Data protection policy

This policy explains how Narema processes personal data and what rights you have as a consumer, in accordance with the EU Data Protection Regulation 2016/679 (GDPR). Narema is responsible for all processing of personal data within the business.

Where do we collect personal data

We may collect personal data in the following ways:

Personal data that you give to us when filling and submitting forms on the website, providing information in connection with events or when you correspond with us in another way.
Personal data that we collect or generate automatically. When you visit the website, we will automatically collect online identification data, including IP-address, that connects your device to the internet. We may also collect cookie data about you when we place cookies to your device during your visit on the website.

Why we process personal data

Narema processes personal data in order to maintain customer and service relationships, handle contact, for example when making inquiries, deliver services and comply with legislation. Data is also processed for marketing, sales and statistical purposes, among other things to review and develop the business.

All personal data processed by Narema follows one or more of the above purposes. The processing must also have a legal basis, such as consent, agreement or legal obligation. Only personal data needed for a purpose shall be processed.

Who we share personal information with

Narema may share personal information with selected third parties in a controlled manner so that your information is handled securely. These third parties may be suppliers, subcontractors and authorities. The information is not sold and is not shared without reason.

Where are personal data processed

Personal data are primarily processed within the EU/EEA and we always strive to ensure that personal data are not transferred to third countries outside the EU/EEA. However, in cases where personal data are processed by a recipient so that the personal data are transferred or becomes accessible from outside the EU/EEA, we always put adequate safeguards in place to protect the personal data. Examples of these safeguards are data transfer agreements (including standard contractual clauses adopted by the European Commission) and adequacy decisions of the European Commission.

How we protect your data

Narema protects personal data that is processed, through technical and organizational measures. For example, only authorized personnel have access to the personal data and encryption is used when needed.

How long is personal data stored

We store your personal data for as long as it is necessary to perform the task for which the personal data has been collected and saved.

Rights

You have the right to request information, once a year, regarding what personal data we process about you or your company. You may request, at any time, that rectifications be made to your personal data or request to be erased from our registry if you are unable to do so yourself. We will rectify or erase your data without undue delay. In some cases, however, legislation may require that information remain, for example when we are obligated to store your data owing to legal requirements (e.g. the Finnish Accounting Act) or when you or your company enters into a business relationship with us (legitimate interest). You can notify the Data Protection Ombudsman if you suspect that an organisation or individual is processing personal data in violation of data protection regulations. See contact information below for matters concerning our processing of your personal data.