Table of contents
Privacy Policy Personal Data Purposes Legitimate grounds for processing Rights of user Security Recipients Location and transfer Lodging a complaint Changes Contact Related information TextPrivacy Notice
Version 2.0, updated 17th of January 2025
We recommend that you read this Privacy Notice before using our website, subscribe to our Services, to our newsletter, download our available materials or register for an event hosted by us.
This Privacy Notice describes how we, Nomentia, process personal data we collect from you either as a customer, as visitor to our website, as a subscriber of our newsletter, when you download our available materials or registers for an event hosted by us.
If you are a registered customer of Nomentia we act as the ‘data controller’ of personal data about you but at the same time we act as the ‘data processor’ of personal data in the information you put into Nomentia’s SaaS (e.g. your users).
When Nomentia acts as a processor the obligations are regulated under a Data Processing Agreement between Nomentia and the Customer.
Please note that this Privacy Notice does not apply to you if you’re looking for a job at Nomentia. For information on how Nomentia process your data in the recruitment process please visit our “Privacy Notice for Recruitment”.
For the purposes stated above the controller of personal data collected is:
Nomentia Oy, registration number 2855557-7
Linnoitustie 6 C, 02600 Espoo, Finland
Data Protection Officer Contact information:
Privacy[at]nomentia.com
+358 10 419 5200
Any questions or requests on this Privacy Notice or our privacy practices, please contact us.
We are committed to only collecting and processing personal data in the way described in this privacy notice and observing the General Data Protection Regulation (2016/676) and applicable national law. We aim to keep this Privacy Notice as accurate and transparent as possible.
This Privacy Notice only applies to how Nomentia handles your data. It doesn’t cover the privacy practices of other companies, even if our website or services link to their websites – before accessing third party’s websites, we recommend you familiarize yourself with their own privacy notice.
Our Data Protection Authority details are the following:
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki, Finland
E-mail: tietosuoja[at]om.fi
Switchboard: +358 (0)29 566 6700
Registry: +358 (0)29 566 6768
When and how we collect data
From the first moment you interact with Nomentia, we are collecting data. Sometimes you provide us with data, sometimes we collect data about you, either automatically or from other sources, like publicly available websites or from a trusted data supplier.
If we think you're a potential Nomentia customer, we use trusted data suppliers called Cognism and Lusha to find accurate business contact details for you. You can opt out of Cognism's database here. You can opt out of Lusha’s database here.
From | Details |
You | Use of the Website |
You | Contact Form |
You | We identify you as a potential Nomentia customer. You request a demo |
You | You contact our customer support |
You | You opt-in to marketing messages |
Your device | Device Information |
Cognism/Lusha | Business contact details |
Cookies | Use of the Website – consent if personal data is involved |
Types of data we collect
Contact details | Your name, address, telephone number, e-mail address |
Data that identify you | Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version. |
Data on how you use Nomentia | Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages and how often. |
Should your personal data be provided to us via our prospect, customer, supplier or partner, we shall assume that our prospect, customer, supplier or partner has informed you of this Privacy Policy.
Nomentia does not knowingly collect any “sensitive data” or children’s personal data.
Our SaaS solution is a business-to-business service directed to and intended for use by those who are 18+.
Why we collect and process data
Marketing communication | Sending you emails and messages about events and content such as newsletter, webinar, event invitations, product information | Consent and Legitimate Interest |
Sales | Identifying you as someone who might wish to subscribe to Nomentia contacting you at work to gauge your interest, demo and enter a contract with your business | Consent and Legitimate Interest |
Customer Support | Notifying you of any changes to our service, solving issues via live chat support, phone or email including any bug fixing. | Contract |
Improving Nomentia | Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research. | Consent and Legitimate Interest |
Product communication | If you are already a customer we may contact you regarding new products or services, pricing information and other product related news | Consent and Legitimate Interest |
Storage Period
We do not store the personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data, the purposes, and the applicable law and therefore varies per use.
