This policy describes the principles based on which I collect and process personal data related to the provision of digital marketing services. Although my customer base exclusively comprises businesses, organisations and entrepreneurs, I would not be able to run my business without a certain degree of personal data processing. Personal data includes names, email addresses, photographs and other information related to an identified or identifiable person.
FOR WHICH PURPOSES AND ON WHAT GROUNDS DOES NORDICCOPY COLLECT PERSONAL DATA?
I collect, store and process the personal data of my clients and personnel (incl. potential clients and applicants) for pre-determined purposes. I also ensure that I always have at least one set of lawful grounds for processing. The primary purposes of use and grounds for processing include:
OFFERING AND PROVISION OF MARKETING SERVICES FOR CLIENTS
- I collect and process personal data for the purpose of offering and delivering my services and to fulfil my contractual obligations.
- This includes standard customer management and contacts, project implementation, invoicing, debt collection and processing of feedback.
- I may also process clients I consider potential prospects.
In this regard, the lawful grounds for personal data processing are specifically the agreement between me and my client, the preparation measures for the agreement, and my legitimate interests.
MARKETING AND CUSTOMER COMMUNICATIONS
- I may process personal data in customer communications and in order to deliver messages to my clients about my services.
- I may also conduct customer satisfaction surveys, market research or other similar surveys.
- I process personal data for direct marketing purposes (incl. search engine advertising), to personalise advertising and content (incl. advertising in social media channels) and to form customer or user segments.
- On the basis of my legitimate interests, I may send you marketing messages by email. In restricted situations, I may also conduct electronic direct marketing based on your advance consent; I shall do so in any case, should the applicable law so require. However, you may withdraw your consent at any time. Even if marketing does not require consent, you have the right, at any time, to prohibit direct marketing targeted at you.
- I may use the services of third parties for marketing purposes, or disclose data in a restricted manner to my partners for the purposes or their marketing.
- I may publish client testimonials or cases based on your consent.
In this regard, the lawful grounds for personal data processing are specifically my legitimate interests and partially the consent given by the individual in question.
ANALYSIS OF SERVICES AND DEVELOPMENT OF my BUSINESS
- I aim to develop my services on a continuous basis. This requires analysis and tracking of the use of my services.
- I also process data for the purposes of improving service quality and ensuring data protection.
- I may use the services of third parties in analysing and tracking service usage.
In this regard, the lawful grounds for personal data processing are specifically my legitimate interests.
FULFILMENT OF LEGAL OBLIGATIONS AND OTHER LEGAL GROUNDS
- I may process personal data for the purpose of fulfilling my legal obligations (incl. bookkeeping, taxation, employment contracts legislation), for the establishment, exercise or defence of legal claims, for preventing and investigating fraud or whenever a court of law or competent authority so requires.
In this regard, the lawful grounds for personal data processing are specifically fulfilment of legal obligations and my legitimate interests.
RECRUITMENT AND HUMAN RESOURCE MANAGEMENT
- I process personal data in connection with job applications or recruitment and in handling standard human resource management duties. These include the fulfilment of obligations relating to employment contracts, payment of wages, taxation issues and the fulfilment of legal obligations relating to employment relationships.
In this regard, the lawful grounds for personal data processing are fulfilment of contractual obligations (employment contract) and fulfilment of legal obligations relating to employment relationships, in some cases also consent given by an employee or applicant.
WHICH PERSONAL DATA DOES NORDICCOPY COLLECT AND PROCESS?
Information concerning clients and potential clients, including:
- the name of the employing company, individual’s name, work role, telephone number, email address, time of joining the email list, location (based on the IP address), time zone, language, method of joining, data on opening of email, data on clicking of links in email, identifier identifying the user;
- information provided in connection with support and contact requests;
- information required for invoicing purposes; and
- marketing consents and bans.
Information concerning applicants and employees, including:
- contact information
- personal ID
- tax ID
- employment contract
- pay and information required for payment of wages
- information on absences due to illness
- contact information
- education, experience, qualifications and work history
- application and CV
- references and referees (subject to consent)
- LinkedIn profile data (for applicants, subject to consent)
- results of aptitude tests (participation in test subject to consent)
- physical examination of applicant during probation period and statement on work capacity
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
SOURCES OF PERSONAL DATA
CLIENTS AND POTENTIAL CLIENTS
I collect personal data relating to my clients and potential clients, particularly from the individual concerned. I also collect data relating to the use of my website through Google Analytics and Google Search Console. I may use tracking codes and advertising systems for the targeting of content and advertising (incl. remarketing) and to measure their efficiency (e.g. Google Adwords, Twitter, Facebook, and LinkedIn).
If you wish to prevent Google Analytics from collecting information about the pages you read, you can use the Google Analytics Opt-Out plugin. For blocking other tracking codes, you can use the Ghostery plugin, for example.
EMPLOYEES AND APPLICANTS
With regard to applicants and candidates, I mainly collect the personal data of applicants from the individual in person and, subject to consent, from other sources (including LinkedIn, references and possible personality and aptitude tests) and – for candidates – from public sources (such as LinkedIn), when seeking suitable potential employees for my organisation on my own initiative.
Concerning personnel, I mainly collect personal data from the individual in person and from other sources, subject to consent. Regarding personnel, I may process information generated otherwise during the employment relationship.
WHO PROCESSES PERSONAL DATA AND IS DATA DISCLOSED TO THIRD PARTIES?
Otherwise, I may disclose information should the law, a court of law or competent authority so require, for the defence of legal claims or for the preparation of such, or if the individual has given their consent to the disclosure of information. I may also disclose information if I am party to an acquisition or asset deal, or another business or corporate arrangement.
