PRIVACY NOTICE FOR CUSTOMERS, WEBSITE VISITORS AND CO-OPERATION PARTNERS

1 THE CONTROLLER AND CONTACT INFORMATION

Nestor Cables Oy, Mittarikuja 5, 90620 Oulu, Finland
Business ID 2112907-3

Contact person in data protection related matters:

Kaarina Limingoja, Data Protection Specialist, gdpr@nestorcables.fi

Please contact her in all matters and questions related to data protection and personal data processing.

2 THE CATEGORIES OF THE DATA SUBJECTS

Within this privacy notice we aim to describe in an open and transparent way how we process the personal data of data subjects, and to inform the conditions and scope of the processing, in order to ensure our compliance with privacy and data protection regulations, and to ensure that the rights of the data subjects are fulfilled. In this privacy notice data subjects refer to the following categories of people:

• Customers as well as contact persons of our customer companies
• Potential customers as well as contact persons of our potential customer companies
• Persons visiting our organisation’s website
• Contact persons of our co-operation partners such as the personnel of our subcontractors as well as of our service, system, and product providers

3 THE PERSONAL DATA PROCESSED

We may process following directly necessary personal data, and information about updates and modifications of such personal data:

Basic data, such as

• First and last names
• E-mail address
• Postal address
• Phone number
• Employer or another company related to the data subject, and its contact information, e.g., address and phone number
• Title or role in the company
• Photo, video
• Information about attending to events, including dietary preferences

Data related to offers and/or customer relationship, such as

• Offered products, information about negotiation round’s outcome
• Agreements and contracts
• Feedback

Data related to website visits, such as

• IP address and cookies
• Website actions, e.g., sent forms (name, e-mail address), visiting time, web page usage

4 THE PURPOSES FOR PROCESSING PERSONAL DATA

The personal data are used for following purposes:

• The actions related to managing rights, responsibilities and relationships regarding a customer or co-operation contract or legislation
• Creating and developing a customer relationship, including customer service, customer satisfaction queries and other communication
• Marketing and sales, including newsletter and targeted advertising
• Planning and developing business activities as well as enhancing services and user experience
• Analysing and developing our website

5 THE LEGAL BASES FOR PROCESSING PERSONAL DATA

Personal data is processed based on the following bases, depending on the situation:

• Preparing or executing a contract between us
• Obligatory legislation
• Consent given by the data subject
  • Examples on data processed based on a consent are notably the following:
    • Cookies
    • Newsletters and marketing
    • Photos and videos taken at an event
• Legitimate interests pursued by the controller or a third party
  • Examples on data processed based on a legitimate interest are notably the following:
    • Direct marketing and the right to engage in commercial activities
    • There is a relevant relationship between the data subject / data subject’s company and us which can be based e.g., on a contract between us
    • Ensuring and improving safety and security of physical premises, data, and networks
    • Protection of property as well as preventing and investigating frauds and malpractices
    • Other investigations concerning suspected misconducts or crimes
  • In situations where the processing is based on a legitimate interest, we have performed a balance test and assessed that the interests or fundamental rights and freedoms of a person requiring the protection of personal data do not override the legitimate interest of our organisation.

6 REGULAR DATA SOURCES

The personal data is mainly collected directly from the data subjects or their companies in connection with a personal or digital interaction or website visit. In addition to that we may collect personal data from authorities or public sources within the limits of legislation.

7 TRANSFERS AND DISCLOSURES OF PERSONAL DATA

We may transfer personal data within our group companies. Also, we may transfer personal data to our data processors who provide us services or duties which we have designated to them. The processors’ duties may be related to e.g., executing a marketing campaign or providing IT services. The ownership of the data stays with us, and the data processors are not allowed to use the data for their own purposes. We have ensured that all our service providers comply with data protection legislation. We regularly use the following categories of service providers:

• Accounting company
• Customer relationship management, CRM
• Enterprise resource planning, ERP
• Marketing automation
• Newsletter provider
• Website visit monitoring
• Communication and documentation management
• Travel invoice management
• Event management

Whenever possible, we have chosen to store the personal data in secure data centres located within EU. Some of the aforementioned service providers may back up the data outside EEA. In those cases, the applicable legislation (such as GDPR) is complied with, and its requirements (such as EC’s standard contractual clauses, SCC, and supplementary safeguards) are met in order to ensure the appropriate level of data protection. Additional information with regards to the data transfers outside EEA and the safeguards used in a specific situation may be requested by sending e-mail to the contact address shown in the Chapter 1.

