Privacy policy

 

 

Nordic BIM Group is committed to protecting your privacy and your personal data. This policy explains what personal data we collect, why we process it, who we share it with and what rights you have. It applies to our websites, our products and services, our events and training, and our day-to-day business contact with customers, suppliers and partners.

Because Nordic BIM Group operates through a separate company in each Nordic market, the data controller responsible for your personal data depends on which country you deal with. The controller for your market is listed in the section "Who is responsible for your data" below.

 

Who is responsible for your data

The data controller is the company you are a customer of, or the company whose website, event or service you are using. Contact details and the relevant supervisory authority for each market are below.

Norway Nordic BIM Norway AS, Org. no. 863 355 052 Fridtjof Nansens vei 17, 0369 Oslo, Norway Phone +47 21 55 58 00 Supervisory authority: Datatilsynet (datatilsynet.no)

Sweden Nordic BIM Sweden AB Org. no. 556552-9616 Linnégatan 87B, 115 23 Stockholm, Sweden Phone +46 10 17 22 100 Supervisory authority: Integritetsskyddsmyndigheten, IMY (imy.se). 

Finland Nordic BIM Finland Oy,  Business ID (Y-tunnus) 2959032-3 Uudenmaankatu 16-20 K 3, 00120 Helsinki, Finland Phone +358 20 741 9700 Supervisory authority: Office of the Data Protection Ombudsman, Tietosuojavaltuutetun toimisto (tietosuoja.fi)

We have not appointed a Data Protection Officer, as our processing does not require one under the GDPR.  For any privacy question, contact the controller for your market using the details above.

 

What personal data we collect

We collect only the data we need for the purposes described below. Depending on your relationship with us, this can include:

Contact and identity data such as first and last name, your role and organisation, business address, phone number and email address.

Customer relationship data such as billing and payment details, product, licence and order information, support enquiries, feedback and competition or campaign responses.

Event and training data such as your registration and attendance for our events, webinars and courses.

Marketing data such as your newsletter subscription status and any direct-marketing preferences or opt-outs.

Website and usage data such as how you move through our sites and use our services, collected through cookies and similar technologies (see "Cookies and tracking").

We do not collect national identity numbers, dates of birth or personal payment-card details through our websites.

 

Where we get your data

We collect personal data in the following ways:

Directly from you, by phone, email, our websites, forms or other similar contact.

When you download a trial version of software we sell.

Automatically, through cookies and similar technologies when you visit our websites.

In limited cases we may supplement our records with publicly available business contact information, for example a person's professional role at a company. 

 

Why we process your data and our legal basis

 

Purpose Legal basis (GDPR Art. 6)
Managing the customer relationship and delivering products, services, licences and support Performance of a contract, and our legitimate interest in serving customers
Business contact and correspondence with contacts at customers, suppliers and partners Legitimate interest in effective business cooperation
Entering into and administering agreements Legitimate interest, and performance of a contract
Organising and following up events and webinars Legitimate interest in administering the event
Administering training and course participation Performance of a contract, and legitimate interest
Sending newsletters and relevant marketing Consent, or legitimate interest for existing customers under the soft opt-in for similar products and services
Handling support enquiries Legitimate interest, and performance of a contract
Website analytics and advertising Consent, given through the cookie banner
Meeting accounting, tax and other legal obligations Legal obligation

 

The marketing basis follows the soft opt-in for existing customers and consent for everyone else, which is the common position across NO, SE and FI. 

 

Cookies and tracking

Our websites use cookies and similar technologies. Cookies are small text files placed on your device when you visit a site. We use them to make the site work, to recognise returning visitors, to understand how the site is used, and to deliver and measure marketing.

Essential cookies are needed for the site to function. We only set analytics and advertising cookies after you give consent through our cookie banner, and you can change or withdraw your choice at any time through the cookie settings link in the footer. Some advertising partners rely on legitimate interest where permitted, which you can also object to in the banner.

We work with the following third-party vendors through our consent banner. Some operate on the basis of legitimate interest and some only with your consent:

Vendors that may rely on legitimate interest: Delta Projects AB, Google Advertising Products and LinkedIn Ireland Unlimited Company.

Vendors used only with your consent: Global Media Group Services Limited and Microsoft Advertising.

Google Ad Tech vendors, used only with your consent: Meta, Cloudflare, Kobler, Vimeo and other advertising technology providers listed in the banner.

HubSpot also sets cookies for our web analytics, marketing and support.

The complete and always-current list of vendors, together with each vendor's purpose and legal basis, is shown in the cookie banner, which is the authoritative source. You can manage your choices there at any time.

 

Who we share your data with

We do not sell your personal data. We share it only where necessary, with:

IT and system suppliers who host and run our systems, under data processing agreements.

HubSpot, which is our CRM and also processes data for marketing, newsletters and support.

Our ERP and invoicing systems, Finago and Netbaron, used for orders, billing and accounting.

Advertising and analytics providers, where you have consented or, where permitted, on the basis of legitimate interest. These are the vendors listed in "Cookies and tracking" and the cookie banner, and include Google, Meta, LinkedIn and Microsoft.

Training partners, where you attend a jointly delivered training, and your employer, where we confirm completed training.

Where we use a supplier to process personal data on our behalf, we have a data processing agreement in place. 

 

International transfers

We aim to keep your personal data within the EU/EEA. Some processing involves transfers outside the EU/EEA, in particular through certain advertising, analytics and cloud providers based in the United States. Where that happens, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, and on the EU-US Data Privacy Framework where a provider is certified under it. 

 

How long we keep your data

We keep personal data only for as long as necessary for the purpose it was collected for, or for as long as required by law.

Customer relationship data is kept for the duration of the customer or contractual relationship, plus any period needed to handle disputes.

Accounting and invoicing records are kept for the statutory bookkeeping period in each country, which is five years in Norway, seven years in Sweden and six years in Finland. 

Newsletter data is kept until you unsubscribe, or until we are told the address is no longer active.

Event data is kept until the event has taken place and for up to twelve months afterwards for follow-up.

We review and delete outdated data regularly.

 

How we protect your data

We use appropriate technical and organisational measures to protect personal data. Only employees who need access for their work are authorised to handle it. Systems are protected by firewalls, passwords and other technical measures, access to our premises is controlled, and physical documents are kept in locked, protected storage.

 

Your rights

Under data protection law you have the right to:

Access the personal data we hold about you.

Have inaccurate data corrected.

Have your data erased, where there is no lawful basis to keep it.

Restrict or object to our processing, including objecting to direct marketing.

Data portability, for data you have provided and that we process by automated means.

Withdraw your consent at any time, where processing is based on consent.

Be informed about a personal data breach affecting you.

To exercise any of these rights, contact the controller for your market using the details above. You also have the right to lodge a complaint with your supervisory authority (Datatilsynet in Norway, IMY in Sweden, the Office of the Data Protection Ombudsman in Finland).

 

Changes to this policy

We may update this policy from time to time. The current version is always available on our website, and the "last updated" date at the top shows when it was last changed.

 

Contact

For any question about how Nordic BIM Group handles your personal data, or to exercise your rights, contact the controller for your market using the details in "Who is responsible for your data".