Customer and Marketing Register Privacy Statement

GENERAL

This privacy policy was originally written in Finnish and has been translated into English. In case of any discrepancies, the Finnish version shall prevail.

This privacy policy describes how Nive Information Technology Oy (“Nive” or “data controller”) processes personal data. The privacy policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.

We comply with applicable data protection legislation in all personal data processing. Data protection legislation refers to the current data protection laws, such as the General Data Protection Regulation (2016/679) of the European Union and the Finnish Data Protection Act (5.12.2018/1050). Concepts related to data protection that are not defined in this privacy policy are interpreted in accordance with data protection legislation.

Our services and website may also contain links to external websites and services operated by other organizations. This privacy policy does not apply to their use, so we encourage you to review their respective privacy policies separately.

“Personal data” refers to all information concerning natural persons (“data subjects”) from which a person can be directly or indirectly identified, as more precisely defined in the General Data Protection Regulation.

DATA CONTROLLER AND DATA PROTECTION OFFICER

Data Controller: Nive Information Technology Oy
Business ID: 3191903-6
Address: Ojavainiontie 10 C 12, 90420 OULU
Email: info@nive.fi

Contact Information of the Data Protection Officer:
+358 40 5544837
pekka.korpela@nive.fi

PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

The purposes (and in parentheses the legal bases) for processing personal data are:

Delivery of products and services, making customer agreements, and handling orders (contractual relationship or its preparation)
Development of the data controller's products and services (legitimate interest)
Development of websites and electronic services (consent)
Customer service and communication, as well as customer satisfaction surveys (legitimate interest)
Invoicing, credit decisions, and debt collection (legitimate interest)
Marketing, including market research, other marketing promotion and analysis, as well as producing statistics and measuring marketing effectiveness (legitimate interest)
Direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
Management of stakeholder relationships, as well as cooperation with subcontractors and service providers (legitimate interest, contractual relationship or its preparation)
Improving the user experience of our website and other services, and monitoring user traffic (consent)
Internal reporting and other administrative measures (compliance with a legal obligation)
Handling warranty and liability issues, as well as handling complaints and legal and administrative proceedings (compliance with a legal obligation)
Preventing and investigating misuse, and ensuring the security of data, individuals, and property (legitimate interest)
Fulfilling other statutory obligations (e.g., accounting and tax-related actions) and reporting obligations

When we process personal data based on legitimate interest, we assess the benefits and potential harms of the processing for the data subject and have determined that the rights and interests of the data subjects do not override the legitimate interest. We provide additional information on the processing of personal data based on legitimate interest upon request.

PROCESSED PERSONAL DATA AND DATA SOURCES

Data Group	Examples of Data Content
Identification and contact information*	Customer's and/or representative's name, address, phone number, email address, and position in the company.
Information related to products and services, their orders, and billing*	Information about processed orders, order delivery times, billing information, and information related to agreements.
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject	Contact information for marketing purposes, and information collected in connection with events and occasions. Consents and prohibitions related to direct marketing.
Information on the use of websites and other electronic services	IP address, electronic communication identification data, search and browsing data, browser and operating system information, and registration information*
Information related to customer communication	Information related to customer communication and complaints*, such as sent and received messages.

* The marked data is necessary.

We collect personal data directly from the data subject, for example, during transactions, or when the data subject purchases or orders our products or services either personally or on behalf of the organization they represent, or during registration, when the data subject visits our website or other electronic services, subscribes to our newsletter, responds to a customer satisfaction survey, or otherwise contacts us.

We also receive personal data from other external sources, such as organizational contact information from websites or address registers.

RETENTION OF PERSONAL DATA

We retain personal data for as long as necessary to fulfil the purposes defined in this privacy policy and always for the duration required by law. For example, based on the Accounting Act, we retain data for 6 years from the end of the fiscal year. We retain information related to customer relationships and orders for the duration of the active customer relationship, and thereafter for 24 months. After the purpose of use has ended, personal data will be deleted or anonymized within a reasonable time.

We provide additional information on personal data retention practices upon request.

