Privacy Policy

This Privacy Policy describes how Nordic Recovery ("Company", "we", "our", or "us") collects, processes, stores, and protects information in connection with our vehicle recovery services, vehicle intelligence systems, website, and related business operations.

The Company operates exclusively in a business-to-business ("B2B") environment and provides services only to approved commercial entities and professional partners.

We are committed to protecting data in accordance with applicable European data protection legislation, including the European Union General Data Protection Regulation ("GDPR").

This Privacy Policy applies to:

• our website and online systems;
• communication with Customers and partners;
• vehicle recovery and investigation services;
• vehicle-related technical and telematics data processing;
• business relationship management;
• security and compliance operations.

This Privacy Policy does not apply to third-party websites, services, or systems not controlled by the Company.

Depending on the nature of the services provided, we may process the following categories of information:

Business and Contact Information

• company name;
• contact persons;
• email addresses;
• telephone numbers;
• billing and contractual information.

Vehicle-Related Information

• Vehicle Identification Numbers (VIN);
• registration information;
• manufacturer-related identifiers;
• telematics or location-related information;
• recovery status information;
• technical diagnostic data.

Technical and System Information

• IP addresses;
• authentication logs;
• browser and device information;
• security and access logs;
• website usage data.

Communication Data

• correspondence;
• support requests;
• investigation-related communication;
• service records.

We do not intentionally collect unnecessary personal information and limit processing to information relevant for legitimate operational and security purposes.

We process information for the following purposes:

• providing vehicle recovery and intelligence services;
• verifying vehicle ownership or status;
• assisting theft investigations and fraud prevention;
• communicating with Customers and authorized partners;
• ensuring system security and operational integrity;
• complying with legal and contractual obligations;
• maintaining audit and compliance records;
• improving service quality and reliability.

Where applicable under GDPR, processing is based on one or more of the following legal grounds:

• legitimate business interests;
• performance of contractual obligations;
• compliance with legal obligations;
• protection against fraud, theft, or unauthorized use;
• consent, where specifically required.

Because our services operate primarily within professional and commercial contexts, processing is generally conducted on the basis of legitimate interest and contractual necessity.

The Company treats Customer and vehicle-related information as confidential.

We do not sell, publicly disclose, or commercially distribute submitted data.

Information may be shared only where necessary with:

• relevant vehicle manufacturers;
• authorized manufacturer security teams;
• approved recovery or investigation partners;
• infrastructure and hosting providers acting under confidentiality obligations;
• competent authorities where legally required.

Except where required by law, we do not voluntarily disclose Customer data to public authorities or unrelated third parties.

All third-party processing is subject to appropriate confidentiality and data protection safeguards.

Where information is transferred outside the European Economic Area ("EEA"), the Company will implement appropriate safeguards in accordance with applicable European data protection laws.

Such safeguards may include:

• adequacy decisions;
• Standard Contractual Clauses (SCCs);
• contractual and technical protection measures.

We retain information only for as long as necessary to:

• provide services;
• fulfill contractual obligations;
• comply with legal and regulatory requirements;
• resolve disputes;
• maintain security and audit records.

Retention periods may vary depending on the nature of the service, contractual requirements, and applicable law.

When information is no longer required, it will be securely deleted or anonymized where reasonably practicable.

The Company implements commercially reasonable technical and organizational measures designed to protect information against:

• unauthorized access;
• misuse;
• disclosure;
• alteration;
• destruction;
• loss.

Security measures may include:

• access controls;
• encryption;
• authentication systems;
• network monitoring;
• logging and audit systems;
• restricted personnel access.

Despite reasonable safeguards, no system can guarantee absolute security.

Where applicable under GDPR, individuals may have rights including:

• the right to access personal data;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to object to processing;
• the right to data portability;
• the right to lodge a complaint with a supervisory authority.

Because our services operate primarily in a B2B and security-sensitive environment, certain rights may be limited where exemptions apply under applicable law, including fraud prevention, security, or ongoing investigations.

Requests may be submitted using the contact information below.

Our website may use cookies or similar technologies for:

• security;
• authentication;
• system functionality;
• analytics;
• operational improvement.

Users may manage cookie preferences through browser settings where applicable.

Additional cookie-specific information may be provided separately on the website.

We may use third-party providers for infrastructure, hosting, analytics, communication, or security services.

Such providers process information only under appropriate contractual and confidentiality obligations.

The Company is not responsible for privacy practices of independent third-party services outside our control.

The Company may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

Updated versions become effective upon publication on the Company website.

Continued use of the services after updates constitutes acknowledgment of the revised Privacy Policy.

For privacy, legal, or data protection inquiries, please contact:

Nordic Recovery — a service by Snipp.net AS Email: to@snipp.net

Individuals located within the European Economic Area may also have the right to contact their local data protection authority regarding concerns about data processing activities.

For operations established in Norway, the relevant supervisory authority is the Norwegian Data Protection Authority (Datatilsynet) — www.datatilsynet.no.