Privacy Policy - Nordic Revenium Oy

1. Contact Person Responsible for the Register
  Tuomas Tukeva, tuomas.tukeva@nordic.revenium.com, +358 40 4555302

1. Marketing and Customer Register
2. Legal Basis and Purpose of Processing Personal Data
  The purpose of processing personal data is to maintain communication with customers, manage customer relationships, conduct marketing,
  and provide information related to customer relationships. The data will not be used for automated decision-making or profiling.

1. Contents of the Register
  The register may include the following information: name, position, company/organization, contact details (phone number, email address, address), website URLs, IP address of network connection, social media profiles, details of subscribed services and any modifications to them, billing information, and other details related to the customer relationship and subscribed services. IP addresses of website visitors and essential cookies are processed based on legitimate interest, for security purposes and to collect visitor statistics when these can be considered as personal data. Separate consent is requested for cookies from third parties if necessary.

1. Regular Sources of Information
  Information stored in the register is obtained from the customer through forms on the website, emails, phone calls, social media services, contracts, customer meetings, and other situations in which the customer provides their information. Information regarding contacts from companies and other organizations may also be gathered from public sources such as websites, directories, and other companies.

1. Regular Disclosure of Information and Transfer of Data Outside the EU or EEA
  Data is not regularly disclosed to other parties but may be published as agreed with the customer, or as required by technical implementation or authorities. Data may also be transferred outside the EU or EEA by the data controller. Data will not be transferred to the United States without the explicit consent of the data subjects.

1. Principles of Register Security
  The processing of the register is conducted with care, and the data processed with information systems is adequately protected. When register data is stored on Internet servers, both physical and digital data security is appropriately ensured. The data controller ensures that stored data, server access rights, and other critical information related to the security of personal data are treated confidentially and only by employees whose job description includes such processing.

1. Right of Access and Right to Rectify DataEach person registered has the right to check their data stored in the register and request the correction of any incorrect information or the completion of incomplete data. If a person wishes to check their stored data or request corrections, they should send a written request to the data controller. If necessary, the data controller may ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated by the GDPR (usually within one month).

1. Other Rights Related to Personal Data Processing
  A registered person has the right to request the deletion of their personal data from the register (“right to be forgotten”). Additionally, registered persons have other rights in accordance with the GDPR, such as restricting the processing of personal data in certain situations. Requests should be sent in writing to the data controller. If necessary, the data controller may ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated by the GDPR (usually within one month).