NORDIC LAW OY’S PRIVACY NOTICE

(updated on 27.4.2019)

This Privacy Notice describes Nordic Law’s practices when it processes personal data of its external data subjects. Thus, with this this Privacy Notice we provide you with the information Articles 13 and 14 of the GDPR require of us. We provide our personnel similar notices separately.

We have a unilateral right to modify this Privacy Notice. The modifications take effect immediately when we post the up to date version of our Privacy Notice to our website. 

1)    BASIC INFORMATION

Controller:                                                                        Contact person:

Nordic Law Oy                                                                 Max Atallah, Associate Lawyer, CIPP/E

0947087-7                                                                        +358 40 527 46 76, max.atallah@nordiclaw.fi 

Erottajankatu 5 A 6, 00130 Helsinki

2)    PERSONAL DATA PROCESSING ACTIVITIES
Purpose for processing
Legal basis for processing
 
Data subjects and personal data processed

(a)    Client relationships

 

 Contract

to perform the contracts to which we are a party

 

Clients: (i) contact details, (ii) data related to our relationship, (iii) other data disclosed to us

(b)    Business partner relationships

 

 Contract

to perform the contracts to which we are a party

 

Business partners and potential business partners: (i) contact details, (ii) data related to our relationship, (iii) other data disclosed to us

(c)    Direct marketing

 

 

 

 

 

 Our legitimate interest

to manage and develop our client relationships and further develop our business operations 

NB! You have a right to opt-out of direct marketing each time we provide marketing to you.

 

 

Clients and potential corporate clients: (i) contact details, (ii) data related to our relationship, (iii) other data disclosed to us

(d)    Recruiting

 

 

 

Our legitimate interest

to manage our jobseekers and possibly employ them 

NB! You have a right forbid us from processing your personal data.

 

 

Jobseekers: (i) contact details, (ii) data related to our relationship, (iii) other data disclosed to us, (iv) videos and pictures, (v) CV data

(e)    Managing of contacts and social                media

 

 

Our legitimate interest

to manage contacts made to us 

NB! You have a right forbid us from processing your personal data.

 

Contacts: (i) contact details, (ii) data related to our relationship, (iii) other data disclosed to us

(f)    Managing our newsletter

 

 

 Our legitimate interest

to manage newsletter subscriptions 

NB! You have a right forbid us from processing your personal data.

Subscribers: (i) contact details

(g)    Compliance with legal obligations

 

 Legal obligations

to comply with several legal obligations, e.g. KYC and AML/CTF

 

Clients and potential clients, business partners and potential business partners: (i) data related to our legal obligations

(h)    Cookies and other such                                technologies

 

Consent

Consent based on Act on Electronic Communications Services (917/2014)

Visitors of our websites: (i) IP addresses

 

 

3)    REGULAR SOURCES OF INFORMATION
Purpose for processing
Sources of information

See purposes (a), (c) and (g) above

(i) Data subjects themselves, (ii) Business partners, (iii) Courts and other authorities, (iv) Public sources, such as the internet, postal services, Trade Register and population register

See purpose (b) above

(i) Data subjects themselves, (ii) Business partners, (iii) Public sources, such as the internet, postal services, Trade Register and population register

See purpose (d), (e) and (f) above

(i) Data subjects themselves

See purpose (h) above

(i) Cookies and other such technologies

 

4)    DATA TRANSFERS

 We may transfer your personal data to third parties (e.g. to data storage service providers), as it is a part of normal business operations. When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers.

Your personal data may be transferred to our business partners, data storage service providers and communications services providers, accounting and auditing services providers and relevant authorities.

We may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses and Privacy Shield arrangements.

5)    PERSONAL DATA RETENTION PERIODS
Purpose for processing
Retention period

See purpose (a) above

Necessary data shall be retained for as long as it necessary for us to handle our client relationships.

See purpose (b) above

Necessary data shall be retained for as long as it necessary, taking into consideration our field of business.

See purpose (c) above

Necessary data shall be retained until you opt out of direct marketing or we have an impression that you no longer want to receive our direct marketing.

See purpose (d) above

Necessary data shall be retained for a period of twelve (12) months once we receive the relevant job application.

See purpose (e) above

Necessary data shall be retained for a period three (3) years following the last time you were in contact with us. And for social media contacts the data shall be retained for as long as you delete your personal data from our social media pages

See purpose (f) above

Necessary data shall be retained for as long as the data subject wants to receive our newsletter.

See purpose (g) above

Necessary data shall be retained for as long as we have a legal obligation to hold on to that data.

See purpose (h) above

Data retention period depends on each cookie and other technologies.

However, we may retain necessary data of the data subjects for longer than is described above, where we are required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason. We shall be careful not to apply this Section in vain.

We inspect the necessity of the personal data stored regularly and keep records of the inspections.

6)    DATA SUBJECTS’ RIGHTS

The data subject has a right to use all of the below mentioned rights.

The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.

Right
Description

Right to inspect

The data subject has the right to inspect what, if any, data the controller has stored of her/him.

Right to rectify and erasure            

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.

Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract.

Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law.

Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

Data subject shall also have the right to lodge a complaint with a competent supervisory authority, if the data subject considers that the processing of personal data relating to her/him infringes data protection laws.

7)    SECURITY OF PROCESSING
We use e.g. the following data security measures: (i) personal data access is limited; (ii) we protect data with anti-malware, antivirus and other such software; (iii) each category of data has been assigned with a responsible party; (iv) we use up-to-date and reliable systems and services to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (v) we use up-to-date and reliable systems and services to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (vi) we regularly assess and evaluate our personal data processing activities.