We may transfer your personal data to governmental or regulatory authorities if access to and use of such data is allowed / required to comply with any applicable laws, regulations, and / or court decisions.

If we are party to a merger, business deal or other acquisition, we may, within the limits of legislation, transfer personal data to the third party or third parties involved in the transaction. 

8 DATA STORAGE PERIOD

We will only store personal data for as long as is necessary and allowed according to legislation in relation with the purposes of collecting the personal data. The data will be erased once storing them is not anymore necessary according to legislation or to ensure the rights or responsibilities of either party.

Generally, personal data processed in relation with customer relationship involves various retention times which we must follow according to legislation. These obligations may require us to store personal data even ten years from ending the contract on which the data processing is based. One example of this legal obligation is the obligation based on the Accounting Act which states that we must store all receipts and other documents related to purchase and sales invoices at least six years from the end of the calendar year during which the organisation’s accounting period ends. As a rule, we erase the personal data of our customers and potential customers seven (7) years either from the ending of the contract or from the last contact.

It is anytime possible to leave our marketing list by clicking the opt-out link which is at the bottom of all the marketing emails we send.

The website visitors’ cookie information is erased automatically after one year from accepting the cookies. The data collected from the forms in our website are erased next January after one full calendar year has gone by from completing and sending the form to us.

9 PROTECTION OF PERSONAL DATA

We set high importance on the confidentiality on personal data. We have implemented appropriate technical and organisational safeguards to protect personal data from accidental or illegal loss, disclosure, misuse, modification, deletion, or unauthorised access.

We use the following safeguards to ensure the security of personal data:

• Access to personal data is restricted with access rights only to those predefined persons who need the data for the performance of their duties.
• The information systems and devices used for processing personal data are adequately protected technically, including access control with personal user IDs and passwords, firewalls, and other technical methods.
• The personnel have received comprehensive training and instructions related to the appropriate processing of personal data. Everyone who processes personal data has a duty of confidentiality regarding all personal data.
• The personal data within the data files are located in locked and guarded premises. Our own servers are located at a data centre where outsider access is prevented.
• Electronic files are regularly backed up.
• Any physical or paper material is stored in locked premises.
• Material containing personal data is deleted in a secure way.
• If, despite all the security measures, a personal data breach including negative effects on the data subjects’ privacy takes place, we will notify the authorities as well as the data subjects concerned in accordance with the applicable legislation.

10 RIGHTS OF THE DATA SUBJECT

The data subjects have the right to inspect their personal data and receive a copy of that data. They have the right to demand the rectification of inaccurate personal data concerning them; the rectification request must include detailed information facilitating us to make the necessary corrections. They also have the right to request the erasure of their personal data from the data files providing that the data are no more needed for any purpose or that there are no legal obligations in effect concerning us regarding the processing or storing that data. When our processing of the personal data is based on a consent, the data subjects have the right to withdraw that consent at any time. The data subjects may also have the right to receive the personal data they have provided to us, and transfer that data to another controller. In accordance with applicable law there are some cases when the data subjects have the right to object to / restrict the processing of their personal data, too.

Any questions or remarks related to personal data processing or exercising the abovementioned rights can be emailed to the contact address shown in the Chapter 1.

Furthermore, the data subjects have the right to lodge a complaint regarding the processing of their personal data with the national supervisory authority, in Finland that is the office of the Data Protection Ombudsman whose contact details can be found at tietosuoja.fi/en/.

11 COOKIES

We use cookies in our website. Cookies are small text files that are sent to the browser by the website and stored in the computer. We use both temporary session cookies, which are deleted when the user closes the browser, and persistent cookies, which are saved to the computer’s hard drive.

Necessary functionality cookies include e.g., information related to the user’s login and preferences as well as website security. Optional cookies provide us with analytics and statistics about our website and allow us to examine and follow the interests of our visitors, thus helping us to develop our website. All the data collected by the cookies is anonymous. If the website visitors so wish, they may anytime modify their browser settings and block all cookies. The non-necessary cookies can also be avoided by modifying the browser settings and rejecting their usage.

12 UPDATES TO THIS PRIVACY NOTICE

We are constantly following the updates on data protection legislation and aspire to continuously develop our business. Thus, we reserve the right to modify or update this privacy notice whenever necessary.

This privacy notice has previously been checked / updated on 19 October 2023.