Privacy and Cookie Policy

1. General 

Sharebox AS (“Sharebox”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data. This Privacy and Cookie Policy explains how we collect, use, store, share, and protect personal data, and which rights you have under applicable data protection laws.

This policy applies to users, customers, partners, and website visitors worldwide, with a primary focus on individuals located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions where the General Data Protection Regulation (GDPR) or similar data protection laws apply.

Where local data protection laws outside the EEA provide additional rights or impose additional obligations, Sharebox will comply with such requirements where applicable.

Our Commitment:

Sharebox AS is committed to processing personal data in accordance with its responsibilities under the GDPR and applicable Norwegian laws and regulations. Article 5 of the GDPR requires that personal data shall be:

1. processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation”);
3. adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (“accuracy”);
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as it is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate technical and organizational measures required to safeguard the rights and freedoms of the data subject (“storage limitation”);
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”). 

Sharebox may work with third countries outside the EU/EEA, where laws and regulations may differ. In such cases, appropriate safeguards are applied in accordance with applicable data protection law. Sharebox does not rent or sell personal data and shares personal data only where necessary and permitted under applicable data protection legislation.

2. Data Controller

Sharebox AS is the data controller for the processing of personal data described in this policy. As data controller, Sharebox determines the purposes and means of the processing in accordance with applicable data protection legislation, including the GDPR.

3. Personal Data We Collect

We collect only personal data that is necessary to provide our services, comply with legal obligations, or that you voluntarily provide to us.

The categories of personal data we may collect include:

• Name and email address (mandatory for account creation or communication)
• Postal address and telephone number
• Purchase and transaction information
• Customer relationship data, including order details, billing history, and customer support communications
• Technical data, such as IP address, device information, and usage data, where required for security, functionality, or legal compliance

Payment transactions are handled by third-party payment service providers. Sharebox does not store full payment card details. Such providers act as independent data controllers for their processing activities and process personal data in accordance with their own privacy policies.

4. Legal Basis and Purpose of Processing

Personal data is processed only where there is a valid legal basis under applicable data protection law. Depending on the context, processing is based on one or more of the following grounds:

• Performance of a contract or steps taken before entering into a contract
• Compliance with a legal obligation
• Legitimate interests pursued by Sharebox, provided such interests are not overridden by your fundamental rights and freedoms
• Your consent, where required

We use personal data to:

• Provide, operate, secure, and maintain our services
• Process transactions and manage contractual relationships
• Communicate with users and provide customer support
• Improve, develop, and safeguard our products and services
• Fulfill legal, regulatory, and audit requirements

5. Sharing of Personal Data

Personal data may be shared with trusted third parties where necessary to provide our services or comply with legal obligations, including IT and cloud providers, logistics partners, payment and financial service providers, and professional advisors. All such parties are subject to contractual confidentiality and data protection obligations. Personal data is not sold or shared for marketing purposes and is disclosed only where required or permitted by applicable law.

6. International Data Transfers

Personal data is primarily stored and processed within the EU/EEA. Where personal data is transferred outside the EU/EEA, Sharebox ensures that appropriate safeguards are in place, including adequacy decisions adopted by the European Commission, EU Standard Contractual Clauses, or other lawful transfer mechanisms permitted under applicable data protection law. These safeguards ensure a level of protection equivalent to that required under the GDPR.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting obligations. When personal data is no longer required, it is securely deleted or anonymized in accordance with Sharebox’s internal data retention procedures.

8. Your Rights

If you are located in the EEA, the UK, or another jurisdiction with similar data protection laws, you may have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure of personal data
• Restrict or object to processing
• Request data portability
• Withdraw consent, where processing is based on consent

You also have the right to lodge a complaint with a competent supervisory authority, in the EEA country of your habitual residence, place of work, or place of the alleged infringement.

Requests relating to your rights may be submitted as described in Section 11.

9. Cookies

Sharebox uses cookies to ensure proper website functionality, improve user experience, and maintain security.

We use:

• Strictly necessary cookies, required for core functionality
• Functional cookies, which remember user preferences
• First-party cookies, set directly by Sharebox

We do not use third-party marketing or advertising cookies.

A cookie consent banner is displayed upon first visit, allowing users to accept or decline non- essential cookies. Cookie preferences can also be managed through browser settings.

10. Changes to This Policy

This Privacy and Cookie Policy is reviewed periodically and updated when necessary to reflect changes in legal requirements, technology, or our processing activities.

The most recent version is always available on the Sharebox website.

11. Contact

If you have questions, requests, or concerns regarding this policy or the processing of personal data, please contact:

Data Protection Officer

Email: dpo@sharebox.global