are part of error cases that require longer documentation. These logs are not identifiable and are only used by authorized system administrators.

• Communication and support

Customer service inquiries, including emails, chat, phone calls, and questionnaires, are stored for up to 12 months in order to follow up on proceedings, document resolution history, and improve our support. Upon request, these can be anonymised or deleted earlier.

• Accounting and legal documentation

Data related to payments, invoices and financial transactions are stored in accordance with the requirements of the Bookkeeping Act, normally for up to 5 years. We do not store card information or other sensitive payment information ourselves – this is handled by our payment provider in accordance with applicable regulations.

• Correction, restriction and deletion on request

You have the right to request correction of incorrect information, restriction of processing (for example in the event of a conflict), and full erasure if we no longer have

basis for processing. If you ask us to delete your account and associated data, this will be done within 30 days. You can submit such requests directly through the App or to our Privacy Team.

• Account closure

When you choose to close your account, we will first ask you to confirm that you wish to delete all history and information. Thereafter, all associated data is anonymized or deleted in accordance with the points above. You will receive confirmation that this has been done. If you don’t actively delete your account, but it remains inactive for more than 24 months, we’ll send you a reminder before any automatic deletion is considered.

Section 5: Who we share personal data with and why

We only share personal information when strictly necessary to provide, secure, or improve the Namron Simplify service. All sharing takes place within the framework of statutory requirements, entered into agreements and documented compliance with data protection legislation. We never sell data. We never give third parties access to your data for their own purposes. All processing takes place on our behalf and under our control.

1. Data processors and technology partners

We use reliable and professional data processors to operate our systems, store data securely, provide support and further develop the platform. These include cloud service providers, software development, analytics tools, and communication systems. All such providers are subject to strict data processing agreements that regulate access, processing purposes, security, deletion and confidentiality. They are only given access to what is necessary to carry out their assignment, and are not allowed to use the data for their own purposes.

• Local installers and partners

If you have purchased or installed smart home products through an authorized Namron partner, and you consent to it, relevant information may be shared with the installer or service partner in order to provide you with technical assistance, troubleshoot or follow up on the installation. This is only on your initiative or explicit consent, and typically applies to data such as device name, affiliation, and status, not personal messages or history.

• Integrations with third-party providers

Namron Simplify can be extended with integrations with external systems or platforms, such as electricity suppliers, voice control, home networks or energy monitoring. When you choose to enable such integrations, you give permission for certain data to be shared with that service. This can include power consumption, status messages, or automation signals. Sharing only takes place to the extent necessary for the functionality, and you can withdraw your consent at any time.

• Authorities and legal obligations

In special cases, we may be required to disclose personal data to public authorities, such as the police, the Tax Administration, the Data Protection Authority or courts, if there is a legal basis such as orders, court orders or investigations of illegal activities. In such cases, we will do our utmost to limit disclosure to what is strictly necessary and inform you if permitted by law.

• Internal division in the group

Elektroimportøren AS is the data controller for Namron Simplify. If technical or legal assistance is required, certain data may be shared internally within the Group, for example with Namron AS, Spoton AS or Elbutik AB in Sweden, if this is necessary for

further development, customer service or security management. All internal processing takes place with the same level of security, confidentiality and purpose limitation as described in this statement.

• Transfer to third countries

In the rare cases where our subcontractors use data centers or support resources outside the EEA, we ensure that the transfer takes place in accordance with the EU Standard Contractual Clauses (SCC) and with adequate security guarantees. This only applies to highly specialised technical services where there are no corresponding suppliers within the EEA.

• Auditing and documentation

We keep an ongoing record of all third parties with whom we share data, including the purpose, basis for processing, duration and security measures. This overview is part of our processing protocol in line with GDPR Article 30 and is updated continuously.

Section 6: Your rights as a data subject

As a user of Namron Simplify and a registered person according to the Personal Data Act and the EU’s General Data Protection Regulation (GDPR), you have a number of rights related to how your personal data is processed. These rights are an important part of our commitment to transparency, respect and control, and they are implemented in all our systems and procedures.

1. Right to information

You have the right to receive clear and easily accessible information about how we process your personal data. This Privacy Policy is our main document for fulfilling this requirement. You can also contact us directly if you need further explanation or specific details about our data processing.

