PRIVACY POLICY – COOKIE POLICY – LEGAL NOTICE – TERMS OF USE
NORFINNA
LAST UPDATED: 06.09.2025
Norfinna RESPECTS THE PRIVACY OF ALL PERSONS WHO VISIT ITS WEBSITE OR OTHERWISE INTERACT WITH ITS DIGITAL SERVICES. THE PROTECTION OF PERSONAL DATA IS A FUNDAMENTAL PRINCIPLE OF THE COMPANY’S OPERATIONS.
THIS DOCUMENT SETS OUT THE WEBSITE COMPLIANCE FRAMEWORK FOR NORFINNA AND DESCRIBES HOW PERSONAL DATA ARE COLLECTED, PROCESSED, STORED AND PROTECTED WHEN INDIVIDUALS ACCESS OR USE THE COMPANY’S WEBSITE.
THE PROCESSING OF PERSONAL DATA IS CONDUCTED IN ACCORDANCE WITH THE REQUIREMENTS OF THE General Data Protection Regulation (REGULATION (EU) 2016/679) AS WELL AS THE Finnish Data Protection Act (TIETOSUOJALAKI 1050/2018) AND OTHER APPLICABLE DATA PROTECTION AND DIGITAL SERVICES LEGISLATION OF THE EUROPEAN UNION AND THE REPUBLIC OF FINNLAND.
THIS WEBSITE COMPLIANCE DOCUMENT EXPLAINS THE TYPES OF PERSONAL DATA THAT MAY BE COLLECTED THROUGH THE WEBSITE, THE PURPOSES OF SUCH PROCESSING, THE LEGAL BASES FOR THE PROCESSING ACTIVITIES, THE RIGHTS OF DATA SUBJECTS AND THE USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES.
THE DATA CONTROLLER RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA THROUGH THIS WEBSITE IS:
NORFINNA
PYVANTOLAHDENTIE 4, 81120 KATAJARANTA
FINNLAND
EMAIL: PRIVACY@NORFINNA.FI
TELEPHONE: +358 (0) 50 387 8970
THE DATA CONTROLLER IS THE NATURAL OR LEGAL PERSON WHO DETERMINES THE PURPOSES AND MEANS OF THE PROCESSING OF PERSONAL DATA AS DEFINED IN ARTICLE 4 OF THE GDPR.
WHERE REQUIRED BY LAW, NORFINNA MAY APPOINT A DATA PROTECTION OFFICER WHO SUPERVISES COMPLIANCE WITH APPLICABLE DATA PROTECTION LEGISLATION AND SERVES AS A CONTACT POINT FOR DATA SUBJECTS AND SUPERVISORY AUTHORITIES.
WHEN USERS ACCESS THE NORFINNA WEBSITE, PERSONAL DATA MAY BE COLLECTED DIRECTLY FROM THE USER OR AUTOMATICALLY THROUGH TECHNICAL SYSTEMS USED FOR WEBSITE OPERATION.
PERSONAL DATA PROVIDED DIRECTLY BY USERS MAY INCLUDE THE NAME OF THE PERSON, EMAIL ADDRESS, TELEPHONE NUMBER, COMPANY NAME, POSITION OR OTHER INFORMATION SUBMITTED THROUGH CONTACT FORMS, SERVICE REQUEST FORMS OR OTHER COMMUNICATION CHANNELS MADE AVAILABLE ON THE WEBSITE.
PERSONAL DATA MAY ALSO BE COLLECTED AUTOMATICALLY WHEN USERS ACCESS THE WEBSITE. SUCH DATA MAY INCLUDE THE INTERNET PROTOCOL ADDRESS, DEVICE IDENTIFIERS, BROWSER TYPE AND VERSION, OPERATING SYSTEM INFORMATION, WEBSITE PAGES ACCESSED, DATE AND TIME OF ACCESS AND OTHER TECHNICAL INFORMATION NECESSARY FOR SECURITY AND OPERATION.
THE AUTOMATIC COLLECTION OF TECHNICAL DATA IS NECESSARY FOR THE STABLE AND SECURE OPERATION OF THE WEBSITE AND FOR THE PROTECTION OF INFORMATION TECHNOLOGY INFRASTRUCTURE AGAINST CYBERSECURITY RISKS.
