1. Purpose of privacy statement
Nanocomp is committed to protecting privacy and personal data and processes personal data in accordance with the EU Directive 95/46/EC (General Data Protection Regulation, GDPR), the Finnish Personal Data Act (523/1999) and other applicable personal data legislation.
This privacy statement provides information on the processing of data subject’s personal data by Nanocomp and its employees, partners, subsidiaries and affiliates. Nanocomp may do updates to this privacy statement from time to time associated with development of it’s business operations or changes in applicable laws. The updated privacy statement can be found on Nanocomp website.
2. Data controller and contact information
The controller is Nanocomp Oy Ltd. Data may be disclosed to other companies of Nanocomp corporation in accordance with customer contracts to provide products or services and carry out business operations.
Nanocomp Oy Ltd
FI-80710 Lehmo, Finland
Tel. +358 (0)50 463 6970
Business ID 1083600-4
3. Sources of personal data
Personal data can be received mainly from data subjects when they contact Nanocomp, from orders of products or service and may also be acquired from public sources (for instance corporate websites) or official registers (for instance, the trade register). The controller may also collect personal data from events and from it’s website visitors with Google Analytics or other similar analytic tools.
Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the website and to compile statistical reports on website on website activity. You have the option to disable cookies if you choose.
In principle, you can also access all the information on our web pages if you have disabled cookies. In case you do not accept cookies, this can lead to a limitation of functionality.
5. Basis and purpose for processing personal data
The controller always has a legal basis to process personal data. It collects, stores and processes personal data only for predefined purposes. The main purposes for processing personal data are:
- fulfilling legal obligations
- stakeholder communications
- fulfilling contractual obligations
- responding to contact requests and inquiries
- development of business and
- targeting services
6. The personal data registers and data content of them
The personal data is stored in the registers.
a) The customer and marketing register:
The primary purpose of the register is taking care of customer relationships or sales and marketing measures related to business operations. Personal data is processed for providing products and services, sales and invoicing, investigating possible complaints and other claims.
Personal data is also used to contact potential and current customers for purposes such as sending the customers notifications and news, event invitations, in surveys and market research as well as in direct marketing and electronic direct marketing. Processing personal data is based on the customer relationship between the controller and customer, the customer’s consent, customer assignment or another appropriate connection. The data subject has the right to forbid all the direct marketing directed at them.
The controller processes the personal data itself and can use partners for and on the behalf of the controller.
The following data may be stored and processed: personal data, such as name, job title, employer’s address information, telephone number, e-mail address, and the name of the company the person represents. The background data related to sales and data related to contacting the customer as well as purchase and order history can also be stored.
7. Retention period of personal data
The controller does not store personal data for longer period than is necessary for its purpose or required by contract or law. The storage times for personal data may vary based on its purpose and the situation. Data files that are no longer necessary are deleted or made anonymous.
8. Data transfers outside the European Union or European Economic Area
Personal data may be transferred to locations outside the EU/EEA area if required by the service or production. In these cases, data privacy is ensured in accordance with data privacy legislation and other regulations.
9. Register protection principles
Personal data has been protected in accordance to the GDPR directive and applicable personal data legislation. Only authorised employees or partners may access digital material using their personal login credentials. There are different levels of access rights, and each user is granted sufficient rights for their work but in an as limited manner as possible.
Any possible manual material is stored in locked premises where only designated people may access when it is necessary for their work.
10. The rights of data subject
According to the General Data Protection Regulation (GDPR), data subjects of our person registers have special rights.
a) Data subject’s right of access (right to inspection)
The data subject has the right to inspect what data about them is stored in the register. The right to inspection may be rejected based on legal grounds. Primarily, using the right to inspection is free.
b) Data subject’s right to rectification, erasure or restriction of processing
The data subject has the right to rectify the data about them. The data subject also has the right to demand the controller to restrict the use of their personal data, for instance, in a situation in which the data subject is awaiting a reply to their request concerning the rectification or erasure of their data.
c) Data subject’s right to data portability
For the parts that the data subject has provided data to the customer register and the data processed based on the data subject’s consent or assignment, the data subject has the right to receive this kind of data primarily in a machine-readable format. The data subject also has the right to transfer this data to another controller.
d) Data subject’s right to lodge a complaint with the data protection authority
The data subject has the right to lodge a complaint to the competent data protection authority if the controller has not complied with the applicable data protection regulations in their operations.
e) Other rights
If personal data is processed based on the data subject’s consent, the data subject has the right to revoke their consent by notifying us.
As processing of personal data is necessary for the controller to be able to provide data subjects with services and products, it should be noted that revoking the consent to store and process personal data may lead to a situation where the controller cannot provide some or all it’s services and products.
11. Contact Information