• Right of access

You have the right to request access to what personal data we have stored about you, including the purposes of the processing, what categories of data are processed, with whom the data, if any, has been shared, how long we store it, and where we have obtained it from. Access is normally provided within 30 days of request, and you can request this via the app or our privacy policy.

• Right to rectification

If you discover that personal data we have registered about you is incorrect, incomplete or outdated, you have the right to request that it be corrected. Some information can be changed directly in the app, while others can be updated by contacting customer service or our privacy team. We carry out corrections without unnecessary delay.

• Right to erasure (“right to be forgotten”)

You can request that we delete your personal data if one of the following conditions is met: the data is no longer necessary for the purpose, you withdraw your consent, you object to the processing, the data has been processed unlawfully, or deletion is required by law. We will always assess the request and delete data within 30 days if there is no compelling legal reason for further processing.

• Right to restriction of processing

In certain cases, you have the right to request that the processing of your personal data be restricted. This may be relevant if you believe the information is incorrect, if you have objected to the processing, or if you want to prevent deletion temporarily pending legal clarification. In such cases, we mark the data as “limited” and make sure that it is not used beyond what has been agreed.

• Right to data portability

You have the right to receive personal data you have provided to us – in a structured, machine-readable and commonly used format – and you can request that this be transferred to another controller where technically feasible. This applies to processing that is based on consent or contract and that takes place automatically.

• Right to protest

If the processing of your data is based on our legitimate interest, you have the right to object to this, and we must then consider whether we can continue the processing. If the purpose is direct marketing (which we do not engage in without consent in any case), you can always object and we will immediately stop the processing.

• Right not to be subject to automated decision-making

You have the right not to be subject to decisions that are based solely on automated processing, including profiling, and that have legal or similarly significant effects concerning you.

• Right to withdraw consent

If the processing of your personal data is based on your consent, you can withdraw this consent at any time. This does not affect the lawfulness of the processing up to the time of the withdrawal. You can withdraw consent directly in the app where the consent is given, or by contacting us.

1. Right to complain to a supervisory authority

If you believe that our processing of your personal data violates applicable regulations, you have the right to file a complaint with the Norwegian Data Protection Authority. However, we encourage you to contact us first, so that we have the opportunity to correct any misunderstandings or errors.

Contact information for the Norwegian Data Protection Authority:

The Norwegian Data Protection Authority

P.O. Box 458 Sentrum

0105 Oslo

E-mail: postkasse@datatilsynet.no Website: www.datatilsynet.no

Part 7: How we protect your data

The security of your personal data is fundamentally important to us. We treat your data with the same seriousness and precision as we treat our own business-critical infrastructure. Through a combination of technological measures, organizational routines and continuous risk assessment, we protect confidentiality, integrity and availability in all parts of the Namron Simplify ecosystem.

1. Holistic security architecture

Namron Simplify is built on a modern and modular platform where every single link – from app and hub to cloud and data storage – follows a consistent security design. All communication between the app, devices and cloud services takes place over encrypted channels with TLS (Transport Layer Security). Data stored in the cloud is protected with encryption both “in transit” and “at rest”.

• Access control and role restriction

Only authorized employees of Elektroimportøren AS, or approved data processors, have access to personal data, and only to the extent necessary to perform

specific tasks. Accesses are allocated according to the principle of least privilege, and logged for traceability. Administrative interfaces are protected with two-factor authentication and strong authentication requirements.

• System monitoring and incident response

All our systems are constantly monitored for irregularities, performance deviations, attempts at unauthorized access, and technical errors. We use both automated incident response and manual monitoring. When detecting potential security incidents, we have defined processes and preparedness for rapid response and possible notification in line with GDPR Article 33.

• Physical and infrastructure security

Data is stored exclusively in data centers located in the EU/EEA that meet strict requirements for physical security, operational security and environmental control. Our subcontractors are ISO 27001 certified, and we conduct our own risk assessments and security audits of all critical services and supplier relationships.

• Software development and security practices

All development of Namron Simplify follows established principles of “Privacy by Design” and “Security by Design”. Source code undergoes manual and automatic quality control, and the systems are regularly tested through internal audits, external penetration testing, and automated vulnerability analyses. Changes are deployed in a controlled manner, with staging, rollbacking, and monitoring.

