1. Introduction
This Privacy and Security Notice explains how we handle the collection, processing, use, and
disclosure of your (personal) data*. In this notice you and your refer to the person that personal data relates to, being our customer or any representative of our customer, or being a visitor to our website.

* Personal data means any information relating to an identified or identifiable natural person.

At Viking, the fundamental principles related to personal data are followed are:

• We are thoughtful about the (personal) information we ask you to provide and the (personal) information that we collect about you;
• We store (personal) information for only as long as we have a legal basis to keep it;

• We aim to make it as simple as possible for you to control the (personal) information wecollect,
process and disclose of you; and.
• We aim to be fully transparent on how we collect, use, and share your personal information.

2. Responsible for the data processing
Responsible for the processing of personal data on this website is

Viking Office Europe B.V.
Columbusweg 33

5928 LA Venlo

The Netherlands

3. The information we collect
Viking collects (personal) information when you register with us or place an order. We also collect
(personal) information e.g. when you voluntarily complete customer surveys, provide feedback, participate in competitions from our site(s) and when you may be requested to provide some or all of the following information:

• Your name;

• Your E-mail address;

• Your mailing/postal address;

• Your delivery address;

• Your telephone number; and

• Your contact details.

We may also collect certain non-personal information including:

• The type of browser you are using;
• The type of operating system; and

• The domain name of your Internet service provider.

4. Our legal basis for processing your personal information
Whenever we process your personal information we have a legal basis for what we do. The different
legal bases we rely on are:

• Consent: You have told us you are happy for us to process your personal information for a specific purpose;
• Legitimate interests:
The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
• Performance of a contract:
We must process your personal information in order to be able to provide you with one of our products or services;
• Prevention of fraud:
Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
• Public information:
Where we process personal information which you have already made public;
• Legal claims:
The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
• Legal obligation:
We are required to process your personal information by law.

5. How we use the information
The (personal) data collected about you will be processed, used and stored and used only for the
indicated purpose(s), including to:

• Personalization of the website;
• Analyse trends; and

• Improve of site design and security.

6. How we protect your (personal) data
We are dedicated to protect your (personal) data and the systems it is held in. We have defined and
implemented adequate technical and organisational measures against any unauthorised access, unlawful use, accidental loss, corruption or destruction. This way, we are confident that your (personal) data will be processed on a strictly ‘need to know basis’, when and where appropriate and necessary.

As we are fully aware threats evolve and diversify and we wish to sustain your trust throughout the years, we regularly review and update our security measures and infrastructure, with a view to mitigate operational risks and maintain our security programs up to the latest industry-accepted standards and best practices.

7. International transfers of your (personal) data
Please be informed that we might transfer and process any (personal) data you provide to us to
countries other than your country of residence. The laws of these countries may not afford the same level of protection to your (personal) data. We will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer. More in particular for data transferred from the EU to countries outside the EU, we will use agreements based on EU Model Clauses.

8. Security
We will take reasonable steps to ensure that your (personal) data are properly secured using
appropriate technical, physical, and organizational measures, so that they are protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss. Your (personal) data will be retained for as long as required for the above purposes or in so far as such is necessary for compliance with statutory obligations and for solving any disputes.

9. Data retention
We retain your (personal) data for as long as required to perform the purpose for which they were
collected and used (for example, for the time necessary for us to send you the newsletters you subscribed to, to provide you with customer service, answer queries, etc.), unless a longer period is necessary for our legal obligations or to defend a legal or financial claim.

10. Your rights
You have a number of rights under data protection legislation which, in certain circumstances, you
may be able to exercise in relation to the personal information we process about you;

These include:

• the right to access a copy of the personal information we hold about you;

• the right to correction of inaccurate personal information we hold about you;

• the right to restrict our use of your personal information;

• the right to be forgotten;

• the right of data portability; and

• the right to object to our use of your personal information.

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.

The following link will take you to the subject access request form if you would like to exercise one of your rights as set out above. https://sar.vikingoffice.eu

11. Cookies and similar technologies
What are Cookies?

A cookie is a piece of data, a text file with anonymous information that includes a unique user
identification and website name. Tracking technologies such as cookies, beacons, tags and scripts may be used for analysing trends. For further information please be referred to the Cookie Notice. Cookie Notice

Analytics
When you visit Viking, we use a third-party service, Google Analytics, to collect standard internet
log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

12. Other websites
This Security and Privacy Notice only applies to this website. Our websites contain links to other
websites. Please note that Viking is not responsible and assumes no liability for the content of external websites even if links refer to them.

13. Complaints
If Data Subjects have a concern or intend to complain to Viking about how their Personal Data has
been processed or appeal against any decision, they can reach out to the Data Protection Office or lodge a complaint with a supervisory authority.

14. How to contact us
You can contact our Data Protection Officer via:

email:
dpo@vikingoffice.eu

or write to us at:

DPO

VikingColumbusweg 33
5928LA Venlo

Netherlands.

This document is amended from time to time.
Venlo, 28 February 2024.