Privacy Notice


With this Privacy Notice we provide you information on why and how we process your personal data in our business activities.

We process your personal data for the following purposes in our business activities:

  • Client relationships
  • Business partner relationships
  • Marketing
  • Recruiting
  • Communication
  • Legal obligations
  • Cookies

The controller of your personal data is Nordic Law Oy (Business ID: 0947087-7), which is located at Erottajankatu 5 A 6, 00130 Helsinki.

The contact person of the controller is Max Atallah, Senior Associate Lawyer, CIPP/E, +358 40 527 46 76, max.atallah@nordiclaw.fi.

Privacy notice means a document drawn up in accordance with Articles 13 and 14 of the EU General Data Protection Regulation, through which the controller informs data subjects of the ways their personal data is processed.

Controller means the party responsible for processing the personal data of the data subject.

Data subject is a term for a human being in accordance with data protection laws.

Personal data means any information concerning the data subject or information by which the data subject can be identified.

Purpose for processing means the reason why the controller processes the data subject’s personal data.

Legal basis for processing means the legal ground on which the controller processes the data subject’s personal data. The lawfulness of processing is described in Article 6 of the GDPR.

We process your personal data in accordance with the processing purposes listed below. In the sections on processing purposes, you will find information on what personal data we process and on what legal basis we process your personal data.

Client relationships

We process our clients’ personal data for purposes related to the performance of client relationships. For these purposes we process contact details, personal data related to the performance of the client relationships, and other personal data disclosed to us.

The legal basis for processing is the performance of our contractual obligations.

Business partner relationships

We process our business partners’ and potential business partners’ personal data for business partner relationship purposes. For these purposes we process contact details, personal data related to the relationship, and other personal data disclosed to us.

The legal basis for processing is the performance of our contractual obligations.

Marketing

We process our clients’ and potential clients’ personal data for marketing purposes. For these purposes we process contact details, personal data related to the relationship, and other personal data disclosed to us.

The legal basis for processing is our legitimate interests, according to which we implement, establish, and develop our client relationships’ and business activities.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Recruiting

We process the personal data of job applicants for recruiting purposes. For these purposes we process contact details and other personal data disclosed to us, such as videos, pictures, and CV information.

The legal basis for processing is our legitimate interests, according to which we manage job applications sent to us.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Communications

We process the personal data of people who contact us for communication purposes. For these purposes we process contact details and other personal data disclosed to us.

The legal basis for processing is our legitimate interests, according to which we manage our communication.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

Legal obligations

We process the personal data of all our data subjects for purposes related to our legal obligations. For these purposes we process personal data as demanded by law.

The legal basis for processing is our legal obligations, which descend e.g. from the Finnish Act on Detecting and Preventing Money Laundering and Terrorist Financing (444/2017).

Cookies

We process IP address data of the people who visit our website for purposes concerning the use of cookies.

The legal basis for processing is consent given in accordance with the Finnish Act on Electronic Communications Services (917/2014).

We collect your personal data from different sources, depending on our purposes for processing personal data.

Client relationships, Business partner relationships, Marketing, Communication, and Legal obligations

We collect your personal data for these purposes from yourself, our business partners, the authorities, and different public sources, such as the trade register.

Recruiting

We collect your personal data for this purpose only from yourself.

Cookies

We collect your personal data by using cookies.

We may transfer your personal data to third parties (e.g. data storage service providers) as a normal course of our business. When doing so, we ensure that the transfers are carried out in a secure way considering data security, and that adequate data protection agreements are concluded.

We may transfer your personal data to our business partners, data storage and communication service providers, accounting and auditing service providers, as well as to authorities.

We may also transfer personal data to third countries. When doing so, we ensure an adequate level of data protection, e.g. by using standard contractual clauses issued by the European Commission, and other similar arrangements.

The retention period of your personal data depends on the purposes for which we process your personal data. We inspect the necessity of the retained personal data regularly and keep records of the inspections.

Client relationships

We retain personal data for as long as it is necessary considering our field of business and the client relationship.

Business partner relationships

We retain necessary personal data for as long as it is necessary considering our field of business.

Marketing

We retain necessary personal data until you notify us that you no longer wish to receive marketing (i.e. opt out), or when we find out that you no longer wish to receive marketing.

Recruiting

We retain the necessary personal data for a maximum of twelve (12) months from the receival day of the job application.

Communications

We retain the necessary personal data for three (3) years after the contact. We retain information on our social media channels until individuals remove their information from the channels.

Legal obligations

We retain personal data for as long as we are demanded by law.

Cookies

The retention period depends on each cookie used.

You may be entitled to use the below listed data protection rights. The contacts concerning the rights shall be submitted to the controller’s contact person in writing. Your rights can be put into action only after you have been satisfactorily identified.

You may also have a right to lodge a complaint to the supervisory authority, if you think that the processing of your personal data infringes the data protection laws.

Right to inspect

The data subject has a right to inspect what data the controller has stored of him/her.

Right to rectify and erasure

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

Right to restriction of processing

The data subject can request the controller to restrict the processing of personal data concerning the data subject on the grounds provided by law.

Right to data portability

The data subject shall have a right to receive the personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format, if the processing is based on consent or an agreement between the controller and the data subject and the processing is performed automatically.

Right to object

If personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him/her for such marketing.

If personal data is processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning him/her for such purposes in accordance with the law.

Right to object automated individual decision-making, including profiling

The data subject shall have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

Right to withdraw consent

If the legal basis for the processing of personal data is consent given by the data subject, he/she shall have the right to withdraw his/her consent.

We may unilaterally amend this privacy notice. We update the privacy notice as necessary, for example, when there is a change in legislation. Amendments to this privacy notice will take effect immediately when we post an updated version on our website.

If we make significant changes to the privacy notice, or if there is a significant change in the way it is used, we will notify the data subjects.

(Last update 20.10.2020)