Privacy Policy

With this privacy policy for Nordic Label Oy’s customer, supplier and stakeholder personal data file, we describe how and for what purposes we process the personal data of customers, suppliers and other stakeholder groups, as well as users of our website (www.nordiclabel.fi).

1 Controller

Nordic Label Oy (Business ID 2768845-8) Sirrikuja 2, 00940 Helsinki

2 Person responsible for data-related matters

Erik Björkenheim, e-mail: erik.bjorkenheim@nordiclabel.fi

3 Register name

Customer, supplier and stakeholder group register of Nordic Label Oy

4 Purpose and justification for processing personal data

The personal data of the data subject is processed for maintaining, managing and developing client, supplier and other stakeholder group relations, analysis and statistics as well as general development of operations for customer and supplier relations and other appropriate connections, such as partnership.

Personal data will be processed on the basis of legal obligations, contractual relationship or pre-contractual measures, data subject’s consent and legitimate interests of the controller or a third party. Examples of the processing of personal data by Nordic Label on different legal bases are described below.

  • Processing of personal data while fulfilling the obligations of customer and supply agreements is based on contractual relationship or actions preceding the conclusion of a contract.
  • Personal data processing for the management and development of customer relationships and for the purpose of advertising and marketing Nordic Label’s services and products is based on Nordic Label’s legitimate interest and the data subject’s consent.
  • Camera surveillance at Nordic Label’s premises is based on Nordic Label’s legitimate interest in ensuring the safety of the premises.

Data content of the register

The following data of the data subject may be processed:

  • Basic information of the data subject, including name and contact information, job title, employing company name, contact information, business ID, and other necessary contact information.
  • Data related to service and product procurement and payments, notes and other information provided by the data subject.
  • Data processing related data, including entry date and data source, as well as other data related to customer and supplier relations and other appropriate connections, as well as data related to contractual relationships.

Nordic Label’s website uses cookies to collect various information. Some of this information is considered as personal data. The collection of personal data therefore also takes place on our website via cookies. A cookie can be used to track whether a website has been visited from the same browser before. Information on whether a tracking cookie is already in use can be found in the browser. If a previous cookie does not exist, a new cookie is set to the browser. Cookies are used to collect information about the sites visited on the browser, the IP address of the browser, the time, from which web address the browser came from to the website, from which server and from which domain the website was visited.

6 Personal data retention period

Collected personal, customer, supplier and interest group data will be kept in the register only as long as the legislation (e.g. accounting or tax legislation) requires, or it is needed for the purposes listed above. The controller evaluates the specified retention periods regularly.

Sources of data

Contact and customer data is provided during contact requests, order placement, quote requests and customer registration. Data submitted by the partners of Nordic Label Oy may also be entered into the data file.

8 Data disclosure and transfer outside the EU or the EEA

The data controller may disclose personal data stored in the data file as permitted or required by relevant legislation for example to a collection agency. The data controller may transfer personal data, for example, when outsourcing personal data processing to an accounting company or marketing and invoicing companies, who in such case will process the personal data on behalf of the data controller without the right to process such data independently. Due to technical reasons, some of the data may be physically located on the servers and equipment of an external service provider, in which case the data is processed remotely. The personal data will not be transferred outside the EU or EEA, unless it is necessary for the technical implementation of the service. The transfers of personal data are based on the model contract clauses approved by the European Commission or other transfer mechanism in accordance with data protection legislation. In such case, the data controller will ensure sufficient data protection as required by relevant data protection legislation.

Protection of personal data register

Personal data is stored in databases protected with firewalls, passwords and data security software. Databases and their backups are located in secure facilities and only designated persons have access to the data with a user name and password. Access rights and credentials to the register are granted and managed by a person responsible for data-related matters. The controller’s network and the equipment where the register is stored are protected with firewalls and the data security software of Windows 10 and F-secure.

10 Data subject’s rights

The data subjects have the right

  • to obtain information on the processing of their personal data and the purpose for which the data is used,
  • of access to their data,
  • to rectification of their data,
  • to the erasure of their data and to be forgotten if there is no lawful purpose to process the data,
  • to data portability,
  • to restrict the processing of their personal data to certain purposes, and
  • to object the processing of their personal data for direct marketing or other purposes based on a legitimate interest.

When objecting to the processing of personal data, the data subject must indicate the justification for refusing the processing of their personal data. The data controller may deny such requests as permitted under law.

In addition, where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw such consent at any time. The data subject may wield any of the aforementioned rights by submitting a written and signed request to the data controller with the contact information indicated in Section 1.

If the data subject considers that their personal data is not being processed lawfully, the data subject has the right to file a complaint with the supervisory authority (tietosuoja@om.fi, or by mail PL 800, 00531 HELSINKI).

Any questions?

Leave your contact information and our experts will contact you right away. Together we can come up with the most suitable printing solutions for you.