Privacy notice

Privacy notice for Nor-Maali oy customer and supplier register

Updated 25.1.2019

1. CONTROLLER AND CONTACT INFORMATION IN REGISTER MATTERS

Nor-Maali Oy (Business ID 2777254-5)
Vanhatie 20, 15240 Lahti
tietosuoja@nor-maali.fi

2. WHAT IS THE PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA

We store Nor-Maali Oy’s customer and supplier information in the register. The processing of personal data is based on an agreement or legitimate interest of Nor-Maali Oy (e.g. direct marketing). The purposes of processing the data are:

  • managing and maintaining the customer relationship between Nor-Maali Oy and the customer/supplier and the development, analysis and statistics of the customer relationships
  • communication with the customers and direct marketing
  • organizing sales and marketing events
  • planning and developing business and services.

3. WHAT DATA WE PROCESS AND WHERE DO WE COLLECT THE DATA?

We process following information on the decision makers and contact persons of our client and supplier companies (incl. newsletter subscribers, persons who have requested a quote or submitted a contact request, and participants of events):

  • name, title, company, postal address, e-mail address, phone number
  • client history (e.g. participation in the events)
  • direct marketing permissions and prohibitions.

The register contains following data on the potential customer companies´ decision makers and contact persons:

  • Name, company, postal address, e-mail address, phone number
  • Information about the data subject’s duties and position in business life or a public office
  • Direct marketing permissions and prohibitions.

Data is primarily collected from you by phone, in meetings, or by other equivalent means. Data is also collected in connection with the conclusion of the client or collaboration agreement and otherwise obtained during client/collaboration relationship. Personal data may also be collected and updated from public and private registers.

4. TO WHOM WE DISCLOSE OR TRANSFER DATA, AND DO WE TRANSFER DATA OUTSIDE THE EU OR EEA?

Unless you prohibit the disclosure of your data, we may disclose data i.e. to selected collaboration partners within the limits of the legislation for providing the service.

We use services of external service providers for, e.g., maintaining newsletter mailing lists and client and collaboration partner information and for processing information of persons participating in events. In accordance with the data protection agreement, each service provider can only process personal data to the extent that is necessary for the provision of the service in question.

Personal data is not transferred to countries outside the EU or EEA.

5. HOW DO WE PROTECT THE DATA AND HOW LONG WE STORE DATA?

Only those persons who have the right to process personal data, are entitled to use the systems containing personal data. Each user has a personal username and password. The data is collected into databases, that are secured with appropriate virus protection and firewalls. The databases and their backups are in locked premises and can be accessed only by certain pre-designated persons.

We store personal data for as long as it is necessary due to the purpose of use (e.g. client/supplier relationship), or as long as the data subject request the erasure of the data. In this case we will store the data that legislation obligates us to store and the data about the erasure.

We take care of such reasonable measures which ensure that no incompatible, outdated or inaccurate personal data, taking into account the purpose of the processing, are stored in the register.

6. YOUR RIGHTS AS A DATA SUBJECT

The requests concerning data subject rights must be submitted using the contact details mentioned in section 1. As a data subject, you have the following rights:

Right to access, correct or delete your personal data

  • You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data.

Direct marketing prohibition and right to restrict the processing

  • You have the right to object or to demand restriction of the processing and prohibit the direct marketing

Right to lodge a complaint with the supervisory authority

  • You have the right to lodge a complaint with the supervisory authority concerned, especially in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable data protection regulation.