Typically, we store your personal data for as long as you are using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.
We erase personal data after the above-described storage period or when you request us to erase your personal data.
Basis for processing
We process personal data to pursue our legitimate interest to run, maintain, and develop our business. Furthermore, we process personal data to comply with our legal obligations and to fulfill our contract with our customers.
In some parts of our Services, we might request your consent for the processing of your personal data for specific purposes. In that event, you may withdraw your consent at any time.
Security
We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction.
We regularly audit the application of our security measures and we ask third party experts to review our security controls. These audits help us to further improve our security level. Please read our information security white paper to learn how Nomentia ensures the confidentiality, integrity and availability of personal data.
Should despite of our security measures, a security breach occur that is likely to result in a risk to your data, we will inform you and the other affected parties, as well as relevant authorities when required by applicable data protection law about the security breach without undue delay.
Recipients
We only share personal data within our organization if and as far as necessary for the purposes specified in this Privacy Notice. Our staff members processing personal data are bound to confidentiality.
We do not share personal data with any third party outside of our organization unless one of the following circumstances applies.
Necessary for the purposes
We may share personal data with third parties to the extent our Services foresee such disclosure, and Users submit their personal data for that purpose, to facilitate our Services. We may furthermore share personal data with service providers that support us in the realization of the purposes specified in this Privacy Notice, such as by performing data hosting, direct marketing, and customer services. Our agreements with these service providers foresee privacy and security commitments from these service providers that are no less protective than our own commitments described in this Privacy Notice.
If you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on such third party’s notice. Please familiarize yourself with their privacy practices.
- For legal reasons
We may share personal data with third parties if we have a good-faith belief that their access to and use of the personal data is necessary
(i) to meet any applicable law and/or court order,
(ii) to detect, prevent, or otherwise address fraud, security or technical issues, and/or
(iii) to protect the interests, properties or safety of us, our users or the public, in accordance with the law.
We will notify you about such disclosure, as far as reasonably possible.
- In relation to corporate restructuring.
If we are in a process of merger, acquisition, or asset sale, we may transfer personal data to the involved third party. We continue to ensure the confidentiality of all personal data.
- Upon your consent
We may share personal data with third parties for other reasons than the ones mentioned above if we obtained your explicit consent to do so. You have the right to withdraw this consent at any time.
Location and transfer
We and our service providers have operations in several locations in the world. Consequently, we and our service providers may transfer personal data to, or access it from, countries outside your country of domicile.
We take steps to ensure that your personal data receives an adequate level of protection in the countries in which we process it.
We aim to, where possible, process personal data within the EU/EEA region.
Nomentia subsidiaries where your data may be processed:
Nomentia Entity | Place of Processing |
Nomentia AB | Sweden |
Nomentia Treasury and Technology GmbH | Asutria |
Nomentia GmbH | Germany |
Nomentia Sp. Z.o.o | Poland |
Nomentia B.V. | The Netherlands |
We use the following services or tools to process personal data:
Service Provider |
Data collected or shared |
Purpose |
Place of Processing |
Zendesk |
first and last name, |
For processing customer support inquiries and incidents |
EU |
Salesforce |
First and last name, title, position, employer, contact information (company, email, phone, physical business address), ID data, professional life data, localisation data |
For customer contract management and invoicing |
United Kingdom (Adequacy decision) |
Juro |
First name, last name, employer name, e-mail address |
Contract management and electronic signature |
EEA |
Hubspot |
First name, last name, employer name, e-mail address |
Web site, marketing communications management, for sending information about your subscription |
Germany |
Microsoft365 |
Data contained in documents, first name, last name, employer, title, e-mail address |
Internal work environment |
EU |
Cognism |
First name, last name, employer name, e-mail address, phone number |
B2B contact information database |
UK (Adequacy decision) |
Twentythree |
First name, last name, employer name, e-mail address |
Hosting of webinars |
EU |
Calendly |
First name, last name, employer name, e-mail address |
Scheduling service |
