Skip to content

Privacy Notice

Version 2.0, updated 17th of January 2025

We recommend that you read this Privacy Notice before using our website, subscribe to our Services, to our newsletter, download our available materials or register for an event hosted by us.

This Privacy Notice describes how we, Nomentia, process personal data we collect from you either as a customer, as visitor to our website, as a subscriber of our newsletter, when you download our available materials or registers for an event hosted by us.

If you are a registered customer of Nomentia we act as the ‘data controller’ of personal data about you but at the same time we act as the ‘data processor’ of personal data in the information you put into Nomentia’s SaaS (e.g. your users).

When Nomentia acts as a processor the obligations are regulated under a Data Processing Agreement between Nomentia and the Customer.

Please note that this Privacy Notice does not apply to you if you’re looking for a job at Nomentia. For information on how Nomentia process your data in the recruitment process please visit our “Privacy Notice for Recruitment”.

For the purposes stated above the controller of personal data collected is:

Nomentia Oy, registration number 2855557-7

Linnoitustie 6 C, 02600 Espoo, Finland

Data Protection Officer Contact information:

Privacy[at]nomentia.com

+358 10 419 5200

Any questions or requests on this Privacy Notice or our privacy practices, please contact us.

We are committed to only collecting and processing personal data in the way described in this privacy notice and observing the General Data Protection Regulation (2016/676) and applicable national law. We aim to keep this Privacy Notice as accurate and transparent as possible.

This Privacy Notice only applies to how Nomentia handles your data. It doesn’t cover the privacy practices of other companies, even if our website or services link to their websites – before accessing third party’s websites, we recommend you familiarize yourself with their own privacy notice.

Our Data Protection Authority details are the following:

Office of the Data Protection Ombudsman

Lintulahdenkuja 4, 00530 Helsinki

Postal address: P.O. Box 800, 00531 Helsinki, Finland

E-mail: tietosuoja[at]om.fi

Switchboard: +358 (0)29 566 6700

Registry: +358 (0)29 566 6768

 

When and how we collect data

From the first moment you interact with Nomentia, we are collecting data. Sometimes you provide us with data, sometimes we collect data about you, either automatically or from other sources, like publicly available websites or from a trusted data supplier.

If we think you're a potential Nomentia customer, we use trusted data suppliers called Cognism and Lusha to find accurate business contact details for you. You can opt out of Cognism's database here. You can opt out of Lusha’s database here.

 
From Details
You Use of the Website
You Contact Form
You We identify you as a potential Nomentia customer. You request a demo
You You contact our customer support
You You opt-in to marketing messages
Your device Device Information
Cognism/Lusha Business contact details
Cookies Use of the Website – consent if personal data is involved

 

Types of data we collect

Contact details Your name, address, telephone number, e-mail address
Data that identify you Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.
Data on how you use Nomentia Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages and how often.

 

Should your personal data be provided to us via our prospect, customer, supplier or partner, we shall assume that our prospect, customer, supplier or partner has informed you of this Privacy Policy.

Nomentia does not knowingly collect any “sensitive data” or children’s personal data.

Our SaaS solution is a business-to-business service directed to and intended for use by those who are 18+.

 

Why we collect and process data

Marketing communication Sending you emails and messages about events and content such as newsletter, webinar, event invitations, product information Consent and Legitimate Interest
Sales Identifying you as someone who might wish to subscribe to Nomentia contacting you at work to gauge your interest, demo and enter a contract with your business Consent and Legitimate Interest
Customer Support Notifying you of any changes to our service, solving issues via live chat support, phone or email including any bug fixing. Contract
Improving Nomentia Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research. Consent and Legitimate Interest
Product communication If you are already a customer we may contact you regarding new products or services, pricing information and other product related news Consent and Legitimate Interest
 

Storage Period

We do not store the personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data, the purposes, and the applicable law and therefore varies per use.

Typically, we store your personal data for as long as you are using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.

We erase personal data after the above-described storage period or when you request us to erase your personal data.

