Purpose of this Privacy Statement
NordCheck Oy and its employees, partners, and affiliates (“NordCheck”) are committed to protecting your privacy and personal data.
Under the General Data Protection Regulation, the controller is obligated to provide transparent information for data subjects. This notice fulfils the obligation to provide information.
In this Privacy Statement we present the rights granted by the European Union data protection laws.
NordCheck is the data controller of the respective data subject’s personal data. In all data protection related matters, data subjects may contact NordCheck by using the following contact information:
Tekniikantie 12, Innopoli 1
The purpose of personal data processing
Processing of the personal data is necessary for the performance of sales contracts to which the customer company is a party. Further, processing of personal data is necessary for the legitimate interests pursued by NordCheck relating to its regular business purposes. When required by applicable laws, NordCheck will request data subject’s consent for personal data processing.
Processors of personal data
The personal data are processed by the controller and its employees. We shall also have the right to partly outsource the processing of personal data to a third party, in which case we shall use contractual arrangements to guarantee that the processing of personal data complies with the valid data protection legislation and is also otherwise appropriate.
Personal data stored in the filing system
Customary to contemporary due business practices, NordCheck uses its platforms and related databases to manage and track our sales and marketing activities. NordCheck databases include personal data of our customers’, potential customers’ and other companies’ representatives with whom NordCheck has a business relationship or wants to develop one.
NordCheck databases may also include personal data of NordCheck’s customers’ or business partners’ customers or end-users who contact NordCheck relating to systems under NordCheck maintenance as well as personal data related to external stakeholders NordCheck is interested to contact and provide with general information of NordCheck and its business (e.g. media representatives, economic influencers).
Following information is collected and processed in connection with Customer Information Management platform:
· mobile phone number
· fixed phone
· Possible other information relevant for the business relationshipand services, opportunities and organization
Such personal information is later in this privacy statement referred to as “personal data” and the individuals, whose personal data is processed, are referred to as “data subjects”.
The Purposes and Legal Grounds of the Processing
The purpose why NordCheck processes personal data is to facilitate NordCheck’s business, support sales activities, assessments, projects, service deliveries, maintenance services and invoicing, contacting customers for contract management and marketing purposes and otherwise maintaining the customer relationship. NordCheck may also use personal data to handle incidents and claims as well as provide assistance as requested by customer.
Processing of the personal data is necessary for the performance of sales contracts to which the customer company is a party. Further, processing of personal data is necessary for the legitimate interests pursued by NordCheck relating to its regular business purposes.
Source(s) of Personal Data and Retention Period
The personal data has been received from the customers or obtained in connection with their use of NordCheck’s products and services. Personal data may also originate from NordCheck’s representatives based on their business interactions with the data subjects. In certain cases NordCheck may collect personal data from public registers and other reliable external sources.
The personal data will be stored as long as needed for the above said purposes. After that, the personal data will be effectively deleted or made anonymous.
NordCheck Webpages and Internet Services
This section provides you with general information on the processing of your personal data related to this website and the other internet services of NordCheck (the “Site”).
Please read this Privacy Statement carefully if you plan to brows or otherwise use the Site. If you do not agree with this Privacy Statement, you must leave the Site.
3.1. Collected Personal Data
Generally, you can visit the Site without entering any personal data. When visiting the Site, certain technical and other information is automatically sent by your computer to us (i.e. IP address, the type of your browser and the source of your visit).
We also collect information about your website usage information by using cookies. Please see the Cookies section of this Privacy Statement for further information.
3.2. The Purposes and Legal Grounds of the Processing
The purpose of NordCheck’s processing of personal data collected through the Site is to
· ensure an efficient and secure use of the Site;
· develop the Site for a better quality and broader scope of services;
· provide customized services and content recognizing your specific needs and interests, including surveys and questionaries that can result in defining customer specific (compliance) status information and customer profiles;
· improve our services to you;
· contact you;
· conduct research and collect statistics (e.g. what sections of our Site the users visit and how much time they spend on the Site).
The legal grounds for data processing are NordCheck’s legitimate interests relating to the abovementioned purposes. When required by applicable laws, NordCheck will request data subject’s consent for personal data processing.
3.3. Source(s) of Personal Data
The personal data is received directly from the data subject or obtained in connection with their use of the Site.
