NODETEC logo horizontal
Request a quoteFI

Privacy policy

NODETEC Oy

1. Data Controller

NODETEC Oy (hereinafter also referred to as the Data Controller)

Business ID: 2823812-5
Phone number: +358 40 136 2232
Email: info@nodetec.fi

The Data Protection Officer is Valtteri Vaarsalo.

2. Purpose of Processing Personal Data

We collect, store, and process personal data only for predefined purposes. The main purposes for using personal data are:

  • Providing and delivering our services
  • Fulfilling contractual obligations
  • Business development
  • Targeting our services
3. Legal Basis for Processing Personal Data

We ensure that we always have a legal basis for processing personal data as required by law. We may process personal data on several grounds. Typically, processing personal data is necessary to fulfill a contract or for preparatory actions prior to entering into a contract. We may also process personal data to comply with legal obligations. Processing may also be based on our legitimate interest, for example, in customer communication and marketing, providing our services, business development, or targeting our services. In some cases, we may process personal data based on consent (e.g., customer references).

4. Categories of Processed Personal Data and Regular Data Sources

We collect and process the following personal data about our customers and potential customer representatives:

  • Employer’s name and business ID
  • Contact person’s or other company representative’s name
  • Work email address
  • Work phone number
  • Information related to the assignment
  • Customer history information
  • Any other information collected with the customer’s consent

We primarily collect personal data from the individuals themselves. Additionally, we may collect information from public sources and registers, such as the Business Information System (YTJ) or Suomen Asiakastieto. For new potential customers, we may collect information from company websites or by contacting the company to find the correct contact person. We also collect information through the contact form on our website and using Google Analytics for website usage data.

5. Processors of Personal Data and Transfer Outside the EU or EEA

Personal data is primarily processed by our company’s personnel in the course of their duties. We store data mainly in electronic form and use well-known and reliable service or software providers for data storage. In certain cases, we may use external service or software providers for specific purposes, such as:

  • Data and file storage
  • Website hosting services
  • Accounting services
  • Email marketing and other digital marketing
  • Web service analytics (e.g., Google Analytics)

We ensure confidentiality and lawful processing of personal data through contractual agreements when using service or software providers.

We may disclose data if required by law, court order, or a competent authority, or in the event of a business or asset transaction.

Personal data is generally not transferred outside the EU/EEA. However, as data is stored and processed primarily in electronic and cloud-based services, some of our service providers may be located outside the EU/EEA. If personal data is transferred outside the EU/EEA, the data controller ensures that the transfer is carried out using sufficient safeguards as required by law.

6. Retention Period of Personal Data

We do not retain personal data longer than necessary for their intended purpose or as required by contract or law. Retention periods may vary depending on the purpose of use, legal basis for processing, and the situation. Personal data may also be deleted if the person withdraws their consent or requests deletion (provided there is no other legal basis for processing), if the contractual relationship ends, or if the data is outdated or incorrect. Retention periods may also be guided by legislation (e.g., accounting, taxation) and the expiration of time limits for legal claims (e.g., statute of limitations). We aim to update and delete unnecessary, incorrect, or outdated data periodically.

7. Storage and Protection of Personal Data

The personal data we collect and process are kept confidential and are only disclosed to those who need them for their work. Access to the data is protected by firewalls, user-specific credentials, passwords, and access rights.

Written agreements with external service providers ensure the confidential processing and protection of data. Data is stored on servers of our service providers, which are protected according to industry standards. We choose reputable and secure service providers for data storage and processing.

8. Mandatory Data Provision and Consequences of Failure to Provide Data

The necessity of providing data and the potential consequences of not providing it depend on the purpose of use.

Typically, data provision and processing are necessary to fulfill a contract. In this regard, providing data is mandatory to ensure that the individuals signing contracts on behalf of our business customers are authorized and competent, to fulfill our contractual obligations and any legal obligations (e.g., accounting, taxation), and to ensure our own rights. If we do not receive the necessary data or if processing is not permitted, we may not be able to serve you.

For potential customers, data provision is voluntary.

9. Use of Cookies

Our website uses cookies. Cookies are small text files that the web server saves on the user’s device or computer when visiting the website. We use cookies to deliver our services, analyze website usage, produce and target content and advertising, and develop our services and website.

Most web browsers allow disabling cookies. This is usually done through the browser settings. Changing cookie settings may affect the functionality of the website or limit it.

10. Automated Decision-Making

Processing of personal data does not involve automated decision-making, including profiling, that would have legal effects or significantly affect the data subject.

11. Data Subject Rights

Withdrawal of Consent

If we process data based on consent, the data subject may withdraw their consent at any time by notifying us. The notification must be made in writing to the Data Protection Officer. Withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.

Access to Data and Request for Inspection

The data subject has the right to obtain confirmation from us as to whether we process personal data concerning them and to know what personal data we process about them. The data subject also has the right to receive additional information about the grounds for processing their personal data. The right to access is free of charge if exercised no more than once a year. If the data subject wishes to exercise their right to access more frequently or requests multiple copies, the data controller has the right to charge a reasonable fee based on administrative costs.

Right to Correct Errors

The data subject has the right to request that we correct any incorrect, outdated, or otherwise incomplete personal data concerning them.

Right to Prohibit Direct Marketing

The data controller targets direct marketing only to companies or other entities. The data subject has the right to prohibit the use of their data for direct marketing purposes by notifying the data protection officer in writing or by following the instructions provided in email marketing communications.

Right to Object to Processing

If we process personal data based on public interest or our legitimate interest, the data subject has the right to object to the processing of their personal data unless there is a compelling reason that overrides their rights or the processing is necessary for a legal claim. If we do not receive the necessary data or if processing is not permitted, we may not be able to serve you.

Right to Restrict Processing

In certain situations, the data subject has the right to request that we restrict the processing of their personal data.

Right to Data Portability

If we have processed the data subject’s personal data based on consent or to fulfill a contract, the data subject has the right to receive the data they have provided to us in a commonly used format, so that the data can be transferred to another service provider.

The data subject can exercise the above rights by notifying the data protection officer in writing. The data controller is then obliged to verify the data subject’s identity to ensure that we do not provide data to the wrong person. We ask the data subject to provide their name, address, and phone number in the message and to attach a copy of their passport, driver’s license, or other ID to verify their identity. If the data subject believes that their personal data processing is not lawful, they may also file a complaint with the competent supervisory authority.

12. Updating the Privacy Policy

We may update this privacy policy as our operations, personal data processing principles, or legislation change. Changes take effect when we publish the updated privacy policy. We ask the data subject to review the contents of this privacy policy regularly.