Last updated: 18 December, 2025

Privacy & Cookies Policy

This privacy policy applies to the website epax.com (the “Website”), operated by EPAX (the “Company”). EPAX is the data controller responsible for the processing of personal data under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

If you have questions regarding this privacy policy or our processing of personal data, please contact us at contact@epax.com.

1. Purpose and Legal Basis for Processing

EPAX processes personal data primarily for the following purposes:

  • To respond to inquiries and provide customer or business support
  • To manage contact requests submitted through the Website
  • To send newsletters or other communications about EPAX, its products, or services (only where consent is required and has been provided)
  • To analyze website traffic and usage patterns in order to improve the Website’s functionality, content, and user experience (for example, through analytics tools such as Google Analytics 4)

The legal bases for processing personal data are:

  • Consent (Article 6(1)(a) GDPR), where required, such as for newsletters and certain cookies
  • Contractual necessity (Article 6(1)(b) GDPR), where processing is required to respond to requests or fulfill agreements
  • Legitimate interests (Article 6(1)(f) GDPR), such as improving and securing our Website, provided such interests are not overridden by your fundamental rights and freedoms

2. Disclosure of Personal Data to Third Parties

Personal data may be disclosed to third parties in accordance with applicable laws and regulations. This may include disclosure to:

  • Service providers and vendors who process personal data on our behalf (e.g., website hosting, analytics, or communication services)
  • Partners where disclosure is necessary to fulfill contractual obligations
  • Public authorities or regulators where disclosure is required by law

EPAX takes reasonable steps to ensure that all third parties process personal data in compliance with applicable data protection legislation. Where required, EPAX has entered into data processing agreements with such third parties.

3. Categories of Personal Data We Process

EPAX only processes personal data that is necessary for the relevant purpose. Depending on your interaction with the Website, this may include:

  • Name
  • Company name
  • Email address
  • Telephone number
  • Postal address
  • Any other information you choose to provide when contacting us

Providing personal data for marketing communications is voluntary. You may withdraw your consent at any time.

Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Data processed for marketing purposes will be deleted without undue delay once consent is withdrawn.

4. Your Rights as a Data Subject

As a data subject, you have the following rights under the GDPR:

  • The right to access your personal data
  • The right to request rectification or erasure of your personal data
  • The right to restrict or object to processing
  • The right to data portability, where applicable
  • The right to withdraw consent at any time, where processing is based on consent

To exercise your rights, please contact us at contact@epax.com.

If you believe that EPAX’s processing of your personal data does not comply with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, such as the Norwegian Data Protection Authority (Datatilsynet) or your local data protection authority.

5. Cookies

The Website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit a website.

We use cookies to:

  • Ensure the Website functions properly
  • Personalize content and improve user experience
  • Analyze traffic and usage patterns (e.g., via Google Analytics 4)
  • Manage consent preferences

Information about your use of the Website may be shared with analytics and technology partners, who may combine it with other information you have provided to them or that they have collected from your use of their services.

You can control or block cookies through your browser settings. Please note that restricting cookies may affect the functionality of the Website.

Where applicable, EPAX uses a consent management platform to manage cookie preferences. You can provide, withdraw, or modify your consent at any time through the cookie banner or settings available on the Website.

6. Security Measures

EPAX takes the security of personal data seriously. Appropriate technical and organizational measures have been implemented to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures are designed to ensure an appropriate level of security based on the nature of the data processed.

7. Website Hosting and Third-Party Services

The Website may be developed and hosted using third-party service providers (such as website hosting or content management platforms). In connection with the use of such providers, personal data may be processed on EPAX’s behalf and, in some cases, transferred outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, EPAX ensures that such transfers are made in accordance with applicable data protection laws, for example through adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

Further information about specific third-party providers and their data processing practices can be made available upon request.

8. Website Hosting and Third-Party Services

The Website is developed and hosted using Webflow, a service provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

Webflow is a Software as a Service (SaaS) platform that enables the creation of responsive websites using a browser-based visual editor. In connection with the use of Webflow, personal data may be processed on EPAX’s behalf.

Personal data processed via Webflow may be transferred to and processed in the United States. On 10 July 2023, the European Commission adopted an adequacy decision under Article 45(1) of the GDPR for the EU–U.S. Data Privacy Framework. Webflow is certified under this framework. As a result, personal data may be transferred to Webflow in the United States without additional transfer safeguards.

EPAX has entered into a Data Processing Agreement (DPA) with Webflow in accordance with Article 28 of the GDPR, including the use of the EU Standard Contractual Clauses where applicable. The legal basis for processing personal data in connection with Webflow is Article 6(1)(f) GDPR (legitimate interests).

For more information about how Webflow processes personal data, please refer to Webflow’s privacy policy.

9. Forms

When you use contact or inquiry forms on the Website, the personal data you provide is processed solely for the purpose of responding to your request.

Form submissions are handled securely through the Webflow platform. EPAX and Webflow process this data in accordance with the applicable Data Processing Agreement and relevant data protection laws. Personal data submitted through forms is not used for marketing purposes unless explicitly stated and consent has been obtained.

10. Changes to This Privacy Policy

EPAX may update this privacy policy from time to time to reflect changes in our data processing practices or to comply with legal requirements. Any updates will be published on this page, and the revision date will be updated accordingly.