• Logging, traceability and internal control

All changes, access and access attempts in the system are logged and reviewed periodically. It makes it possible to detect suspicious activity and document that data processing takes place in accordance with our internal policies. We also keep audit logs related to technical operations and data processing activities.

• Training and raising awareness

All employees with access to personal data have undergone training in information security, confidentiality and GDPR principles. We have established routines for reporting non-conformities and potential threats, and there are clear requirements for compliance with security procedures both internally and with suppliers.

• Data breach management

In the event of a data breach that entails a risk to your rights and freedoms, we will notify the Norwegian Data Protection Authority within 72 hours and at the same time inform you without undue delay. We have internal procedures for identifying, analysing and reporting such incidents, and we document all measures and root cause analyses afterwards.

Section 8: Children’s Privacy and Consent

We take children’s right to privacy very seriously. Although Namron Simplify is primarily aimed at adult users and homeowners, we recognize that smart home technology is often used in homes where children are also present, and that parts of the service – such as temperature control, lighting and notifications – can directly affect them. Therefore, we have established clear guidelines for the processing of personal data in situations where children are covered by the service.

1. Minimum Age for Registration

To create a user account in Namron Simplify, you must be at least 16 years old. This is in accordance with the recommendations from the Norwegian Data Protection Authority and is in line with the Personal Data Act § 5 and

GDPR Article 8. If you are under 16 years old, consent from parents or guardians is required before registration. In case of doubt about age, we can ask for confirmation.

• Consent from parents

If children under the age of 16 are to use the service actively, for example by parents wanting to give access to children in the household, the express consent of the person or persons with parental responsibility is required. This consent must be informed, voluntary and documentable, and can be withdrawn at any time. Upon withdrawal, access will be disabled and any associated data will be deleted according to our ordinary routines.

• Processing of the child’s data in the context of the household

Namron Simplify does not collect data for the purpose of identifying or profiling children. If devices are placed in rooms that are used by children, data such as temperature, light status or movement can be recorded in anonymous form – without being able to be linked to the child as an individual. We do not process sensitive personal data related to children, and we never use such data for marketing, profiling or further sharing.

• User profiles and access levels

Parents can choose to create separate user profiles for family members, including children, with limited rights. This gives you control over which features your child has access to, and makes it possible to exclude access to history, notifications and configuration. Children are never given access to administration, integrations or privacy-sensitive information.

• Information, awareness and responsibility

We encourage parents to inform their children about how the service works, what is registered and what rights they have. In the event of suspicion of unauthorized or improper use, both the child or the parent can request correction, deletion or access to any registered data.

• Inquiries and deletion of children’s data

Parents can at any time ask us to gain access to what information may be stored about children in the household, or request that all connection between the child and the user account be deleted. We will then delete or anonymize relevant data in line with our routines and confirm this in writing.

Section 9: Use of Cookies, Analytics and Tracking Technologies

Elektroimportøren AS uses cookies and associated analysis and tracking technologies in connection with the use of our digital interfaces, including websites related to Namron Simplify, the application itself and any integrated third-party services. This is done to give you the best possible user experience, ensure stable operations and collect insights that are used for further development of the solution – never for commercial exploitation of your personal behavior.

1. What are cookies

A cookie is a small text file that is stored in your browser or on your device when you visit a website or use an app. Cookies are used to remember settings, recognize users, secure login, customize views and collect anonymized statistics about how the service is used. Some cookies are necessary for the service to function properly, while others are used for analysis and performance purposes.

• Types of cookies we use

We use the following categories of cookies in our solutions:

• Necessary cookies: These are essential to be able to navigate the solution and use its features, such as login, navigation, language selection and security. These cannot be disabled.
• Performance cookies: Used to analyze how users interact with the service, such as which pages are visited, how often, and for how long. This gives us insight into how we can improve structure, content and stability.
• Feature cookies: Allows the system to remember preferences, such as display choices and configurations in the app.
• Statistics and analytics tools: We use tools such as Google Analytics and Hotjar to collect aggregated usage data on an anonymous level. These give us an overview of how the system is used, but do not identify you as a person.
• Fault and crash diagnostics: Some cookies are used to log technical faults and performance deviations for support and maintenance.
• Consent and control

On your first use of our website, you will be given the opportunity to consent to the use of non-essential cookies. You can change or withdraw this consent at any time via our cookie settings, or through settings in your browser. We encourage you to review these settings if you want more control over your digital behavior.

