NORDCLOUD PRIVACY NOTICE.
At Nordcloud we are committed to ensuring that when you use our services or enter into a business relationship with us, your personal data is processed carefully in accordance with applicable data protection legislation. We take responsibility for the personal data we collect about you, and we aim to be transparent about how we handle it, and give you control over it.
This privacy notice explains how we at Nordcloud process personal data. Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your interactions with us depending on your relationship with us. You could be our customer’s representative or contact, business partner, newsletter subscriber or receiver of marketing communications.
You can find more information about the processing of your personal data under each topic below. Please click the relevant section from below for more information.
Data controller and contact details.
Data Controller means the entity who defines the purposes for which the processing of personal data takes place and how that information is processed.
Nordcloud Group consists of different legal entities. The data controller is the Nordcloud group company in your country or region, unless another Nordcloud entity identifies itself as the Data Controller for a specific interaction with you. The contact details of Nordcloud’s offices and entities may be found at https://nordcloud.com/contact/.
Contact details of Nordcloud:
Business ID: 2827588-2
Address: Antinkatu 1, 00100 Helsinki
Email address: dpo(at)nordcloud.com
In matters related to processing of your personal data, you can always contact our data protection officer at dpo(at)nordcloud.com.
Customers, potential customers and business partners.
We collect and process basic information relating to our current, potential customers’ and business partners contact persons or representatives, such as:
- Name, contact details (e.g. email address, phone number, address)
- Information related to the company the person is representing, such as company name, company business ID number, data relating to the person’s role in the organisation
- Social media identification data (e.g. LinkedIn)
- Communication between us
- Invoicing information
We also collect information about the visitors at our facilities such as name and email. We can also process images and video footage of our office visitors through CCTV installed on our premises.
Information may be used for the following purposes:
- Customer relationship management, such as communicate with one another to handle queries and feedback related you our services
- Communicate either to provide or produce services
- Planning the operation of our business and general management
- Preparing, entering or fulfilling the contractual agreement
- Development of our products and services
- Protect the safety of our employees and our property and prevent or investigate situations that endanger safety of people or property the office (office visitor information and CCTV)
- Organise events
- Complying with a legal or regulatory obligations we are subject to, such as local accounting and tax laws; audit purposes; handling of disputes, anti-money laundering regulations and the financing of terrorism; export control obligations or international sanctions
Information is primarily collected directly from the contact persons or representatives themselves or from the company you represent through your interactions with us, such as the customer service situation, attendance at events, submission of website forms/chat or via email.
Personal data related to potential customers may be also received from third-party data providers or gathered from company websites, LinkedIn and other publicly available sources.
Receivers of marketing communications, newsletter subscribers, information given through webforms and chat.
We want to keep you updated and to be able to provide you with the latest cloud news, views and events. We also want to communicate with you about our relevant products, services and offerings. We can contact you through multiple channels such as phone, email and social media channels.
In order to do this, we collect and process personal data such as:
- Name and contact details (e.g email and phone number)
- Company you represent and data relating to your role in the organisation
- Information you have provided for us through interaction
This may include information:
- We collect directly from you through your interactions with us such as completing a form on our website (e.g. contact, event registration, newsletter subscription or download forms) or contacting us through our online chat service
- We receive information also from third party providers and from public sources such as company websites or marketing registers
We also obtain statistical insights into our marketing communications to develop and measure the efficiency of our marketing activities. This means that analytic metrics are collected from receivers of marketing emails/newsletters. This includes email open rates, click rates, details on your interactions with our emails and links clicked on with each contact.
If you subscribe to a newsletter on our websites, you agree to receive communication from us. If you do not wish to receive marketing or newsletters from us any longer, you can always let us know by selecting ‘unsubscribe’ at the bottom of each marketing email/newsletter and choose your communication preferences.
We do not make any automated decisions solely on automatic means which produces legal effects concerning you or similarly significantly affects you.
A “cookie” is a small datafile containing a string of characters that is sent to your device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. A cookie does not harm your device, and we do not get any information that is directly related to you (such as your name or email address) merely through cookies.
The duration of how long a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or until you delete them.
The following categories of cookies are in use:
- Necessary cookies are essential for the website to function properly. This category only includes cookies that ensure basic functionalities and security features of the website. These cookies do not store any data that could be used to identify you personally.
- Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, the number of visitors, bounce rate and traffic source.
- Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
- Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
- Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
You have the following choices regarding cookies:
- Website cookie consent: You may control your cookie choices, such as grant consent, refuse to grant consent or withdraw consent to the use of non-essential cookies. These settings may be found on the footer of our website (“Cookie Settings”).
- Browser settings: Most web browsers allow you to control and block cookies through their settings. Please note that if you limit the ability of our website to set cookies or block them entirely, the entire contents of our website may not be available and some of the features might not function properly.