From time to time NordCheck may place information, commonly known as “cookies”, on your computer or mobile device to allow us to identify you, provided that you have consented to the placing of cookies on your computer or device for example by opt-in function or by way of changing the browser settings. Cookies give NordCheck information on how and when you have used the Site and help NordCheckt o improve the Site for a better service. If you do not wish to receive cookies, you may disable them.
The Site may use Google AdWords Remarketing to display advertisements based on your recent visit on the Site (“Remarketing”). The information regarding the visits is collected by placing a third-party cookie on your computer. You may opt-out from Remarketing related to use of the Site by disabling cookies.
3.6. Website Analytics
NordCheck uses website analytics, such as Google Analytics, to gather statistics about the users of the Site with the aim to improve the contents of the Site. Presentations enabled by Seidat, provides means to collect statistical data of reviewing presentations. Normally this data is anonymous, however, if you have identified yourself when downloading content from the website, logged into NordCheck online service or entered the website through a link in an e-mail, we may be able to identify the analytics data collected about your use of the Site.
You may use the opt-out functions of NordCheck cookie setting tool to disable NordCheck from tracking your visits to the Site. To opt-out from Google Analytics, you may download Google Analytics Opt-out Browser Add-on.
3.7. Social Media
NordCheck uses actively LinkedIn, Instagram and Facebook for marketing, sales and other relevant business purposes enabled by social media means. NordCheck integrates Social Media platforms to it websites enabling additional services, related statistical tools and content. NordCheck may store business relevant inquiries and information its customer information management platforms.
The rights of the data subject
The data subject has the following rights. Any requests concerning the use of the rights specified in this section must be submitted to firstname.lastname@example.org
Right of access
The data subject shall have the right to confirm which of his or her data we have stored.
Right to rectification
The data subject shall have the right to obtain the rectification of inaccurate or inadequate personal data concerning him or her.
Right to object
The data subject shall have the right to object to processing of personal data if he or she feels that the personal data have been unlawfully processed.
Direct marketing prohibition
The data subject shall have the right to object at any time to processing of personal data for direct marketing purposes.
Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her if the processing of personal data is no longer necessary. We will process your request for the erasure of your personal data and subsequently either erase your data or demonstrate legitimate grounds for the inability to erase the data.
It must be noted that the controller may have statutory or other compelling grounds not to erase the data concerned. The controller is obligated to store accounting materials for a period (10 years) determined under the Accounting Act (chapter 2, section 10). As a result, materials related to accounting may not be erased before the expiry of this period.
Withdrawal of consent
The data subject shall have the right to withdraw his or her consent if the processing of personal data concerning him or her is solely based on consent instead of, e.g., a customer relationship or membership.
The data subject may appeal a decision with the Data Protection Ombudsman
The data subject shall have the right to demand that the controller restricts the use of controversial data until the case has been solved.
Right of appeal
The data subject shall have the right to appeal to the Data Protection Ombudsman if he or she feels that we are infringing on the valid data protection legislation in the processing of his or her personal data.
The Data Protection Ombudsman’s contact information: www.tietosuoja.fi/fi/index/yhteystiedot.html
Transfers of Personal Data
NordCheck will not transfer any personal data outside the company or its partners, affiliates, subsidiaries and subcontractors.
NordCheck may provide aggregate statistics about its customers, sales, traffic patterns, and other related Site information to reputable third parties, but these statistics will include no personal data.
NordCheck’s Supplier and Subcontractor Data
NordCheck and its employees, partners, subsidiaries and affiliates use solutions and database technology to manage the contact data of NordCheck partner’s, suppliers’ and subcontractors’ representatives.
Transfer of data outside the European Union
The data shall be regularly transferred outside the European Union or European Economic Area. In transferring the data outside the European Union or European Economic Area, we shall ensure the adequate protection of the personal data through relevant measures, including agreeing on the issues related to the confidentiality and processing of personal data as legally required.
Due to the technical and practical requirements some of the personal data may be processed by subcontractors located outside the European Union or European Economic Area or at the subcontractors’ servers outside the European Union or European Economic Area. However, such subcontractors have agreed tocomply withtheappropriatedata processing standards.
Updates to the Privacy Statement
NordCheck develops the Site, presentation formats, social media alignment, its business as well as its data protection related processes and tools continuously and reserves the right to amend this Privacy Statement. NordCheck hopes that you review this Privacy Statement from time to time for any amendments. To the extent required by applicable privacy laws, NordCheck may contact you also through other interfaces or by using the collected contact information to provide information about updates that have material effects to you as a data subject.