• Cookie storage time

The lifespan of cookies varies depending on the function. Some are automatically deleted when you close your browser (“session cookies”), while others may be stored for a limited period of time (e.g. 30 days) to preserve user settings and preferences. You can delete cookies yourself at any time from your browser or device.

• Third-party cookies and sharing

In some cases, third-party services are used for functionality or statistics (e.g. Google or Facebook). These may set their own cookies if you interact with such functions via our interface, e.g. when using third-party logins or links to external sites. We do not share your personal data with such parties without consent, and we only use companies that offer similar protection as Norwegian and European legislation requires.

• App-specific technologies

In addition to browser cookies, the Namron Simplify app uses technologies such as “local storage”, “device logs” and “analytics SDKs” for similar purposes. These are subject to the same principles and restrictions as other cookies and do not affect the other contents of the device.

• No tracking for marketing

We do not use cookies to map the user’s behavior for the purpose of targeted marketing, profiling or advertising. All collected data is used solely for technical operations, improvement of the service, and general user experience – never for commercial exploitation or resale.

Section 10: Changes to the Privacy Policy and Notice

We reserve the right to update this Privacy Policy whenever necessary to reflect changes in legislation, technological solutions, service offerings or internal routines. We do this as part of our responsibility for compliance, transparency and protection of your rights.

1. When we update the Privacy Policy

Changes may occur if we launch new features, integrate with new partners, change processing purposes, or have new regulatory requirements. All changes are documented internally and published in an updated version with the date and version number.

• How to be notified of changes

If the changes are material – i.e. affect your rights, the basis for processing or how we use your personal data – we will notify you in a clear and timely manner. This can be done via:

• In-app notification
• E-mail to registered users
• Publication on our website or in the update log

Notification will take place well in advance of the changes taking effect, and you will be given the opportunity to familiarise yourself with the content. Where consent is required, we will ask for this before new processing begins.

• Your Right to Opt Out or Terminate Use

If you do not wish to accept an amended privacy policy, you always have the right to terminate the use of the service and request that your personal data be deleted. We will never make changes that reduce your privacy without a valid basis and information.

• History and version control

Previous versions of the Privacy Policy may be made available upon request. We keep audit history and archives of all changes in accordance with the principles of accountability and documentation according to GDPR articles 5 and 30.

Section 11: Data controller, contact information and data protection officer

Elektroimportøren AS is the data controller for all personal data processed through Namron Simplify. This means that we have the overall legal responsibility for ensuring that your personal data is handled in accordance with applicable regulations, and that your rights as a data subject are safeguarded throughout the processing process.

1. Data Controller

The data controller for Namron Simplify is: Elektroimportøren AS Organization number: 913 250 524

Postal address: Nedre Kalbakkvei 88B, 1081 OSLO Phone: 22 81 27 70

E-mail: personopplysninger@elektroimportoren.no Website: www.elektroimportoren.no

• Contact regarding privacy

If you have any questions, requests or objections related to our processing of personal data, you can contact our privacy team at any time. We treat all inquiries with discretion and prioritize quick response. Requests for access, correction, deletion, restriction or data portability are processed without undue delay, and no later than within the deadlines required by law.

• Data Protection Officer

Elektroimportøren AS has appointed a dedicated data protection officer as an advisor to the management and contact point for both users and supervisory authorities. The Ombud monitors

our compliance with data protection laws and helps ensure compliance with the Privacy by Design and Privacy by Default Principles.

You can contact the Data Protection Officer via:

E-mail: personopplysninger@elektroimportoren.no

Post: Elektroimportøren AS v/Personvernombudet, Nedre Kalbakkvei 88B, 1081 OSLO

• Contact with supervisory authority

If you believe that our processing of personal data is not in accordance with applicable regulations, you have the right to complain to the Norwegian Data Protection Authority. However, we recommend that you contact us first so that we can correct any misunderstandings or errors as quickly as possible.

The Norwegian Data Protection Authority

P.O. Box 458 Sentrum

0105 Oslo

E-mail: postkasse@datatilsynet.no Website: www.datatilsynet.no

V.  TERMS OF USE

Part 1: Introduction and basic provisions

These Terms of Use (the “Terms”) apply to your access to and use of the Namron Simplify service, provided by Elektroimportøren AS, company registration number 913 250 524, with business address at Nedre Kalbakkvei 88B, 1081 OSLO (the “Provider” or “we”). By registering as a user, installing the Simplify Hub, using the App, or otherwise using the Service, you agree to be bound by these Terms, as well as our Privacy Policy, which forms an integral part of this document.