Please note that if you make choices via the above links, the choices will be cleared if you delete cookies from your browser. The choices you make are browser-specific, so if you use multiple browsers, please make sure that you make the choices you want on each browser separately.
Nordcloud shares information about the use of our site to third party service providers such as social media, advertising and analytics partners. This can be shared through the cookies on our website or through links to other companies’ websites and services that have their own privacy practices and policies. Nordcloud advises you to read carefully the privacy policies of such third parties. Nordcloud is not responsible for such third party service providers’ privacy practices or contents. More information on third party cookies may be found here and from “Cookie Settings” on the bottom left of this page.
Learn more about our practices and your rights.
Our legal obligations
Nordcloud complies with applicable legal obligations, including obligations related to personal data processing such as retaining data for a fixed period of time (e.g. tax and accounting laws) and personal data can be processed for fulfilling our legal obligations.
Contract with you
We process your personal data based on a contract if you have a direct contractual relationship with us, and processing of the personal data is necessary for the performance of the contract (e.g. freelancers). Processing that is based on contract covers also processing operations performed prior to entering a contract.
We can also process your personal data based on consent in some cases, such as newsletter subscription, cookie-based marketing and advertising, personalisation and website development. Prior to the processing we will request your consent and inform you of the purpose of the consent. You can withdraw your consent at any time by contacting us.
You have the right to decline the use of our cookies by clicking the “Cookie Settings” at the bottom left of this page. Select “Reject Unnecessary” or click “Cookie Settings” if you want to customise your choices and set certain types of cookies disabled.
See more information about your rights in the “Your rights” section below.
We process personal data based on our legitimate interest. When we process your personal data on this legal ground, the processing of personal data is necessary for us to pursue a business interest which is balanced with your rights. Legitimate interest relates to being able to conduct and organise business, such as:
- Manage communications with you
- Improve our services and products
- Gain understanding of our business and customers
- Maintain security and safety on our premises in order to prevent theft and fraud
- Administer and fulfil the contractual relationship with the relevant stakeholders
- Perform and coordinate marketing activities
- Promote our services and products
- Manage and organise events
- Resolve disputes
- Measure efficiency of our marketing communications
Given the categories of data subjects, the types of data, the nature of processing and the choices available to you, we have assessed that your interests or fundamental rights or freedoms do not override the legitimate interest described above. You can, however, object processing based on legitimate interest at any time as described below. For your rights, see “Your rights” section below.
The personal data we process will be kept confidential. We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel participating in the processing of personal data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We strive to update contact information, and delete outdated information, on a yearly basis at the minimum. You may also request us to delete your personal data as described below.<
Nordcloud may disclose your personal data internally and externally to third parties in the following circumstances:
- Group entities. Your personal data may be shared or accessed by other entities in our group as part of running our business. Our Group entities may use your personal data for the purposes defined in this Notice to enable activities such as regular reporting activities on company performance, internal collaboration between our entities, customer care and provide services and managing IT systems.
- Third party service providers. We may disclose your personal data to our service providers acting as data processors, which perform services on our behalf (e.g. IT system providers).
- Authorities. We may disclose personal data to authorities when we have a legal obligation to do so under applicable law.
- Consent. Based on your consent we may disclose your personal data within the limits of the specific consent you have given.
- Events. We may disclose personal data to partners we organise events with.
- Business transactions. We may disclose your personal data in connection with a business transaction (such as a transfer of undertaking) to the other party/parties of the transaction, if and to the extent necessary.
- Our legitimate interests. We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our other customers, employees, directors or shareholders, and/or to ensure the safety and security of our services.
The processing of personal data can be outsourced to a third party which processes personal data on Nordcloud’s behalf and under our instructions. We guarantee by contractual arrangements that personal data is processed in accordance with applicable data protection legislation.
Personal data may only be transferred outside the territory of the Member States of the European Union or to the European Economic Area if the country concerned provides sufficient level of data protection and there are other applicable safeguards in place, such as Standard Contractual Clauses approved by the European Commission.
- Right of access, rectification and erasure. You have the right to request access to your personal data we process. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law.
- Right to object to direct marketing (including related profiling). In case you do not want to receive further marketing or other updates from us or wish to opt-out of profiling we do in order to offer you tailored marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either by contacting us or through the unsubscribe link on electronic messages we send you.
- Right to object to data processing and right of restriction. You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
- Withdrawal of consent. You may withdraw consent you have given at any time by contacting us. Please note that withdrawing your consent does not affect the legality of the processing we have carried out prior to withdrawal.
- Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on contract with your or your consent.
Email your request to our data protection officer at dpo(at)nordcloud.com. Please note that we ask you to verify your identity when using your rights.
Changes to this privacy notice.
Nordcloud continuously develops its business and services, which is why we may occasionally need to make changes also to this privacy notice. We will inform you about any changes we make, either personally or through our services. We suggest that you check this page periodically.
This privacy notice was last updated July 3, 2023.