Privacy notice

Privacy notice for Nor-Maali companies’ customers and co-operation partners and their representatives’ personal data

Updated 01.06.2022

The purpose of this notice is to give you information regarding how we Nor-Maali companies collect and process personal data related to customers’, potential customers’, subcontractors’ and other business partners’ representatives with whom we have a business relationship or aim to develop one.

1. Joint controllers

Nor-Maali Oy (3257285-5)
Nor-Maali Group Oy (2735929-1)
Nor-Maali Holding Oy (0949496-7)
(“Nor-Maali companies”)

2. Contact information in register matters

Nor-Maali Oy, Vanhatie 20, 15240 Lahti

3. What is the purpose and basis for processing personal data

We collect and process personal data of our business customers’, leads’ and co-operation partners’ contact persons or decision makers. The processing of personal data is based on an agreement or legitimate interest of Nor-Maali companies (e.g. direct marketing, fraud prevention, debt collection).

The purposes of processing the data are:

  • Managing and maintaining the relationship between Nor-Maali companies and customers and co-operation partners; the development, analysis and statistics of the customer and co-operation relationships
  • Communication with the customers and direct marketing
  • Organizing sales and marketing events
  • Planning and developing business and services
  • Detecting and preventing fraud or misuse.

Nor-Maali Oy maintains a centralized register related to customers’ personal data for the Nor-Maali companies for the purposes of administration, as well as planning and developing of the companies’ business activities.

4. What data we process and where do we collect the data?

We process following information on the decision makers and contact persons of our customer, supplier and co-operation companies (incl. newsletter subscribers, persons who have requested a quote or submitted a contact request, and participants of events):

  • Name, title, company, postal address, e-mail address, phone number
  • Customer history (e.g. participation in the events)
  • Direct marketing permissions and prohibitions
  • Marketing activities, their use and the information provided in connection with them, e.g. subscribing to a newsletter.

The register contains following data on the potential customer companies´ decision makers and contact persons:

  • Name, company, postal address, e-mail address, phone number
  • Information about the data subject’s duties and position in business life or a public office
  • Direct marketing permissions and prohibitions.

Data is primarily collected from you by phone, in meetings, or by other equivalent means. Data is also collected in connection with the conclusion of the customer or collaboration agreement and otherwise obtained during customer or collaboration relationship. Personal data may also be collected and updated from public and private registers.

5. To whom we disclose or transfer data, and do we transfer data outside the EU or EEA?

Unless you prohibit the disclosure of your data, we may disclose data i.e. to selected collaboration partners within the limits of the legislation for providing the service.

We use services of external service providers for, e.g., maintaining newsletter mailing lists and client and collaboration partner information and for processing information of persons participating in events. In accordance with the data protection agreement, each service provider can only process personal data to the extent that is necessary for the provision of the service in question.

Personal data is not transferred to countries outside the EU or EEA.

Each Nor-Maali company processes personal data only to the extent necessary for the co-operation or customer relationship of the company in question.

6. How do we protect the data and how long we store data?

Only those persons who have the right to process personal data, are entitled to use the systems containing personal data. Each user has a personal username and password. The data is collected into databases, that are secured with appropriate virus protection and firewalls. The databases and their backups are in locked premises and can be accessed only by certain pre-designated persons.

We store personal data for as long as it is necessary due to the purpose of use (e.g. client/supplier relationship), or as long as the data subject request the erasure of the data. In this case we will store the data that legislation obligates us to store and the data about the erasure.

We take care of such reasonable measures which ensure that no incompatible, outdated or inaccurate personal data, taking into account the purpose of the processing, are stored in the register.

7. Your rights as a data subject

The requests concerning data subject rights must be submitted using the contact details mentioned in section 2. As a data subject, you have the following rights:

  • Right to access, correct or delete your personal data
    • You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data.
  • Direct marketing prohibition and right to restrict the processing
    • You have the right to object or to demand restriction of the processing and prohibit the direct marketing
  • Right to lodge a complaint with the supervisory authority
    • You have the right to lodge a complaint with the supervisory authority concerned, especially in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable data protection regulation.