1. Purpose and content of the service

Namron Simplify is an integrated smart home solution that gives the user control over functions in the home, such as lighting, heating, power consumption, indoor climate and automation, through a connected hub and mobile application. The service provides access to live and historical data, scenario management, notifications, device management, and integrations with supported third-party systems.

• Conclusion and application of the Agreement

By using the service, you enter into a binding agreement with Elektroimportøren AS. The Terms apply to all use of the Service, regardless of whether you are an administrator, secondary user or temporary guest access. Use is subject to your acceptance of the Terms explicitly through registration, or implicitly through actual use. If you do not agree to the Terms, do not use the Service.

• Changes to the Terms

We reserve the right to update or change these Terms in the event of changes in the Service, technology or law. Changes will only take effect after you have been notified via the App or email, and we will give you a reasonable amount of time to familiarise yourself with them. Continued use after the changes have entered into force is considered acceptance.

If you do not wish to accept any changed terms, you must stop using the Service and, if necessary, request deletion of your account.

• Language and accessibility

The Terms are available in Norwegian and constitute the legally binding framework for users in Norway. The service is initially offered to consumers, but can also be used in a professional context in collaboration with approved partners. The document is available at all times via the app’s settings and on elektroimportoren.no.

• Relationship to the Privacy Policy

This Agreement must be read in conjunction with our Privacy Policy, which explains how we collect, use, and protect your personal information. Consent to the privacy policy is a prerequisite for the use of the service.

Part 2: User registration, account access and responsibilities

1. Creating a user account

To use Namron Simplify, you need to create a personal user account. Registration requires a valid email address, password, and associated address for physical installation. By registering, you confirm that the information you provide is correct, complete and up-to-date. The account is personal and cannot be transferred or shared with others without separate access sharing via the service.

• Age limit and legal capacity

You must be at least 16 years old to create an account and use the service without parental consent. If you are under the age of 16, documented consent from your parent or guardian is required in accordance with the Personal Data Act § 5 and GDPR Article 8. In case of doubt about age, we reserve the right to block the account until sufficient documentation has been presented.

• Account security and passwords

You are responsible for keeping your username and password confidential and secure. It is your responsibility to ensure that unauthorized persons do not gain access to your account. In case of suspected misuse, loss or unauthorized access, you must immediately change your password and notify us. We are not liable for losses due to negligence or failure to secure your login details.

• User roles and household access

The service allows the creation of multiple users associated with the same hub and installation. As the main user (administrator), you are responsible for which other people you give access to, as well as the level of access they are given. You are obliged to inform other users in your household about these terms and the privacy policy. All activity in the system is logged with the corresponding username.

• Changes to user information

You undertake to update the information in your account if there are changes that affect the service, such as a new address, e-mail or use of new smart home devices. Incorrect or incomplete data can lead to reduced functionality, lack of notification or incorrect information in the system.

• Responsibility for use

You are responsible for all activity that occurs through your user account, unless it can be documented that unauthorized persons have gained access without your knowledge and despite adequate security measures. Use of the service for illegal purposes, intrusion into other people’s systems or manipulation of data is prohibited and may result in a police report and liability.

• Account closure

You can close your account at any time via the app or by contacting customer service. Upon termination, data is deleted or anonymized in accordance with our privacy policy. We reserve the right to deactivate or delete accounts that violate the Terms, are used for abuse, or have been inactive for more than 24 months.

Section 3: Use of the Service, Limitations, and Prohibited Uses

1. Service Usage

Namron Simplify is offered as a digital platform for private and professional use in smart home control. You have the right to use the service to monitor, control and automate functions in your own home or other legal location you have access to. All use shall be in accordance with applicable law, good practice and these Terms.

• Technical use and equipment dependency

In order for the service to work as intended, it is required that you use compatible equipment, a valid Simplify Hub, and that the devices are correctly installed and configured. It is also assumed that you have access to stable internet and use the service on a supported operating system. We are not responsible for malfunctions caused by the user’s equipment, lack of maintenance, or use contrary to recommended practices.

