Privacy policy

Nordic ID Privacy Policy

11.2.2023

1. Controller

Nordic ID Oyj (0630456-6)

Joensuunkatu 7

24100 Salo

Finland

+358 2 727 7700

info@nordicid.com

(hereafter ”we”)

Contact person

Sandra De Bock

GDPR Coordinator

privacyeurope@bradycorp.com

2. Whose personal data do we process?

The data subjects are contact persons and other representatives of our current and potential business clients, our vendors and other stakeholders as well as other persons visiting the our website.

3. How do we process your personal data?

For what purpose do we
process your personal data?

What types of data do we
process?

What is the legal basis for processing?

Delivering our products and services to our clients; managing our business relationship with our clients and other stakeholders (such as communication with our stakeholders, invoicing, contract management, maintaining documentation on customers etc. as well as any other activities we may deem necessary in order to maintain our business relationship, sourcing and purchasing)

Your basic information and contact details such as name, name of the company represented, position at the company, email address, phone number, customer number, username and/or other identifier and password;

information regarding the actual or potential customer relationship such as past and current contracts and orders, user profile formed based on the customer relationship, our correspondence with you as well as other contacts, consents and prohibitions related to direct marketing, information related to events organized by us;

information collected when using our services or our website such as information about your account, information about your device and browser, cookies and data related to using them;

information collected from other sources such as information collected from your company’s website and/or social media profiles as well as public register information.

Our legitimate interests, art. 6(1)(f) GDPR

The legal basis for processing affects what kind of rights you have as a data subject, as certain rights are only applicable to processing based on certain legal bases. For additional information, see section 9 below.

Developing our products and services, reporting (such as collecting statistics on and analysing the use of our products and services)

Information collected when using our services or our website (see details in list above), information provided by you in your feedback.

Marketing and promotion of our products and services as well as personalization and development of our marketing activities

Basic information, contact details, information regarding the actual or potential customer relationship, information collected from other sources (see details in lists above).

Preventing, detecting and investigating fraud and other unlawful activities

Basic information, contact details, information regarding the actual or potential customer relationship, information collected when using our services or our website (especially in cases of unusual activity on our website), information collected from other sources (see details in lists above).

Enabling certain features of our website that cannot be enabled without using cookies (such as login feature)

Information collected about you using strictly necessary cookies, such as your IP address

Processing and storage of personal data for accounting purposes and in order to comply with other legal obligations

Any personal data contained in our accounting material (e.g. your name, transaction details)

Legal obligation, art. 6(1)(c) GDPR

Direct marketing

Your name, e-mail address and information about the types of communications you have chosen to receive.

Your consent, art. 6(1)(a) GDPR

Improving your experience when using our webiste, personalization of our website, statistics and analytics, marketing optimization, provision of embedded third party services.

Information collected about you using non-essential cookies, such as your IP address, information about your device and browser, information about which of our pages you visit and how long you stay.

For additional information about our use of cookies, please see our cookie policy.

4. Where do we receive your data from?

We receive information primarily from the you, the data subject, when the you order products or services, subscribes to a newsletter or otherwise contacts us. In addition, we collect information about our your interactions with us and with our website. We may also receive personal data from our group companies.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

5. Profiling and automated decision-making

You are not profiled and no automated decisions concerning you are made based on your personal data.

6. To whom do we disclose your data, and do we transfer data outside the EU or the EEA?

Nordic ID Oyj is a part of the Brady Group. We may disclose personal data to our group companies for the purposes described in this privacy notice and in order to enable group-wide reporting and use of centralized data systems.

In order to carry out processing described in this privacy notice, we use subcontractors that process personal data on our behalf. We ensure that our subcontractors ensure the security and integrity of the personal data by using non-disclosure and data processing agreements as well as strict information security requirements.

In order to detect and investigate unlawful activities or to respond to legal proceedings or a lawful data request, we may need to disclose your personal data to authorities (such as courts or law enforcement authorities) or other third parties.

We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the recipient of personal data outside the EU/EEA has committed to use the EU Commission’s standard contractual clauses or use other transfer mechanisms that are considered acceptable under the GDPR.

7. How do we protect the data?

We commit to ensuring that we and our service providers process personal data in a manner that ensures its security, integrity and confidentiality.

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the systems containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other appropriate technical measures. The databases and their backup copies are physically stored at locked premises and can only be accessed by certain pre-designated persons.

8. How long do we store the personal data?

We store the data of our existing customers for the duration of the customer relationship and for 2 years after the end of the customer relationship. Certain information may be stored for longer periods in accordance with statutory requirements or for purposes of legal claims.

Personal data of our potential customers is stored for as long as it remains relevant for our business purposes – however, our general retention period for marketing data is 2 years. Information concerning communication subscriptions and consents is stored as long as the subscription remains active.

We assess the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9. What are your rights as a data subject?

You always have the right to:

  • access the personal data stored by us concerning yourself
  • demand rectification of inaccurate or outdated data (in some cases, you can update your information yourself)
  • lodge a complaint with the supervisory authority

Additionally, subject to certain conditions (left column), you may have the following rights:

When the processing is based on your (explicit) consent in accordance with art. 6(1)(a) and/or 9(2)(a) GDPR

You have the right to withdraw your consent at any time.

You have withdrawn your consent, or if any other of the conditions listed in art. 17 GDPR are met

You have the right to have your personal data erased.

You have contested the accuracy of personal data, or if any other of the conditions listed in art. 18 GDPR are met

You have the right to have the processing of your personal data restricted e.g. while your requests related to your personal data are investigated and resolved.

When the processing is based on your consent (art. 6(1)(a) and/or 9(2)(a) GDPR) or on a contract (art. 6(1)(b) GDPR) and where the processing is carried out by automated means

You have the right to receive your data in a structured machine-readable format and transmit it to another controller (if it is technically feasible and as far as yor request concerns information provided to us by yourself)

When the processing is based on our legitimate interest in accordance with art. 6(1)(f) GDPR or when personal data is processed for direct marketing purposes

You have the right to object to processing of your personal data on grounds relating to your particular situation. You always have the right to object to processing of your personal data for direct marketing purposes.

How to use your rights:

All contacts and requests concerning the rights mentioned above should be made in writing to the contact person mentioned in the beginning of this privacy notice. Your request should include your name and contact details. Please note that when submitting a request concerning your rights, we may ask you to provide additional information in order to verify your identity – this information is not used for any other purposes and is deleted after identification.

We will answer your contacts and requests related to your rights as a data subject within one month.