Skip to content

Privacy Policy

We process data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law. 

This Privacy Policy describes how we, Nomentia, process personal data we collect from individuals in relation to their use of our websites, ordering and use of our services and attendance at our events (collectively, our “Services”). In legal terms, we are the data controller, as we determine the means and/or purposes of the processing. 

This Privacy Policy does not apply to personal data mentioned on business documents that our customers transmit to our systems when using our Services. In legal terms, we are the data processor of such personal data, and our customers are the data controllers. Please see Nomentia Contract | Appendices for the data processing agreement regarding our cloud services. For data subject requests regarding personal data in the cloud services provided by Nomentia, please contact the administrative users of the cloud service in your organization. 

This Privacy Policy only covers data processing carried out by Nomentia. The Privacy Policy does not address, and we are not responsible for, the privacy practices of any third parties, also in cases where Services include hyperlinks to third parties’ websites or when cookies are set by third parties. 

 

Personal Data

The personal data we collect from individuals using our Services (“Users”) mostly consists of user data, such as name, business function, gender, business address, telephone number, email address and other personal data Users provide to us. This is mostly information in relation to an individual’s role at his/her company that does not concern him/her as a private person or as an individual consumer customer. These companies that individuals are working for, mostly are our prospects, customers, suppliers or partners. The specific kind of user data collected will depend on the Services used. 

We may also collect technical data in relation to Users, such as IP address, browser type and version, preferred language, geographic location, operating system and computer platform, the full URL clickstream to, through, and from our Services, including date and time, websites accessed immediately before and after visiting our websites, services Users viewed or searched for while using our Services, and parts of our Services that Users have visited. Although we do not normally use technical data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with user data. In such situations, technical data can also be personal data under applicable law, and we will treat the combined data as personal data. 

We use various technologies to collect and process technical data in relation to Users, including cookies. Cookies are small text files stored on Users’ computer by the internet browser. Cookies allow us to calculate the aggregate number of people using our Services and monitor the use of our Services. This helps us to improve our Services and better serve our Users. We may also use cookies that make the use of the Services easier, for example by remembering usernames, passwords and preferences. We may use tracking and analytics cookies to see how well our Services are being received by our Users. Some cookies enable our Services to function and inform us whether our Services are functioning properly. Our advertising cookies allow us to deliver targeted advertising to people who visit our websites (online behavioral advertising OBA). Users may choose to set their web browser to refuse cookies or to alert when cookies are being sent. This can usually be done through the internet browser’s settings. Information about how to manage cookies can be found online. Some parts of our Services may not function properly if Users prefer not to accept the use of cookies. 

When visiting Nomentia web site, Users are presented with a cookie declaration that requests Users to give their consent on the types of cookies that are collected. By default, only cookies that are necessary for the web site to operate are collected. Users may change or withdraw their consent any time by using the Privacy Trigger in the bottom-left corner. 

 

Purposes

We process personal data for the following purposes:

  • to allow us to run, maintain and develop our business,
  • to allow us to offer and provide our Services,
  • to allow us to conduct information and promotional campaigns (including direct marketing) related to our Services (including by phone, mail and email), keeping Users informed about our Services and special offers that are likely to interest them,
  • to allow us to perform the contract we have signed with our customers, suppliers or partners,
  • to allow customer service management, e.g. when Users contact our service desk,
  • to allow contract management, e.g. to address our invoices to our customers,
  • to enhance our Services and the use thereof,
  • to perform research and analysis relating to our Services,
  • to perform tracking of the use of our Services,
  • to conduct market surveys and/or
  • to detect fraud, e.g. breaches of intellectual property rights.

Should the personal data of the User be provided to us via our prospect, customer, supplier or partner, we shall assume that our prospect, customer, supplier or partner has informed the User of this Privacy Policy.

 

Storage Period

We do not store the personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data, the purposes, and the applicable law and therefore varies per use.

Typically, we store User’s personal data for as long as the user is using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.

We erase personal data after the above-described storage period or when the User requests us to erase his/her personal data.

 

Legitimate grounds for processing

We process personal data to pursue our legitimate interest to run, maintain, and develop our business. Furthermore, we process personal data to comply with our legal obligations.

In some parts of our Services, we might request Users’ consent for the processing of their personal data for specific purposes. In that event, Users may withdraw their consent at any time.

 

Rights of Users

Right to access. Any User may contact us to get confirmation as to whether or not we are processing User’s personal data. Where we do process User’s personal data, we will inform User of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.