• Limited License

You are granted a limited, non-exclusive, and non-transferable right to use the Service for your own purposes. The license is only valid for use in accordance with these terms and conditions, and does not grant the right to copy, reverse engineer, resale, redistribution or commercial exploitation without the explicit written consent of Elektroimportøren AS.

• Prohibited Uses

You are expressly prohibited from using the Service to:

• Intrusion into, tampering with, or unlawfully monitoring another’s systems
  • Attempting to decrypt, circumvent, or compromise the security of the Service
  • Violating privacy laws, including covert surveillance of others without consent
  • Illegal, abusive or discriminatory activity
  • Mass deployment of automated commands that can compromise system integrity
  • Distribution of malicious code, viruses, scripts, or other destructive software
  • Commercial operations on behalf of third parties without a contract
• Monitoring and sanctions

We reserve the right to monitor system activity where necessary to protect system stability, prevent abuse, or comply with legal requirements. In the event of a breach of these Terms, we may close or suspend your account, restrict access, refuse further use, and, in the event of serious or repeated breaches, report the matter to the relevant authorities.

• User responsibility

You acknowledge that all use is at your own risk. You shall ensure that the devices you install, including lighting, heating, and motorized elements, are properly connected and meet national safety requirements. You are responsible for monitoring and maintaining physical installations that are controlled via the app.

Part 4: Software, Updates, and Third-Party Content

1. Ownership and intellectual property rights

All software, code, design, database content, user interfaces and other technical components included in Namron Simplify are the property of Elektroimportøren AS or its licensors. This also includes updates, add-ons, and future expansions. Nothing in these Terms shall be construed as conferring any intellectual property rights on the User.

• Right of Use and Restrictions

The User is granted a personal, limited, non-exclusive and revocable right to use the Software and Service in accordance with these Terms. The right of use does not include the right to copy, modify, distribute, sell, rent, or otherwise commercially exploit the software, either in whole or in part. It is also forbidden to carry out so-called reverse engineering, decompilation or attempts to circumvent technical protection mechanisms.

• Updates and further development

Elektroimportøren AS reserves the right to carry out technical, functional and security updates of the software without special prior notice, if this is necessary for operation, maintenance, correction of errors or compliance with regulations. Major functional changes that affect the user experience or the processing of personal data will be notified separately and may require new consent.

• Automatic and manual updates

Updates can be distributed automatically through app stores (App Store, Google Play), or via background updates on Simplify Hub. Some updates may require

manual activation of the user, for example in case of changes in entity setup, new integrations or customizations of automation rules.

• Use of Third-Party Content

Namron Simplify may display, retrieve or convey content provided by third parties, such as electricity prices, weather data, integrations or software components from certified suppliers. Elektroimportøren AS is not responsible for the accuracy, availability or quality of content delivered outside our control, but will only use integrations from players with satisfactory security and privacy standards.

• Open-source and third-party libraries

The service may use components that are distributed under open-source licenses (e.g., MIT, Apache, or GPL). Where such components are included, the terms and conditions of these will apply to the respective modules and clear documentation will be provided in accordance with licensing requirements. The use of such components does not limit any other rights or liabilities related to the Service.

• Availability and compatibility

We strive for high availability, but cannot guarantee that the service will be available at all times, on all devices or under all network conditions. We reserve the right to change operating system, device type, and network connectivity requirements, as well as to discontinue support for older versions upon reasonable notice.

Section 5: Limitation of Liability, Warranties and Force Majeure

1. No guarantee of continuous availability

Namron Simplify is offered as a modern, stable and continuously improved service. However, there may be planned maintenance, technical challenges, service interruptions or unforeseen events that temporarily affect the availability or functionality of the service. Elektroimportøren AS therefore does not provide any guarantee for uninterrupted, error-free or available operation of the service.

• Limitation of liability for direct and indirect losses

To the extent permitted by applicable law, Elektroimportøren AS disclaims any liability for direct or indirect financial loss, loss of data, lost profits, lost savings, interruption of operation, consequential damage or other unintended consequences arising from the use or non-use of the service. This applies regardless of whether the loss is due to system failure, human error, network issues, software failures, or third-party integrations.

• User’s responsibility for correct use

You are responsible for how the service is used in your home or business. This includes, among other things, proper installation, electrical safety, configuring automations and selecting devices. We do not accept responsibility for damage or accidents resulting from improper use, inadequate installation or combination with non-compatible equipment.

