Privacy Notice for Users of N.Rich Technologies Products and Services
This privacy notice explains how we collect and use personal data concerning the following groups of data subjects: Our customers and their representatives
N.Rich Technologies Oy c/o Kuopion Tilitieto Oy, Kirkkokatu 1, 70100 Kuopio, Finland email: privacy(at)n.rich
Purposes of Processing
We may use the personal data we collect about you for the following purposes:Customer relationship management and other internal administrative purposes
Product and service delivery
Further development of our products and services
Targeting and personalization of our products and services
Commercial offers and other marketing
Market research and other statistical purposes
Invoicing, monitoring and collection of payments
Detection, prevention and investigation of fraud and other criminal activity
General administrative purposes and ensuring compliance with our legal and regulatory requirements
Legal Bases of Processing
For the activities described in this notice, we rely on the following legal bases for processing personal data:
Performance of a contract between you and us;
Compliance with our legal obligations, such as data retention obligations related to accounting and taxation;
Our legitimate interests to conduct and develop our business: This is the legal basis we mainly rely on for activities not covered by the above-mentioned legal bases, such as for managing our customer relationships as well as developing and marketing our products and services. In individual cases, and where legally required, we may also rely on your separate consent. You may later revoke your consent at any time.
Categories and Sources of Data
The types of information we may collect and use for the purposes detailed above are the following: Information you provide to us yourself, such as your contact details or information necessary for the provision of our services Customer account data gathered by us in the context of service provision or customer relationship management, such as details on your communication with us and information related to the services provided to you or your organization.
Information related to your business and/or organization collected from publicly available sources, such as updates to your contact information from public registers or similar sources
Disclosure and Transfer
Where necessary for the purposes detailed above, your personal data may be disclosed to the following categories of recipients:
Our group companies
Our third party services providers who assist us in providing you with our products and services
Our service providers for the purposes of accounting, financial, ICT, legal and other services provided to us
Potential buyers (and their agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that the buyer is informed that it must use your personal data only for the purposes set out in this notice
Competent courts, law enforcement bodies, or other authorities or third parties where we deem that disclosing your personal data is necessary for compliance with laws or regulations, or to exercise, establish or defend our legal rights, or to protect your vital interests or those of any other person
Any other person – but only with your separate consent
Your personal data will not be transferred to countries outside the European Union or the European Economic Area, except where the European Commission has held that the country ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this notice, such as by implementing the European Commission’s Standard Contractual Clauses for transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, such transfers may also take place based on your separate consent or in order to provide you with a service you have specifically requested, or where otherwise allowed by applicable data protection laws.
In order to optimize the products and services we offer, we reserve the right to make automated decisions, including using machine learning and artificial intelligence algorithms, about our customer behaviour.
We keep your personal data only as long as we have a legitimate business need to retain it for the purposes described above. We will regularly assess the existence of such need against the data we keep, and where we have no such ongoing business need, we will either erase or anonymize your personal data or, if this is not possible – for example, for information stored in backup archives – we will store your personal data securely and block any further processing until deletion is possible.
Personal data related to a customer relationship will be usually retained only for the duration of the ongoing customer relationship and for a reasonable period thereafter in order for us to be able to answer inquiries related to the relationship. However, some data may be retained for longer where we believe retention is necessary for compliance with laws or regulations (such as in the fields of accounting and taxation), or to exercise, establish or defend our legal rights or those of our customers, affiliates or partners.
To protect your personal data, we use appropriate technical and organizational measures designed to provide a level of security appropriate to the risk of processing.
Data Subject Rights
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data as well as to have any inaccurate or incomplete personal data rectified or completed. In certain circumstances, you may also have the right to request the erasure, or the restriction of processing, of your personal data or parts of it, to object to the processing and/or to receive the data in a structured, commonly used and machine-readable format. Please contact us for any inquiries related to exercising the above rights. If you consider our processing activities of your personal data to be inconsistent with applicable data protection laws, you may lodge a complaint with the responsible supervisory authority. Contact information for the supervisory authority in Finland can be found here: www.tietosuoja.fi
We may update this notice from time to time in response to changing legal, technical or business developments. When we update this notice, we will strive to inform you in a manner consistent with the significance of the changes we make.