RECIPIENTS OF PERSONAL DATA

Various service providers and other third parties may be used in the processing of personal data, such as providers of technical solutions or server space, or providers of accounting and financial management services. We ensure that the necessary agreements required by data protection legislation are in place with the parties we use for personal data processing.

Personal data may be disclosed to third parties in situations mandated by law or authorities, or to investigate misuse and ensure security. Additionally, personal data may need to be disclosed in connection with legal proceedings or similar legal processes.

If the data controller is involved in a merger, business acquisition, or other corporate restructuring, personal data may be disclosed to the parties involved in the arrangement or to those assisting with the arrangement.

We provide additional information on the recipients of personal data upon request.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Service providers involved in the processing of personal data may be located outside the European Union or the European Economic Area, or they may transfer personal data to so-called third countries. When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data, among other things, by agreeing on matters related to the processing of personal data in the manner required by data protection legislation, such as using the standard contractual clauses approved by the European Commission or based on the European Commission's adequacy decision. Data is transferred to the following recipients:

Microsoft
Google
Mailchimp (Intuit)

We provide additional information on personal data transfers and the protection mechanisms used upon request.

AUTOMATED DECISION-MAKING, PROFILING, AND USE OF ARTIFICIAL INTELLIGENCE

We do not use automated decision-making, nor do we profile our customers. We do not process our customers' personal data using artificial intelligence.

PROTECTION OF PERSONAL DATA

Data security and the protection of personal data are of paramount importance to us. We use appropriate technical and organizational safeguards to protect personal data. We also ensure the fault tolerance of our systems and the ability to recover data. Access to personal data is restricted to authorized individuals only. Parties processing personal data are bound by confidentiality obligations regarding the processing of personal data.

RIGHTS OF DATA SUBJECT

Data subjects have rights to their personal data as provided by data protection legislation. However, the applicability of these rights in each individual situation depends on the purpose and context of the use of personal data.

Right to Access Personal Data: The data subject has the right to obtain confirmation as to whether their personal data is being processed and other information required by data protection legislation about the processing of their personal data. The data subject has the right to receive a copy of their personal data.
Right to Rectify Personal Data: The data subject has the right, with certain limitations, to request the correction or deletion of incorrect or inaccurate information.
Right to Erasure of Personal Data: The data subject has the right, under the conditions required by data protection legislation, to request the deletion of their personal data. Upon request, we will delete the personal data unless legislation or another applicable exception under data protection legislation requires us to retain the personal data.
Right to Restrict Processing:. The data subject has the right, under the conditions required by data protection legislation, to request the restriction of the processing of their personal data in certain situations.
Right to Transfer Personal Data:The data subject has the right to request the transfer of their personal data to another data controller. The right to data portability generally applies to personal data that the data subject has provided to the data controller in a structured and machine-readable format, and where the processing is based on the data subject's consent or a contract, and/or where the processing is carried out automatically.
Right to Object to Processing:The data subject has the right, under the conditions required by data protection legislation, to object to the processing of their personal data based on legitimate interests, including profiling. We may refuse the request if there is a compelling and justified reason for the processing that overrides the data subject's interests, rights, and freedoms. However, the data subject always has the right to object to the processing of their personal data for direct marketing purposes and related profiling.
Right to Withdraw Consent:If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw their consent to the processing of their personal data. The withdrawal of consent does not affect the processing carried out before the withdrawal.

EXERCISING RIGHTS

We encourage you to contact us if you have any questions regarding the processing of your personal data.

You can submit a request concerning the rights of the data subject using the contact information provided in this privacy policy.

The identity of the requester may be verified before processing the request. The request will be responded to within a reasonable time, and generally within one month from the submission of the request and verification of identity. If the request cannot be granted, the refusal will be communicated separately.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The data subject has the right to lodge a complaint with the competent data protection authority if the data subject believes that their personal data has been processed in violation of data protection legislation.

You can find the contact information for the Finnish data protection authority here.

CHANGES TO THE PRIVACY POLICY

This privacy policy may need to be amended from time to time. Changes may also be based on changes in data protection legislation. Therefore, we encourage you to regularly review the privacy policy to detect any changes. The latest version is available on our website.

This privacy policy was published on 07/05/2025.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.