 

Basis for processing

We process personal data to pursue our legitimate interest to run, maintain, and develop our business. Furthermore, we process personal data to comply with our legal obligations and to fulfill our contract with our customers.

In some parts of our Services, we might request your consent for the processing of your personal data for specific purposes. In that event, you may withdraw your consent at any time.

 

Security

We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction. 

We regularly audit the application of our security measures and we ask third party experts to review our security controls. These audits help us to further improve our security level. Please read our information security white paper to learn how Nomentia ensures the confidentiality, integrity and availability of personal data. 

Should despite of our security measures, a security breach occur that is likely to result in a risk to your data, we will inform you and the other affected parties, as well as relevant authorities when required by applicable data protection law about the security breach without undue delay.

 

Recipients

We only share personal data within our organization if and as far as necessary for the purposes specified in this Privacy Notice. Our staff members processing personal data are bound to confidentiality. 

We do not share personal data with any third party outside of our organization unless one of the following circumstances applies.

 

Necessary for the purposes

We may share personal data with third parties to the extent our Services foresee such disclosure, and Users submit their personal data for that purpose, to facilitate our Services. We may furthermore share personal data with service providers that support us in the realization of the purposes specified in this Privacy Notice, such as by performing data hosting, direct marketing, and customer services. Our agreements with these service providers foresee privacy and security commitments from these service providers that are no less protective than our own commitments described in this Privacy Notice.

If you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on such third party’s notice. Please familiarize yourself with their privacy practices.

  • For legal reasons

We may share personal data with third parties if we have a good-faith belief that their access to and use of the personal data is necessary

(i)            to meet any applicable law and/or court order,

(ii)           to detect, prevent, or otherwise address fraud, security or technical issues, and/or

(iii)          to protect the interests, properties or safety of us, our users or the public, in accordance with the law.

We will notify you about such disclosure, as far as reasonably possible.

  • In relation to corporate restructuring.

If we are in a process of merger, acquisition, or asset sale, we may transfer personal data to the involved third party. We continue to ensure the confidentiality of all personal data.

  • Upon your consent

We may share personal data with third parties for other reasons than the ones mentioned above if we obtained your explicit consent to do so. You have the right to withdraw this consent at any time.

 

Location and transfer

We and our service providers have operations in several locations in the world. Consequently, we and our service providers may transfer personal data to, or access it from, countries outside your country of domicile. 

We take steps to ensure that your personal data receives an adequate level of protection in the countries in which we process it.  

We aim to, where possible, process personal data within the EU/EEA region. 

Nomentia subsidiaries where your data may be processed: 

Nomentia Entity Place of Processing
Nomentia AB Sweden
Nomentia Treasury and Technology GmbH Asutria
Nomentia GmbH Germany
Nomentia Sp. Z.o.o Poland
Nomentia B.V. The Netherlands

 

We use the following services or tools to process personal data: 

Service Provider

Data collected or shared

Purpose

Place of Processing

Zendesk

 first and last name,
email address, title, position, employer, contact information (company, email, phone numbers, physical address),
date of birth, gender, communications (telephone recordings, voicemail), and customer service information.

For processing customer support inquiries and incidents

EU

Salesforce

 First and last name, title, position, employer, contact information (company, email, phone, physical business address), ID data, professional life data, localisation data

For customer contract management and invoicing

United Kingdom (Adequacy decision)

Juro

First name, last name, employer name, e-mail address

Contract management and electronic signature

 EEA

Hubspot

First name, last name, employer name, e-mail address

Web site, marketing communications management, for sending information about your subscription

 Germany

Microsoft365

Data contained in documents, first name, last name, employer, title, e-mail address

Internal work environment

 EU

Cognism

First name, last name, employer name, e-mail address, phone number

B2B contact information database

 UK (Adequacy decision)

Twentythree

 First name, last name, employer name, e-mail address

 Hosting of webinars

EU

Calendly

First name, last name, employer name, e-mail address

Scheduling service

 US (SCCs, Data Privacy Framework)

