Privacy Policy
This policy also applies to the parent company, Norex International. Last updated April 20, 2022.
1. DATA CONTROLLER
Norex Selected Brands Oy (Business ID: 0954463-7)
Piispansilta 9 B, 3rd floor
02230 Espoo
2. CONTACT PERSON FOR REGISTRY MATTERS
Tea Haaranen
Phone: +358 50 5122 402
Email: gdpr@norex.fi
3. NAME OF THE REGISTER
Norex Selected Brands Oy customer register
4. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We collect and process only personal data that is necessary for conducting our business, managing customer relationships, and for appropriate commercial purposes.
We process your personal data for the following purposes:
Providing services and/or products and managing customer relationships
We process personal data to provide and deliver our products and services to you or the company you represent. To do so, we maintain and manage the customer relationship between you or the company you represent and us. In this case, the processing of personal data is based on the agreement between you or the company you represent and us.
Marketing
We contact you to inform you about new products or to market and sell other products or services to you, as well as to invite you to events we organize. We may also process your personal data for marketing research and customer surveys. The processing of personal data is based on our legitimate interest in providing information as part of our service and marketing other products and services to you. You have the right at any time to object to the processing of your personal data for direct marketing purposes (see section 9 of this policy).
Service development, data security, and internal reporting
We process personal data to ensure the data security of our service and website, to improve the quality of our service and website, and to develop our service. We compile internal reports based on personal data for management use to properly manage our business. In these cases, the processing of personal data is based on our legitimate interest in ensuring the appropriate data security of our service and website, and in obtaining sufficient and appropriate information for service development and business management.
Compliance with laws
We process your personal data to fulfill our legal obligations or to respond to legally based information requests from authorities.
Other purposes to which you have consented
We also process your personal data for other purposes if you have given your consent to such processing.
5. DATA CONTENT AND SOURCES OF THE REGISTER
We collect and process personal data that
• you have provided to us when you contact us or do business with us, for example, when you purchase our products or use our services, subscribe to our newsletter, or contact us to request a quote or information;
• is generated during visits to the website;
• is obtained from other sources, to the extent permitted by applicable laws, such as Valvira, the Trade Register, the Population Information System, or the Business Information System.
You are not required to provide us with your personal data, but if you choose not to, we may not be able to provide our service to you.
We collect and process the following categories of personal data:
• basic information, such as name, your relationship to the company you represent, and contact details;
• customer relationship information, such as service and order information, payment information, billing information, Valvira license number, marketing permissions and prohibitions;
• customer contacts and related correspondence, as well as records concerning data subject rights;
• personal data generated in connection with the use of our service or information collected during the use of our website through cookies or similar technologies; and
• other information defined on a case-by-case basis based on your consent.
6. TRANSFERS AND DISCLOSURES OF PERSONAL DATA
We disclose personal data to third parties:
• for Finnish authorities when they so require.
• when our partners process personal data on our behalf and according to our instructions. We always ensure the appropriate processing of your personal data;
• if we are involved in a merger, corporate reorganization, or sale of a business or part thereof;
• when we believe that disclosure is necessary to enforce our rights, protect your or others' safety, investigate abuse, or respond to a request from an authority; and
• with your consent to parties covered by the consent.
7. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU OR EEA
We may transfer personal data outside the EU or the European Economic Area when a partner handling an assignment is located outside these areas. In these cases, we ensure appropriate safeguards to ensure the rights and freedoms of data subjects in accordance with applicable data protection legislation, such as the EU General Data Protection Regulation (679/2016).
Our marketing service provider transfers personal data to the United States in connection with providing the service. In this case, appropriate safeguards for personal data have been implemented so that the service provider is committed to the so-called Privacy Shield arrangement between the United States and the EU. Read about the Privacy Shield arrangement here [https://www.privacyshield.gov/welcome].
Our partners outside the EU:
• SurveyMonkey
8. COOKIES
We use cookies on the websites www.norex.fi and www.viikonviini.fi. Cookies are small text files placed on your device to collect and remember useful information, to improve the functionality and usability of our website. We use cookies and other similar technologies also for statistical purposes, such as compiling statistics on website usage to understand how users use the website and to improve the user experience.
You can prevent cookies from being set, limit the use of cookies, or delete cookies from your browser. You can read more about cookies here https://viikonviini.fi/evasteseloste/
9. DATA SECURITY PRINCIPLES OF THE REGISTER
We implement appropriate measures (including physical, digital, and administrative measures) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. Even appropriate measures cannot prevent all possible data security breaches. In the event of personal data security breaches, we will notify you in accordance with applicable laws.
10. YOUR RIGHTS
You have the right to access your personal data. You can also request the correction, updating, or deletion of your personal data at any time. Please note, however, that personal data that is necessary to fulfill the purposes defined in this policy or that is required by law to be retained cannot be deleted. You have the right to object to or restrict the processing of your personal data to the extent required by applicable law. In certain cases, you have the right to transfer the personal data you have provided to us from one system to another, i.e., the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer your personal data to another data controller, in accordance with applicable law.
When we process your personal data based on consent, you have the right to withdraw your consent at any time. We will not process personal data thereafter unless there is another legal basis for processing. You can exercise your rights by sending us a message at gdpr@norex.fi. The right of access is free of charge once a year. The data controller will respond to the customer as soon as possible, at the latest within the time specified in the EU Data Protection Regulation (within one month of receiving the request).
11. RETENTION OF PERSONAL DATA
Personal data is retained only as long as necessary to fulfill the purposes defined in this policy. Personal data is retained for the duration of the customer relationship. Personal data may also be retained as necessary after the end of the customer relationship to the extent permitted or required by applicable law. For example, after the end of the customer relationship, we typically retain personal data that is necessary to respond to claims or lawsuits in accordance with applicable limitation periods. We retain personal data as necessary to comply with your direct marketing prohibition. Personal data is deleted when its retention is no longer necessary to fulfill the law or the rights or obligations of either party.
12. CHANGES TO THIS POLICY
We have the right to change this policy. We will notify you of changes on our website, where you will always find the latest version of this policy.
13. CONTACT US
You can ask about this policy or the processing of your personal data by contacting us at gdpr@norex.fi.