PERSONAL DATA COLLECTED THROUGH THE WEBSITE ARE PROCESSED FOR CLEARLY DEFINED AND LEGITIMATE PURPOSES.
THE PRIMARY PURPOSE OF PROCESSING IS TO ENABLE COMMUNICATION BETWEEN NORFINNA AND WEBSITE USERS. THIS INCLUDES RESPONDING TO INQUIRIES, PROVIDING REQUESTED INFORMATION AND FACILITATING BUSINESS COMMUNICATION.
PERSONAL DATA MAY ALSO BE PROCESSED FOR THE PURPOSE OF PROVIDING SERVICES REQUESTED THROUGH THE WEBSITE AND FOR THE ADMINISTRATION OF BUSINESS RELATIONSHIPS.
IN ADDITION, PERSONAL DATA MAY BE PROCESSED FOR SECURITY, TECHNICAL ADMINISTRATION, PERFORMANCE OPTIMISATION AND THE DETECTION AND PREVENTION OF FRAUDULENT OR MALICIOUS ACTIVITIES.
WHERE APPLICABLE, PERSONAL DATA MAY ALSO BE PROCESSED IN ORDER TO COMPLY WITH LEGAL OBLIGATIONS, INCLUDING OBLIGATIONS ARISING FROM ACCOUNTING, TAXATION, REGULATORY OR LEGAL REPORTING REQUIREMENTS.
THE PROCESSING OF PERSONAL DATA THROUGH THE WEBSITE IS BASED ON THE LEGAL GROUNDS PROVIDED IN ARTICLE 6 OF THE GDPR.
PROCESSING MAY BE BASED ON THE CONSENT OF THE DATA SUBJECT WHEN PERSONAL DATA ARE VOLUNTARILY PROVIDED THROUGH WEBSITE FORMS OR WHEN USERS ACCEPT CERTAIN COOKIES OR TRACKING TECHNOLOGIES.
PROCESSING MAY ALSO BE BASED ON CONTRACTUAL NECESSITY WHEN THE PROCESSING IS REQUIRED IN ORDER TO PROVIDE SERVICES REQUESTED BY THE USER OR TO TAKE PRE-CONTRACTUAL MEASURES AT THE REQUEST OF THE DATA SUBJECT.
NORFINNA MAY ALSO PROCESS PERSONAL DATA BASED ON ITS LEGITIMATE INTERESTS. SUCH LEGITIMATE INTERESTS INCLUDE THE OPERATION, SECURITY AND IMPROVEMENT OF THE COMPANY’S WEBSITE, THE PROTECTION OF ITS DIGITAL INFRASTRUCTURE AND THE MANAGEMENT OF BUSINESS RELATIONSHIPS.
WHERE REQUIRED, PERSONAL DATA MAY ALSO BE PROCESSED IN ORDER TO COMPLY WITH LEGAL OBLIGATIONS IMPOSED BY APPLICABLE LEGISLATION.
PERSONAL DATA MAY BE DISCLOSED TO TRUSTED SERVICE PROVIDERS WHO SUPPORT THE OPERATION AND MAINTENANCE OF THE WEBSITE AND RELATED INFORMATION TECHNOLOGY SYSTEMS.
SUCH SERVICE PROVIDERS MAY INCLUDE WEBSITE HOSTING PROVIDERS, INFORMATION TECHNOLOGY SERVICE PROVIDERS, ANALYTICS PROVIDERS AND PROFESSIONAL ADVISORS INCLUDING LEGAL OR ACCOUNTING CONSULTANTS.
ALL SERVICE PROVIDERS PROCESS PERSONAL DATA ONLY ON BEHALF OF NORFINNA AND ARE CONTRACTUALLY OBLIGATED TO PROCESS PERSONAL DATA IN ACCORDANCE WITH THE REQUIREMENTS OF THE GDPR AND OTHER APPLICABLE DATA PROTECTION LEGISLATION.
NORFINNA DOES NOT SELL PERSONAL DATA TO THIRD PARTIES.
PERSONAL DATA MAY ALSO BE DISCLOSED TO PUBLIC AUTHORITIES WHERE SUCH DISCLOSURE IS REQUIRED BY LAW OR BY A BINDING ORDER OF A COMPETENT AUTHORITY.
PERSONAL DATA MAY IN CERTAIN CIRCUMSTANCES BE TRANSFERRED TO SERVICE PROVIDERS LOCATED OUTSIDE THE EUROPEAN ECONOMIC AREA.
