Privacy and Cookie Policy

Nordic Impact Oy

Last updated: June 10, 2024

1. General

This website is maintained by Nordic Impact Ltd.

Privacy is important to us, and to protect your privacy, we adhere to the principles expressed in this privacy policy. We always handle your personal data reliably and commit to operate transparently and openly. We ask you to familiarize yourself with this privacy policy, where we explain how and what personal data we collect and what we do with it.

We adhere to the General Data Protection Regulation of the European Union (2016/679) as well as other applicable and currently valid legislation and regulatory guidance related to the processing of personal data and privacy.

2. Data Controller

Nordic Impact Oy, Business ID: 2220541-0
Keilaniementie 1, 02150 ESPOO
(hereinafter referred to as “we” or “Nordic Impact Oy”)

3. Contact Person for Register Matters

Maija Saijonmaa
Tel. + 358 10 340 0080

4. Register Name

Privacy Policy and Cookie Policy of Nordic Impact Oy

5. What are the purposes and legal bases for processing personal data?

The purposes of processing personal data are:

  • delivery and development of our products and services; e.g., personalization and further development of the website based on browsing data to enhance the customer experience or managing access to various parts of the online service and downloadable materials
  • fulfillment of our contracts and other obligations;
  • management of customer relationships;
  • organization of events;
  • analysis and profiling of customer or other registered user behavior;
  • direct marketing and/or electronic direct marketing; and
  • targeting advertising on our and other parties’ online services.

The data of individuals (data subjects) stored in the register consist of customers of Nordic Impact Oy, website visitors, newsletter subscribers, and individuals who have otherwise provided their information to us.

We use automated decision-making (including profiling) to identify individual profiles, online behavior, age, and consumption habits. We use this information, for example, in targeting marketing and developing our services.

The legal bases for processing personal data are our legitimate interests based on the customer relationship and/or other relevant connection, performance of a contract, and/or consent.

6. What information do we process?

In connection with the customer register, we process the following personal data:

  • basic information of the data subject such as first and last name*, date of birth;
  • contact information of the data subject such as email address, phone number, address;
  • information of the data subject’s use of the online service such as website visits, products and services the data subject is interested in;
  • information regarding companies and company contacts such as business ID and names, titles, and contact information of contacts (data subjects);
  • possible direct marketing prohibitions and consents;
  • participant information of events and possible event-related information;
  • information regarding the customer relationship and contract such as information on past and current contracts and orders, user profile formed based on the customer relationship, phone recordings, correspondence and other contacts with the customer/data subject, cookies and information related to their use;
  • possible other information collected with the consent of the data subject which is necessary for the customer relationship, such as information filled by the data subject in online forms including, for example, name, email address, company identifying information, or other supplementary and essential additional information.

Providing personal data marked with an asterisk is a requirement for the establishment of our contractual relationship and/or customer relationship. Without the necessary personal data, we cannot deliver the product and/or service.

7. Where do we obtain information?

We primarily obtain information from the following sources: directly from you, from the Population Register, from authorities, credit information companies, contact information service providers, and other similar reliable sources.

In addition, personal data may be collected and updated from publicly available sources and authorities or other third parties based on the applicable legislation described in this privacy policy. Such data updating is performed manually or automatically.

7.1. Cookie Policy

Cookies are small files that are stored on the user’s terminal device. They help identify browsers using services and enhance user experience. Cookies do not harm users’ computers or files.

We use cookies on our website. With cookies, we collect visitor statistics of the website and analyze this data.

Our cookies may remember the choices you have made on our website, such as language selection, to enhance your user experience on our website.

You can adjust the use of cookies from your browser settings, for example, in Google Chrome browser, by selecting Settings – Privacy and security.

[We use third-party analytical tools to analyze the usage of our website. This allows us to improve the content of our website to better meet your needs. An example of such a tool is Google Analytics. Google Analytics sets a tracking cookie on the user’s machine. The cookie enables tracking whether the user is a returning visitor to the page].

8. To whom do we disclose and transfer data, and do we transfer data outside the EU or EEA?

We do not disclose register data to external parties.

We utilize subcontractors in processing personal data. We have outsourced IT management and services related to direct marketing to external service providers, on whose managed server personal data is stored.

We transfer personal data outside the EU or EEA. When personal data is processed outside the EU or EEA, we ensure that the subcontractor has committed to the EU Commission’s model clauses for the processing of personal data and/or is part of the Privacy Shield protection system.

9. How do we protect data and how long do we retain it?

Only our employees authorized for their work are entitled to use the system containing personal data. Each user has their own username and password for the system. The data is collected in databases protected by firewalls, passwords, and other technical means.

We regularly assess the need for retaining data, taking into account the applicable legislation. In addition, we take reasonable measures to ensure that outdated or incorrect personal data incompatible with the purposes of processing are not retained in the register. We promptly correct or delete such data.

10. What are your rights as a data subject?

You have the right to access the personal data stored in the register concerning yourself and request correction or deletion of incorrect, outdated, unnecessary, or unlawful data. If you have access to your data, you can edit your information yourself. To the extent that processing is based on consent, you also have the right to withdraw your consent or modify it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You have the right to object to or request restriction of the processing of your data and to lodge a complaint with the supervisory authority regarding the processing of personal data.

For special personal reasons, you also have the right to object to processing concerning yourself when the processing is based on a legitimate interest. In your request, you must specify the specific situation on which you base your objection. We may refuse to implement a request for objection only on the grounds provided by law.

11. Who can you contact?

All inquiries and requests regarding this policy should be submitted in writing or in person to the contact person specified in section two (2).