At Nordcloud we are committed to ensuring that when you use our services or enter into a business relationship with us, your personal data is processed carefully in accordance with applicable data protection legislation. We take responsibility for the personal data we collect about you, and we aim to be transparent about how we handle it, and give you control over it.
- the contact details of data controller
- the types of personal data we collect
- the purpose we use your data and the legal grounds for processing
- the retention periods of your data
- the rights you have over your personal data
- the procedures that we have in place to protect data
- to whom we may transfer and disclose your personal data
Data controller and contact details
The data controller is the Nordcloud group company with whom you are interacting. The contact details of Nordcloud’s offices may be found at: nordcloud.com/contact/. In matters related to processing of your personal data, you can always contact our data protection officer at dpo(at)nordcloud.com.
Personal data collected through this website is primarily processed by:
Business ID: 2827588-2
Address: Antinkatu 1, 00100 Helsinki
Email address: dpo(at)nordcloud.com
Types of personal data we process
We process the following categories of personal data:
- Customer information: We process personal data related to our current and potential customers’ contact persons, such as name, email address, phone number, address and information related to the company the person is representing, such as company name, company business ID number, contact details and invoicing information. We also process customer’s access credentials related to our SaaS offering. We receive this information directly from you or the company you represent. Personal data related to potential customers may be gathered from company websites, LinkedIn and other publicly available sources.
- Business partner information: We process personal data related to the contact persons of our business partners, such as subcontractors, service providers and freelancers. Personal data may include name, email address, phone number, address and information related to the company the person is representing, such as company name, company business ID number, contact details and invoicing or payment information. We receive this information directly from you or the company you represent.
- Information given through forms and chat: We may collect personal data, such as your name, email address, title and company name when you are completing a form on our website, such as contact, event registration, newsletter subscription or e-book download forms, or contacting us through our online chat service.
- Automatically collected information: We automatically collect information on how you use services of Nordcloud (e.g. the duration and time of the visit, statistics around email opening and clicks) and subareas of the site you visit. In addition, we collect technical information on your device (including but not limited to IP-address, location, browser, operator and operating system). Information is automatically generated in service logs or collected via cookies.
You are not obliged to disclose any information mentioned or referred to at Nordcloud webpage, but a failure to provide certain personal data may cause the service provided by us to be partly unavailable or inadequate.
The purpose of use and legal basis of processing
Personal data is used for the following purposes:
- to manage the business relationship with you or the company you represent, including providing services, managing orders, responding to service requests, carry out invoicing or making payments, communication;
- to authenticate users and grant them access to their SaaS account;
- to improve your browsing experience and analyze traffic;
- to send information or marketing communication, by email or other means, which we think may be of interest to you;
- to customize advertisements;
- to organise events;
- to develop our business operations; and
- to ensure data security.
Processing of personal data is based on:
- contract (e.g. managing a contract made directly with the data subject, such as a freelancer)
- consent (e.g. newsletters, cookie-based marketing and advertising, personalisation and website development)
- legitimate interest (e.g. marketing, business development, data security and user authentication, fulfilling or negotiating a contract with the company you represent)
- legal obligation (e.g. accounting obligations or other legal obligations stemming from applicable legislation)
Given the categories of data subjects, the types of data, the nature of processing and the choices available to you, we have assessed that your interests or fundamental rights or freedoms do not override the legitimate interest described above. You can, however, object processing based on legitimate interest at any time as described below.
We do not make any automated decisions solely on automatic means which produces legal effects concerning you or similarly significantly affects you.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We strive to update contact information, and delete outdated information, on a yearly basis at the minimum. You may also request us to delete your personal data as described below.
- Right of access, rectification and erasure. You have the right to request access to your personal data we process. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law.
- Right to object to direct marketing (including related profiling). In case you do not want to receive further marketing or other updates from us or wish to opt-out of profiling we do in order to offer you tailored marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either by contacting us or through the unsubscribe link on electronic messages we send you.
- Right to object to data processing and right of restriction. You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
- Withdrawal of consent. You may withdraw consent you have given at any time by contacting us. Please note that withdrawing your consent does not affect the legality of the processing we have carried out prior to withdrawal.
- Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on contract with your or your consent.
Email your request to our data protection officer at dpo(at)nordcloud.com. Please note that we ask you to verify your identity when using your rights.
The personal data we process will be kept confidential. We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel participating in the processing of personal data.
Disclosure and transfer of personal data
Nordcloud may disclose your personal data to third parties in the following circumstances:
- Authorities. We may disclose personal data to authorities when we have a legal obligation to do so under applicable law.
- Consent. Based on your consent we may disclose your personal data within the limits of the specific consent you have given.
- Events. We may disclose personal data to partners we organise events with.
- Business transactions. We may disclose your personal data in connection with a business transaction (such as a transfer of undertaking) to the other party/parties of the transaction, if and to the extent necessary.
- Our legitimate interests. We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our other customers, employees, directors or shareholders, and/or to ensure the safety and security of our services.
The processing of personal data can be outsourced to a third party which processes personal data on Nordcloud’s behalf and under our instructions. We guarantee by contractual arrangements that personal data is processed in accordance with applicable data protection legislation.
Personal data may only be transferred outside the territory of the Member States of the European Union or to the European Economic Area if the country concerned provides sufficient level of data protection and there are other applicable safeguards in place, such as Standard Contractual Clauses approved by the European Commission.
A “cookie” is a small data file containing a string of characters that is sent to your device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. A cookie does not harm your device, and we do not get any information that is directly related to you (such as your name or email address) merely through cookies.
The duration of how long a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or until you delete them.
The following categories of cookies are in use:
- Necessary cookies are essential for the website to function properly. This category only includes cookies that ensure basic functionalities and security features of the website. These cookies do not store any data that could be used to identify you personally.
- Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, the number of visitors, bounce rate and traffic source.
- Advertising cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
You have the following choices regarding cookies:
- Website cookie consent: You may control your cookie choices, such as grant consent, refuse to grant consent or withdraw consent to the use of non-essential cookies. These settings may be found on the footer of our website (“Cookie Settings”).
- Browser settings: Most web browsers allow you to control and block cookies through their settings. Please note that if you limit the ability of our website to set cookies or block them entirely, the entire contents of our website may not be available and some of the features might not function properly.
Please note that if you make choices via the above links, the choices will be cleared if you delete cookies from your browser. The choices you make are browser-specific, so if you use multiple browsers, please make sure that you make the choices you want on each browser separately.
More information on third party cookies may be found here.