WHERE SUCH TRANSFERS TAKE PLACE, NORFINNA ENSURES THAT APPROPRIATE SAFEGUARDS ARE IMPLEMENTED IN ORDER TO GUARANTEE AN ADEQUATE LEVEL OF DATA PROTECTION.
SUCH SAFEGUARDS MAY INCLUDE THE USE OF STANDARD CONTRACTUAL CLAUSES APPROVED BY EUROPEAN COMMISSION OR TRANSFERS TO COUNTRIES THAT HAVE BEEN RECOGNISED BY EUROPEAN COMMISSION AS PROVIDING AN ADEQUATE LEVEL OF DATA PROTECTION.
PERSONAL DATA ARE RETAINED ONLY FOR AS LONG AS NECESSARY TO FULFIL THE PURPOSES FOR WHICH THEY WERE COLLECTED.
THE RETENTION PERIOD DEPENDS ON THE NATURE OF THE DATA AND THE PURPOSE OF PROCESSING.
PERSONAL DATA RELATED TO BUSINESS COMMUNICATION MAY BE RETAINED FOR THE DURATION NECESSARY TO PROCESS THE INQUIRY OR MAINTAIN THE BUSINESS RELATIONSHIP.
WHERE PERSONAL DATA ARE REQUIRED FOR LEGAL OR REGULATORY PURPOSES, THEY MAY BE RETAINED FOR THE PERIODS REQUIRED BY APPLICABLE LAW.
ONCE PERSONAL DATA ARE NO LONGER NECESSARY FOR THE PURPOSES FOR WHICH THEY WERE COLLECTED, THEY ARE SECURELY DELETED OR ANONYMISED.
NORFINNA IMPLEMENTS APPROPRIATE TECHNICAL AND ORGANISATIONAL MEASURES IN ORDER TO ENSURE A LEVEL OF SECURITY APPROPRIATE TO THE RISK ASSOCIATED WITH THE PROCESSING OF PERSONAL DATA.
SUCH MEASURES INCLUDE ENCRYPTED DATA TRANSMISSION THROUGH SECURE HTTPS CONNECTIONS, ACCESS CONTROL SYSTEMS THAT RESTRICT ACCESS TO AUTHORISED PERSONNEL ONLY, SECURE INFORMATION TECHNOLOGY INFRASTRUCTURE AND INTERNAL POLICIES GOVERNING CONFIDENTIALITY AND DATA SECURITY.
THE COMPANY REGULARLY REVIEWS ITS INFORMATION SECURITY PRACTICES IN ORDER TO MAINTAIN A HIGH LEVEL OF DATA PROTECTION.
INDIVIDUALS WHOSE PERSONAL DATA ARE PROCESSED THROUGH THE NORFINNA WEBSITE HAVE CERTAIN RIGHTS UNDER THE GDPR.
DATA SUBJECTS HAVE THE RIGHT TO OBTAIN CONFIRMATION AS TO WHETHER PERSONAL DATA CONCERNING THEM ARE BEING PROCESSED AND TO ACCESS SUCH DATA.
DATA SUBJECTS HAVE THE RIGHT TO REQUEST THE CORRECTION OF INACCURATE OR INCOMPLETE PERSONAL DATA.
UNDER CERTAIN CIRCUMSTANCES, DATA SUBJECTS HAVE THE RIGHT TO REQUEST THE ERASURE OF THEIR PERSONAL DATA.
DATA SUBJECTS MAY ALSO REQUEST THE RESTRICTION OF PROCESSING OR OBJECT TO THE PROCESSING OF THEIR PERSONAL DATA WHERE THE LEGAL REQUIREMENTS FOR SUCH REQUESTS ARE MET.
WHERE PROCESSING IS BASED ON CONSENT, DATA SUBJECTS HAVE THE RIGHT TO WITHDRAW THEIR CONSENT AT ANY TIME.
REQUESTS CONCERNING DATA SUBJECT RIGHTS MAY BE SUBMITTED USING THE CONTACT INFORMATION PROVIDED IN THIS DOCUMENT.
THE NORFINNA WEBSITE USES COOKIES AND SIMILAR TECHNOLOGIES IN ORDER TO ENSURE THE TECHNICAL FUNCTIONALITY OF THE WEBSITE AND TO IMPROVE USER EXPERIENCE.