IS PERSONAL DATA TRANSFERRED OUTSIDE THE EU?
Personal data may be transferred outside the EU, particularly because data is saved and processed almost entirely in electronic form and some of the service providers I use for saving and processing data may be located in a non-EU country (the United States in particular). However, I always ensure that any transfer of personal data outside the EU is in compliance with adequate protection, as required by data protection legislation. Primary options include (1) transfer to a country with adequate data protection safeguards approved by the EU Commission, (2) transfer of data to companies certified under the EU-US Privacy Shield (transferees based in the United States), or (3) use of the European Commission’s Standard Contractual Clauses.
HOW LONG WILL PERSONAL DATA BE STORED?
I will not store personal data any longer than necessary in view of the purpose in question, or as required by law or an agreement. Personal data can be erased whenever the individual in question withdraws their consent or requests erasure of the personal data (and I have no other legal basis for processing). Due to technical reasons, data may, however, be saved in my backup copies to a certain extent and for a limited period. Data storage periods may be governed by legislation (e.g. bookkeeping, Employment Contracts Act) and periods related to presenting legal claims (e.g. limitation periods). If necessary, I may update or erase outdated or incorrect data.
The storage period of applicant data is 24 months.
HOW IS PERSONAL DATA STORED AND PROTECTED?
MANDATORY DISCLOSURE OF DATA AND CONSEQUENCES OF NON-DISCLOSURE
Disclosure of personal data is voluntary, particularly regarding potential clients and applicants. Insufficient data may, however, impact on the processing of a job application by us, or the contacting of a potential client.
In some respects, disclosure and processing of personal data is mandatory in a customer relationship in order to fulfil agreements, to enable us to ensure that individuals signing contracts on behalf of my corporate clients are competent and eligible to do so, and in order for us to fulfil my contractual obligations and, on the other hand, exercise my legal rights.
In an employment relationship, Ineed personal data to fulfil my obligations under employment contracts and the law.
YOUR RIGHTS AND INFLUENCE
Right to withdraw consent. If I process your personal data based on your consent, you have the right to withdraw your consent at any time by informing us that you wish to do so, for instance by contacting us using the contact information mentioned above.
Right of access to personal data and requests for verification. You have the right to receive confirmation from us on whether I process personal data concerning you, and the right to know which items of your personal data I process. In addition, you have the right to receive complementary information concerning the basis for processing your personal data.
Right to have inaccurate personal data rectified. You have the right to request that Irectify any incorrect, outdated or otherwise inaccurate personal data concerning you.
Right to ban direct marketing. Even if Ido not process your personal data for direct marketing purposes based on consent, at any time you can prohibit the processing of your personal data for direct marketing purposes, for instance by contacting us using the contact information mentioned above.
Right to object to processing. If I process your personal data on the basis of a public interest or my legitimate interests, you have the right to object to the processing of your personal data in so far as no compelling legitimate grounds for processing exist which override your rights, or the processing is not necessary for the establishment, exercise or defence of legal claims. Please note that in such cases, I will probably not be able to serve you any further.
Right to restrict processing. In certain situations, you have the right to demand that Irestrict the processing of your personal data.
Right to data portability. If I have processed your personal data on the basis of your consent, or in order to fulfil an agreement, you have the right to receive any personal data, electronically in a commonly used format, which you have submitted to us, in order to transmit the data to another service provider.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise the rights mentioned above by contacting us, using the contact information mentioned above. Imust use reasonable means to verify your identity. If you consider the processing of your personal data unlawful, you may file a complaint with the competent supervisory authority (Data Protection Ombudsman).
COOKIES ON THE NORDICCOPY WEBSITE
Cookies are short text files that the web server saves in the user’s mobile device or computer when visiting the website. When you visit my website again, cookies are recognised by sending them back to my website or another service provider I use. Cookies enable us, for instance, to identify the user’s device when returning to the website in order to modify the content or advertising, analyse website usage, remember your subjects of interest and the choices you make, and improve the user experience on my website in other ways.
Cookies usually include data that does not facilitate the identification of a certain individual or website user. If, however, you are a registered user of the website and the automated marketing software recognises you as a user, or I have personal data concerning you otherwise, it may be possible to link the data collected through cookies with such data.
HOW TO CONTROL COOKIES
Cookies are managed through the settings of web browsers and most browsers allow cookies. You can prohibit cookies in your browser settings, or empty or remove cookies from your browser from time to time. By emptying cookies from time to time, you will affect the identifier according to which a profile is formed on the use of your device. Cookie settings can usually be modified in the browser’s Settings menu or by modifying the browser settings by switching them to ‘private’ mode, which prevents the browser from saving any cookies when visiting websites. Please note, however, that if you modify the cookie settings, you may affect or restrict the functionality of the website. This applies not only to my website, but others as well.
THIRD PARTIES’ COOKIES ON MY WEBSITE
I use third party cookies on my website, in particular to analyse, track and develop the use of my website, and to target and display advertising, marketing and content in my service or that of third parties.
Key third parties relating to the use of my website, which may place cookies on your terminal device, include Google Analytics, Google Tag Manager, Facebook, Instagram, Twitter, Klaviyo and Google Adwords, as well as other similar service providers or advertising networks. Here, you can manage the way Google Adwords targets marketing. Some of the service providers in question may save data or be located outside the European Union. Further information on these service providers’ cookie and data protection policies is available in the privacy policies of the services in question. I am not responsible for the processing of cookies and other data via these services.