This privacy policy applies to the processing of personal data of the users of GSD Nordic Oy’s online services.

We are committed to protecting the privacy of our customers and users of our online services in accordance with the applicable data protection legislation at any given time.

1. Data Controller

Name: GSD Nordic Oy
Business ID: 2899038-4
Address: Saukonpaadenranta 22 A 11, 00180 Helsinki
Website: www.gsdnordic.fi

2. Contact Person for the Register

Data Protection Officer: Olli Maila
Phone: 040 7761 742
Email: olli.maila@gsdnordic.com

3. Name of the Register

Register Name: Company’s customer and marketing register

4. Legal Basis and Purpose for Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

  • management of customer relationships
  • management of contacts

Data is not used for automated decision-making or profiling.

5. Content of the Register

The register may contain the following information:

  • contact details (name, address, phone number, email)
  • information related to the customer relationship (e.g., billing and payment information, product and order details, customer feedback and contacts, cancellation information)
  • direct marketing prohibitions and permissions
  • other information collected with the customer’s consent
  • other transaction and usage data related to the customer relationship

6. Regular Sources of Information

Information in the register is obtained from the customer themselves through a contact form or other direct contact.

7. Retention Period of the Data

GSD Nordic Oy retains personal data of the customer only as long as necessary for the purposes stated above and in accordance with the applicable legislation. Some data may be transferred to GSD Nordic Oy’s marketing register or altered in such a way that individual customers can no longer be identified from them.

If a customer opts out of marketing from GSD Nordic Oy, we will store information about this prohibition and the customer’s contact details to ensure compliance in the future.

8. Regular Disclosures of Information and Transfer of Data Outside the EU or EEA

GSD Nordic Oy’s partners and service providers must ensure that they have a legal basis for transferring personal data outside the EEA. GSD Nordic Oy regularly checks that the level of data protection is adequate, especially when using services that may transfer data outside the EU or EEA. It is noted that companies like Google and Meta use Standard Contractual Clauses (SCC) approved by the EU Commission as part of their service terms.

9. Principles of Register Protection

Care is taken in the processing of the register, and data processed through information systems is appropriately protected. When register data is stored on Internet servers, both the physical and digital security of the hardware is adequately taken care of. The data controller ensures that stored data, server access rights, and other critical information for data security are handled confidentially and only by employees whose job description includes it.

10. Right to Inspection and Right to Demand Correction

Every individual in the register has the right to check their data stored in the register and demand correction of any inaccurate information or completion of incomplete information. If an individual wants to check their stored data or demand correction, the request must be sent in writing to the data controller (address in section 1. Data Controller). The data controller may request verification of the requester’s identity. The data controller will respond to the customer within the time frame stipulated in the EU General Data Protection Regulation (usually within one month).

11. Other Rights Related to the Processing of Personal Data

Individuals in the register have the right to request the deletion of their personal data from the register (“the right to be forgotten”). Likewise, registrants have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations. Requests should be sent in writing to the data controller (address in section 1. Data Controller). The data controller may request verification of the requester’s identity. The data controller will respond to the customer within the time frame stipulated in the EU General Data Protection Regulation (usually within one month).

12. Cookie Policy

Cookies are used on the website to improve user experience, analyze site usage, and target marketing. Cookies may also collect information about users’ interests, which helps us target our communication to an audience interested in our content.

If a visitor to GSD Nordic Oy’s pages does not wish us to collect the mentioned information through cookies, most browsers allow disabling cookies. This is usually possible through browser settings. It is important to understand that cookies may be necessary for the smooth operation of some of the GSD Nordic Oy websites and services we offer.

For more information on managing cookies in your browser, please visit: https://aboutcookies.org/

13. Definition of a Cookie

A cookie is a small text file stored on the user’s computer when someone visits a website. Cookies do not contain any personal data and cannot be used to run programs.

14. Changes to the Privacy Policy

GSD Nordic Oy continuously develops its services and reserves the right to change this privacy policy. Changes may also be based on changes in legislation.

Supervisory Authority Contact Information:

Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: PO Box 800, 00521 Helsinki
Switchboard: 029 56 66700
Email: tietosuoja@om.fi