Cookiebot

Consent Data (Consent ID, consent date and time, user agent of the browser and consent state.). Device data (HTTP Agent, HTTP Referrer), URL visited, user language, IP address, geolocation

 Cookie management

EU

Klient

 Data contained in documents, first name, last name, employer, title, e-mail address

Project management tool

 Canada (Adequacy decision)

DocuSign

First name, last name, employer name, e-mail address

eSignature tool

 EU

Mailjet

First name, last name, employer name, e-mail address

Platform communication

 EU

KeepIt

Contact information, bank information, names, addresses, e-mail addresses

SaaS backup service

 EU

Lumoa

First name, last name, employer name, e-mail address

Customer satisfaction surveys

 EU

Salesloft

First name, last name, employer name, e-mail address, phone number

Revenue orchestration platform

 UK (Adequacy decision), USA (Data Privacy Framework)

Lusha

First name, last name, employer name, e-mail address, phone number

B2B contact information database

EU and USA (SCCs)

Sales Force Europe

name, business email address, contact business telephone numbers, employer, employer Industry, employer Address, employer website address, job title, job role description, linkedIn URL

Business development service

EU and UK (adequacy decision)

 
For further information on how personal data is processed in the above-mentioned tools, please visit the respective privacy policy and related information on their web pages. 

In case our processing is subject to any EU data protection law and Users’ personal data is transferred from the European Economic Area to a service provider for processing in any country outside the European Economic Area that is not recognized by the EU Commission as providing an adequate level of protection for personal data, we provide for appropriate safeguards by EU Commission’s standard contractual clauses or by any other appropriate safeguard as foreseen under the applicable data protection law.

 

Cookies

For more information on how we use cookies click here.

 

Your privacy rights

  • Right to access

You have the right to request additional information from us, including:

- The types of data we process
- The purposes for which we process the data
- The categories of third parties to whom the data may be disclosed
- The duration for which the data will be stored (or the criteria used to determine that period)
- Your other rights concerning our use of your data

We will provide this information within one month of your request, unless fulfilling the request would negatively impact the rights and freedoms of others. If we are unable to meet your request for this reason, we will inform you accordingly.

  • Right to withdraw consent

In case our processing is based on your consent, you may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.

  • Right to rectification

You have the right to have inaccurate or incomplete personal data we store about you corrected or completed.

  • Right to object

In case our processing is based on our legitimate interest to run, maintain and develop our business, you have the right to object at any time to our processing. We shall then no longer process your personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override your interests, rights and freedoms or for legal claims.

Notwithstanding any consent granted beforehand for direct marketing purposes, you have the right to prohibit us from using your personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or by unsubscribing from direct marketing messages.

  • Right to restriction of processing

You have the right to request the restriction of processing your personal data, as foreseen by applicable data protection law (e.g. to allow our verification of accuracy of personal data after your contest of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for your legal claims or when our processing is unlawful). Restriction of processing may lead to fewer possibilities to use our Services.

  • Right to data portability

You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on your consent and carried out by automated means.

  • Right to erasure

You have the right to have the personal data we process about you erased from our systems if the personal data is no longer necessary for the related purposes, if we have unlawfully processed the personal data or if you object to processing for direct marketing. You the right to erasure you withdraw consent or object to our processing as meant above, unless we have a legitimate ground to not erase the data.

Residual copies from our servers and backup systems shall be erased as soon as reasonably possible.

  • How to use these rights

To exercise any of the above-mentioned rights, you should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, you shall send us a letter or email to the address set out below under Contact, including the following information:

name, address, phone number, email address.

We may request additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

 

Lodging a complaint

In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.

 

Changes

This Privacy Policy is dated January 17th, 2025. We may update this Privacy Policy at any time if required in order to reflect changes in our data processing practices, in personal data protection laws, or otherwise. For substantial changes to this Privacy Policy, we will use reasonable endeavors to provide notice thereof.

April 24, 2023 version here.