Right to withdraw consent. In case our processing is based on a consent granted by the User, the User may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.

Right to rectification. Any User has the right to have inaccurate or incomplete personal data we store about the User rectified or completed.

Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, any User has the right to object at any time to our processing. We shall then no longer process User’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override User’s interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any User has the right to prohibit us from using his/her personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.

Right to restriction of processing. Any User has the right to obtain from us restriction of processing of User’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after User’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for User’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.

Right to data portability. Any User has the right to receive User’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on User’s consent and carried out by automated means.

Right to erasure. Any User has the right to have personal data we process about the User erased from our systems if the personal data are no longer necessary for the related purposes, if we have unlawfully processed the personal data or if the User objects to processing for direct marketing. Any User furthermore has the right to erasure if the User withdraws consent or objects to our processing as meant above, unless we have a legitimate ground to not erase the data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.

How to use these rights. To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

 

Security

We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction. 

We regularly audit the application of our security measures and we ask third party experts to review our security controls. These audits help us to further improve our security level. Please read our information security white paper to learn how Nomentia ensures the confidentiality, integrity and availability of personal data. 

Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible. 

 

Recipients

We only share personal data within our organization if and as far as necessary for the purposes specified in this Privacy Policy. Our staff members processing personal data are bound to confidentiality. 

We do not share personal data with any third party outside of our organization unless one of the following circumstances applies.

Necessary for the purposes. We may share personal data with third parties to the extent our Services foresee such disclosure and Users submit their personal data for that purpose, to facilitate our Services. We may furthermore share personal data with service providers that support us in the realization of the purposes specified in this Privacy Notice, such as by performing data hosting, direct marketing, and customer services. Our agreements with these service providers foresee privacy and security commitments from these service providers that are no less protective than our own commitments described in this Privacy Notice. If our Users provide personal data directly to a third party, such as through a link on our website, the processing is typically based on such third party’s notice.

For legal reasons. We may share personal data with third parties if we have a good-faith belief that their access to and use of the personal data is necessary (i) to meet any applicable law and/or court order, (ii) to detect, prevent, or otherwise address fraud, security or technical issues, and/or (iii) to protect the interests, properties or safety of us, our users or the public, in accordance with the law. We will notify Users about such disclosure, as far as reasonably possible.

In relation to corporate restructuring. If we are in a process of merger, acquisition, or asset sale, we may transfer personal data to the involved third party. We continue to ensure the confidentiality of all personal data.

Upon User’s consent. We may share personal data with third parties for other reasons than the ones mentioned above if we obtained User’s explicit consent to do so. The User has the right to withdraw this consent at any time.

 

Location and transfer

We and our service providers have operations in several locations in the world. Consequently, we and our service providers may transfer personal data to, or access it from, countries outside User’s country of domicile. 

We take steps to ensure that Users’ personal data receives an adequate level of protection in the countries in which we process it.  

We process personal data within the EU/EEA region. 

We use the following tools to process personal data: 

  • Zendesk for processing customer support inquiries and incidents, www.zendesk.com 
  • Salesforce for customer contract management and invoicing, www.salesforce.com 
  • Hubspot for web site and marketing communications management, www.hubspot.com 

For further information on how personal data is processed in the above mentioned tools, please visit the respective privacy policy and related information on their web pages. 

In case our processing is subject to any EU data protection law and Users’ personal data is transferred from the European Economic Area to a service provider for processing in any country outside the European Economic Area that is not recognized by the EU Commission as providing an adequate level of protection for personal data, we provide for appropriate safeguards by EU Commission’s standard contractual clauses or by any other appropriate safeguard as foreseen under the applicable data protection law. 

 

Lodging a complaint

In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.

 

Changes

This Privacy Policy is dated April 24, 2023. We may update this Privacy Policy at any time if required in order to reflect changes in our data processing practices, in personal data protection laws, or otherwise. For substantial changes to this Privacy Policy, we will use reasonable endeavors to provide notice thereof.

 

Contact

Any User having any question or request on this Privacy Notice or our privacy practices, can contact us: 

Nomentia Data Protection Officer (DPO) 

by email at:
privacy@nomentia.com  

by mail at: 
Nomentia Oy 
Linnoitustie 6 C, 02600 Espoo, Finland 

 

Related information

Job Applicant Privacy Policy

Information about cookies

Phishing and Malware

 

Useful links:

Security at Nomentia