COOKIES ARE SMALL TEXT FILES THAT ARE STORED ON A USER’S DEVICE WHEN VISITING A WEBSITE. THESE FILES ENABLE THE WEBSITE TO RECOGNISE THE USER’S DEVICE AND REMEMBER CERTAIN INFORMATION ABOUT THE USER’S VISIT.
ESSENTIAL COOKIES ARE REQUIRED FOR THE BASIC FUNCTIONALITY OF THE WEBSITE AND ENABLE CORE FUNCTIONS SUCH AS PAGE NAVIGATION AND WEBSITE SECURITY.
FUNCTIONAL COOKIES ALLOW THE WEBSITE TO REMEMBER USER PREFERENCES AND SETTINGS.
ANALYTICS COOKIES MAY BE USED TO COLLECT STATISTICAL INFORMATION ABOUT WEBSITE USAGE IN ORDER TO IMPROVE WEBSITE PERFORMANCE AND CONTENT. ANALYTICS TOOLS MAY INCLUDE TECHNOLOGIES SUCH AS Google Analytics.
MARKETING COOKIES MAY BE USED TO MEASURE THE EFFECTIVENESS OF ONLINE MARKETING CAMPAIGNS AND TO DISPLAY RELEVANT ADVERTISEMENTS.
NON-ESSENTIAL COOKIES ARE USED ONLY WHERE THE USER HAS PROVIDED CONSENT THROUGH A COOKIE CONSENT MECHANISM IMPLEMENTED ON THE WEBSITE.
USERS MAY MANAGE OR WITHDRAW THEIR COOKIE CONSENT AT ANY TIME THROUGH THEIR BROWSER SETTINGS OR THROUGH THE COOKIE CONSENT INTERFACE AVAILABLE ON THE WEBSITE.
DATA SUBJECTS HAVE THE RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT DATA PROTECTION AUTHORITY IF THEY BELIEVE THAT THE PROCESSING OF THEIR PERSONAL DATA VIOLATES APPLICABLE DATA PROTECTION LEGISLATION.
THE COMPETENT AUTHORITY IN FINNLAND IS THE:
Office of the Data Protection Ombudsman
RATAPIHANTIE 9
00520 HELSINKI
FINNLAND
WEBSITE: HTTPS://TIETOSUOJA.FI
THE CONTENT OF THE NORFINNA WEBSITE IS PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY.
ALL CONTENT, INCLUDING TEXTS, LOGOS, GRAPHICS AND OTHER MATERIALS, IS THE PROPERTY OF NORFINNA OR ITS LICENSORS AND IS PROTECTED BY APPLICABLE COPYRIGHT AND INTELLECTUAL PROPERTY LAWS.
UNAUTHORISED REPRODUCTION, DISTRIBUTION OR MODIFICATION OF WEBSITE CONTENT IS PROHIBITED WITHOUT PRIOR WRITTEN PERMISSION FROM NORFINNA.
NORFINNA DOES NOT GUARANTEE THAT THE WEBSITE WILL BE AVAILABLE WITHOUT INTERRUPTION OR THAT ALL INFORMATION PRESENTED ON THE WEBSITE IS FREE FROM ERRORS.
TO THE EXTENT PERMITTED BY LAW, NORFINNA SHALL NOT BE LIABLE FOR ANY DIRECT OR INDIRECT DAMAGES ARISING FROM THE USE OF THE WEBSITE.
THIS WEBSITE IS OPERATED BY NORFINNA.
ALL USERS OF THE WEBSITE AGREE TO USE THE WEBSITE IN COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS.
THE USE OF THE WEBSITE FOR UNLAWFUL PURPOSES OR IN A MANNER THAT MAY DAMAGE THE WEBSITE OR ITS TECHNICAL INFRASTRUCTURE IS STRICTLY PROHIBITED.
NORFINNA RESERVES THE RIGHT TO UPDATE OR MODIFY THIS WEBSITE COMPLIANCE DOCUMENT AT ANY TIME IN ORDER TO REFLECT CHANGES IN LEGAL REQUIREMENTS OR BUSINESS OPERATIONS.
THE MOST CURRENT VERSION WILL ALWAYS BE AVAILABLE ON THE NORFINNA WEBSITE.
2026 Norfinna. All Rights Reserved.