EU General Data Protection Regulation (GDPR) 2016/679, articles 12, 13, 14 and 19
1. Keeper of the register
Name: Nordic BIM Group AB
Address: Annankatu 25 apt. 61, 00100 Helsinki
Phone: 020 741 9700 (switch)
2. Name of the register
Nordic BIM Group AB's customer and marketing register
3. Purpose of processing personal data
The purpose of the register is to manage Nordic BIM Group AB's customer relations, implement services, organize customer events and training, marketing, acquire new customers, and develop the business.
4. Basis for processing personal data
The processing of personal data is based on contracts and legitimate interest.
5. Description of the legitimate interest of the keeper of the register
The legitimate interest of the keeper of the register is based on a customer or similar relationship between the keeper of the register and the data subject. The keeper of the register shall ensure that the interests and the rights of the data subject are carefully evaluated.
6. Data content of the register
The register contains the following information:
• contact information (first and last name, address, phone number and e-mail address)
• the person's position in the organization, and the name, address and other contact information of the organization
• customer relationship information such as billing and payment information, product and order information, customer feedback and contacts, lottery and competition response information, and cancellation information
• registration and participation in events and training
• information about newsletter subscriptions
• ban on direct marketing.
7. Regular sources of information
Information about the customer is collected regularly:
• from the customer itself by telephone, via the internet, e-mail or other similar means
• through the download of trial versions of software sold by Nordic BIM Group AB.
8. Regular disclosure of information
Information is not regularly disclosed outside Nordic BIM Group AB. Information may be transferred or disclosed to Nordic BIM Group AB's partners if it is necessary to provide services (processing is based on a legitimate interest). Some of the personal data is processed in outsourced systems. In collaborative training, register information may also be transferred to a training partner.
9. Data transfer outside the EU or the EEA
Customer information is transferred outside the EU or EEA region if this is necessary for the technical implementation of the processing of personal data. The information transferred is related to e-mail marketing.
10. Register security principles
A. Manual material
Documents (e.g. related to accounting material) is stored in a locked room protected from externals.
B. Electronically stored data
Only employees who have the right to process personal data for their work are entitled to use the customer information containing system. The access to the workspaces is controlled by identification badges. The information is collected in databases that are protected by firewalls, passwords, and in other technical ways.
11. Storage period of personal information
Personal data is stored only for as long as necessary. The personal data in the register is stored at least for the duration of the customer's customer and contractural relationship. Outdated information is regularly deleted from the register.
12. Rights of the data subject
Customers have the right to
• view their personal data
• correct the data
• the deletion of data (when a consent is the basis for processing, or there is no legal basis for storage)
• restrict processing (contradiction of the validity of data or illegitimate processing)
• resist processing (direct marketing or other processing on the basis of a legitimate interest)
• withdraw their consent
• transfer data from one system to another (automatic processing)
• obtain information about a personal data security breach.
If a person wants to use his or her rights or get more information about the processing of his or her personal information, he or she may contact the keeper of the register mentioned in this document.
The person also has the right to lodge an appeal to the supervisory authority, if he or she considers that the processing of personal data concerning him or her breaks the applicable data protection rules.