US (SCCs, Data Privacy Framework) |
Cookiebot |
Consent Data (Consent ID, consent date and time, user agent of the browser and consent state.). Device data (HTTP Agent, HTTP Referrer), URL visited, user language, IP address, geolocation |
Cookie management |
EU |
Klient |
Data contained in documents, first name, last name, employer, title, e-mail address |
Project management tool |
Canada (Adequacy decision) |
DocuSign |
First name, last name, employer name, e-mail address |
eSignature tool |
EU |
Mailjet |
First name, last name, employer name, e-mail address |
Platform communication |
EU |
KeepIt |
Contact information, bank information, names, addresses, e-mail addresses |
SaaS backup service |
EU |
Lumoa |
First name, last name, employer name, e-mail address |
Customer satisfaction surveys |
EU |
Salesloft |
First name, last name, employer name, e-mail address, phone number |
Revenue orchestration platform |
UK (Adequacy decision), USA (Data Privacy Framework) |
Lusha |
First name, last name, employer name, e-mail address, phone number |
B2B contact information database |
EU and USA (SCCs) |
Sales Force Europe |
name, business email address, contact business telephone numbers, employer, employer Industry, employer Address, employer website address, job title, job role description, linkedIn URL |
Business development service |
EU and UK (adequacy decision) |
In case our processing is subject to any EU data protection law and Users’ personal data is transferred from the European Economic Area to a service provider for processing in any country outside the European Economic Area that is not recognized by the EU Commission as providing an adequate level of protection for personal data, we provide for appropriate safeguards by EU Commission’s standard contractual clauses or by any other appropriate safeguard as foreseen under the applicable data protection law.
Cookies
For more information on how we use cookies click here.
Your privacy rights
- Right to access
You have the right to request additional information from us, including:
- The types of data we process
- The purposes for which we process the data
- The categories of third parties to whom the data may be disclosed
- The duration for which the data will be stored (or the criteria used to determine that period)
- Your other rights concerning our use of your data
We will provide this information within one month of your request, unless fulfilling the request would negatively impact the rights and freedoms of others. If we are unable to meet your request for this reason, we will inform you accordingly.
- Right to withdraw consent
In case our processing is based on your consent, you may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.
- Right to rectification
You have the right to have inaccurate or incomplete personal data we store about you corrected or completed.
- Right to object
In case our processing is based on our legitimate interest to run, maintain and develop our business, you have the right to object at any time to our processing. We shall then no longer process your personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override your interests, rights and freedoms or for legal claims.
Notwithstanding any consent granted beforehand for direct marketing purposes, you have the right to prohibit us from using your personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or by unsubscribing from direct marketing messages.
- Right to restriction of processing
You have the right to request the restriction of processing your personal data, as foreseen by applicable data protection law (e.g. to allow our verification of accuracy of personal data after your contest of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for your legal claims or when our processing is unlawful). Restriction of processing may lead to fewer possibilities to use our Services.
- Right to data portability
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on your consent and carried out by automated means.
- Right to erasure
You have the right to have the personal data we process about you erased from our systems if the personal data is no longer necessary for the related purposes, if we have unlawfully processed the personal data or if you object to processing for direct marketing. You the right to erasure you withdraw consent or object to our processing as meant above, unless we have a legitimate ground to not erase the data.
Residual copies from our servers and backup systems shall be erased as soon as reasonably possible.
- How to use these rights
To exercise any of the above-mentioned rights, you should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, you shall send us a letter or email to the address set out below under Contact, including the following information:
name, address, phone number, email address.
We may request additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
Lodging a complaint
In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.
Changes
This Privacy Policy is dated January 17th, 2025. We may update this Privacy Policy at any time if required in order to reflect changes in our data processing practices, in personal data protection laws, or otherwise. For substantial changes to this Privacy Policy, we will use reasonable endeavors to provide notice thereof.
April 24, 2023 version here.