File description pursuant to Section 10 of the Personal Data Act (523/1999) Customer, supplier and interest group register of Nordic Label Oy.
1 Data Controller
Nordic Label Oy (Business ID 2768845-8) Sirrikuja 2, 00940 Helsinki
2 Person responsible for data-related matters
Marko Rantala, e-mail: firstname.lastname@example.org
3 Register name
Customer, supplier and interest group register of Nordic Label (location: management system registers)
4 Purpose and justification for processing personal data
The personal data of the data subject is processed for maintaining and developing client, supplier and other interest group relations, analysis, statistics and general development of operations based on customer and supplier relations and other appropriate connections, such as partnership.
5 Register data content
The following data of the data subject may be processed: Basic information, including name and contact information, job title, employing company name, contact information and business ID, and other necessary contact information. Data related to service and product procurement and payments, notes and other information provided by the data subject. Data processing-related data, including entry date and data source, and other data related to customer and supplier relations and other appropriate connections, as well as data related to contractual relationships.
6 Personal data retention period
The data controller will retain the personal data in the customer, supplier and interest group register until interaction between the data subject and Nordic Label Oy is considered to have ended. The retention time is determined to be 6 years from the last contact by the data subject. Some of the data may be retained for longer for regulatory reasons.
7 Data sources
Contact and customer data are provided during contact requests, order placement, quote requests and customer registration. Data submitted by the partners of Nordic Label Oy may also be entered into the register.
8 Data disclosure and transfer outside the EU or the EEA
The data controller may disclose personal data stored in the register as permitted or required by relevant legislation. The data controller may transfer personal data, for example, when outsourcing personal data processing to an accounting company or marketing and invoicing companies, who in such case will process the personal data on behalf of the data controller without the right to process such data independently. Due to the technical reasons, some of the data may be physically located on the servers and equipment of an external service provider, in which case the data is processed remotely. The personal data will not be transferred outside the EU or EEA, unless it is necessary for the technical implementation of the service. In such case the data controller will ensure sufficient data protection as required by relevant data protection legislation.
9 Register protection
Personal data is stored in databases protected with firewalls, passwords and data security software. Databases and their backups are located in secure facilities and only designated persons have access to the data with a user name and password. Access rights and credentials to the register are granted and managed by a designated responsible person. The network and the equipment where the register is stored is protected with firewalls and the data security software of Windows 10 and F-secure.
10 Data subject’s rights
The data subject has the right under certain conditions to refuse the processing of their personal data by the data controller insofar as the justification for the processing is a customer, supplier or other interest group relationship between the data subject and the data controller. The data subject must indicate the justification for refusing the processing of their personal data. The data controller may deny such requests as permitted under law. The data subject has the right to know what personal data of them has been stored in the customer, supplier and interest group register. The data subject has the right to demand the rectification, removal or supplementation of inaccurate, unnecessary, inadequate or obsolete personal data. The data subject may wield any of the aforementioned rights by submitting a written and signed request to the data controller with the contact information indicated in Section 1. Cookies
We use third-party analytics software on our website that involve storing monitoring cookies on the user’s browser. The cookie helps monitor whether the same browser has been used for accessing the website previously. The user’s browser will indicate whether the cookie has already been installed. If the cookie cannot be found, a new cookie will be installed. The cookies help collect information on pages accessed on the site, the IP address of the browser, timestamp, the URL, server and domain prior to accessing the website. Most browsers allow cookies to be switched off.