• Third-party content and integrations

The Service may include links to third-party services that we do not directly control. Elektroimportøren AS is not responsible for the information, functionality, data quality or availability provided by such external parties, unless this has been expressly agreed.

• Warranties and Disclaimers

The Service is provided on an “as is” and “as available” basis. Unless explicitly stated otherwise, no warranties, express or implied, are given with the

consideration of the Service’s suitability for specific purposes, performance over time, or specific results of use. Any product warranties related to physical components are governed by separate terms and conditions of purchase.

• Force majeure

Elektroimportøren AS is not responsible for non-fulfilment of obligations if this is due to circumstances beyond our control, including – but not limited to – natural disasters, fire, power outages, war, rebellion, pandemic, serious technological failures, hacker attacks, strikes, public regulation, supply failures or similar extraordinary events (“force majeure”). In such cases, we shall do our best to restore the service as quickly as possible.

• Liability in the event of default

In the event of material breach of these Terms, we reserve the right to terminate access to the Service with immediate effect. This can happen if the user has violated the rights of a third party, misused the service, or otherwise poses a security risk to the system or other users.

Section 6: Agreement Duration, Termination and Termination of Service

1. Duration of the agreement

These Terms are effective from the time you use Namron Simplify and apply for as long as you have an active user account or otherwise use the Service. The Agreement will continue until terminated by either party, in accordance with the provisions below.

• Termination by the user

You may terminate the Agreement and terminate your use of the Service at any time. This is done either through settings in the app, or by contacting customer service. Upon termination, the account will be deactivated, and all associated personal and device data will be deleted or anonymized in accordance with the Privacy Policy.

• Termination from Elektroimportøren AS

We reserve the right to terminate or suspend access to the Service with reasonable notice if:

• The service will be permanently shut down
  • There are safety or operational considerations
  • User materially breaches these Terms
  • It is required by legislation or public authority

In the event of gross breach, abuse or risk of damage to the system or third parties, we may close the account immediately and without prior notice.

• Consequences of dismissal

Upon termination, you will lose access to the app, system setup, device history, and any automations. You will not be able to retrieve data after the account is deleted. We therefore recommend that you extract any log data or reports before closing if you want to keep this for documentation purposes.

• Revocation of consent

If you withdraw your consent to our processing of personal data that is necessary to provide the service, this will be considered as termination of the agreement, as we then no longer have a legal basis for maintaining the user account or providing the service to you.

• Decommissioning and final deletion

Upon termination of the account, we will delete all personally identifiable data as described in our Privacy Policy. Some system data can be anonymised and used for statistics and improvements, without this being linked to you as an individual.

VI.  FINAL PROVISIONS

Applicable law, dispute resolution and points of contact

1. Applicable law

These terms and conditions and any dispute that may arise in connection with the use of Namron Simplify shall be governed by and construed in accordance with Norwegian law, regardless of where the user is located geographically. Any references to international standards, laws or regulations apply only to the extent that they are incorporated into or recognized by Norwegian law.

• Jurisdiction and dispute resolution

Disputes that arise between the User and Elektroimportøren AS in connection with the interpretation or application of these Terms and Conditions, and which are not resolved through dialogue or conciliation, shall be brought before the ordinary courts with Oslo District Court as the legal venue. Consumers resident in Norway can, if they wish, use their local court in accordance with consumer law rules.

• Invalid provisions

Should any provision of these Terms be found to be invalid, illegal or unenforceable, this shall not affect the validity of the remaining provisions. The invalid provision shall then be replaced by a rule which, as far as possible, achieves the same legal effect as the original.

• Transfer of the agreement

The user may not assign his/her rights or obligations under these terms and conditions without the prior written consent of Elektroimportøren AS. However, we reserve the right to transfer the Agreement to another company within the same group, or in connection with a business transfer, merger or acquisition, provided that the User’s rights remain unchanged.

• Contact points

All inquiries related to these Terms, the Privacy Policy or the Service in general, can be directed to:

Elektroimportøren AS

Nedre Kalbakkvei 88B, 1081 Oslo E-mail: post@elektroimportoren.no Phone: 22 81 27 70

Website: www.elektroimportoren.no

Questions related to privacy can also be directed to:

E-mail: personopplysninger@elektroimportoren.no