Privacy Policy – Tim-Nordic OY

Effective Date: 2025-08-12
Last Updated: 2025-08-12

1. Introduction

Tim-Nordic OY (“we”, “us”, “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services or visit our website.

This policy applies to our business-to-business (B2B) operations in the Nordic market and complies with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

2. Data Controller Information

Data Controller:
Tim-Nordic OY
Business ID: [Insert Finnish Business ID]
Address: Hirsalantie 11, 02420 Jorvas, Finland
Email: sales@timnordic.fi

Data Protection Contact:
For privacy-related inquiries: sales@timnordic.fi

3. What Personal Data We Collect

3.1 Business Contact Information

  • First and last name
  • Job title and company name
  • Business email address
  • Business phone number
  • Company address
  • VAT number (when applicable)

3.2 Order and Transaction Data

  • Purchase history and order details
  • Billing and delivery addresses
  • Payment information (processed by our payment providers)
  • Communication records related to orders

3.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Website usage data via cookies
  • Login credentials (encrypted)

3.4 Communication Data

  • Email correspondence
  • Support ticket information
  • Marketing preferences
  • CRM interaction history

4. How We Collect Personal Data

We collect personal data through:

  • Direct provision when you place orders or contact us
  • Business cards and networking events
  • Website forms and account registration
  • Email communications
  • Cookies and similar technologies
  • Public business directories and professional networks

5. Legal Basis for Processing

We process your personal data based on:

5.1 Contract Performance

  • Processing orders and delivering products
  • Customer service and support
  • Managing business relationships

5.2 Legitimate Interests

  • CRM and customer relationship management
  • Business development and sales activities
  • Website security and fraud prevention
  • Internal business administration

5.3 Consent

  • Marketing communications and newsletters
  • Non-essential cookies
  • Promotional activities

5.4 Legal Obligations

  • Accounting and tax requirements
  • Compliance with applicable business laws

6. How We Use Your Personal Data

6.1 Order Processing

  • Fulfilling purchase orders
  • Payment processing
  • Delivery coordination
  • Customer service and support

6.2 Business Relationship Management

  • Maintaining customer accounts
  • CRM activities
  • Follow-up communications
  • Product recommendations

6.3 Marketing (with consent)

  • Newsletters and product updates
  • Promotional offers
  • Market research and surveys
  • Event invitations

6.4 Legal and Administrative

  • Compliance with accounting laws
  • Tax reporting
  • Legal dispute resolution
  • Business record keeping

7. Data Sharing and Third Parties

7.1 Payment Processors

We share the necessary payment information with:

  • Stripe: For payment processing
  • Svea: For payment and invoicing services

7.2 Shipping Companies

We share delivery information with shipping partners, including:

  • DHL, TNT, UPS, and other carriers
  • Information shared: Name, delivery address, contact details for delivery notifications

7.3 Service Providers

  • CRM System: Customer relationship management
  • Email Service Providers: For business communications
  • IT Support: System maintenance and security
  • Accounting Software: Financial record keeping

7.4 Legal Requirements

We may disclose data when required by:

  • Court orders or legal processes
  • Regulatory authorities
  • Law enforcement agencies
  • Tax authorities

8. International Data Transfers

Some of our service providers may be located outside the EU/EEA. In such cases, we ensure adequate protection through:

  • EU adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules
  • Other appropriate safeguards as required by GDPR

9. Data Retention

9.1 Business Relationship Data

  • Active customers: Throughout the business relationship plus 3 years
  • Inactive customers: 3 years after last transaction
  • Marketing data: Until consent is withdrawn

9.2 Legal Requirements

  • Accounting records: 10 years (Finnish Accounting Act)
  • Tax records: As required by applicable tax laws
  • Legal documentation: Duration of applicable limitation periods

9.3 Technical Data

  • Website logs: 12 months
  • Security logs: 24 months
  • Cookies: As specified in our Cookie Policy

10. Your Rights Under GDPR

10.1 Right of Access

Request a copy of the personal data we hold about you.

10.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data, subject to legal obligations.

10.4 Right to Restrict Processing

Request a limitation on how we process your data.

10.5 Right to Data Portability

Receive your data in a structured, machine-readable format.

10.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes.

10.7 Right to Withdraw Consent

Withdraw consent for processing activities that require consent.

To exercise these rights, contact us at: sales@timnordic.fi

11. Cookies and Website Technologies

11.1 Cookie Types

  • Essential Cookies: Required for website functionality
  • Performance Cookies: Help us improve website performance
  • Marketing Cookies: Used for targeted marketing (with consent)

11.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

11.3 Third-Party Analytics

We may use analytics services to understand website usage. These services may use cookies and similar technologies.

12. Data Security

12.1 Technical Measures

  • SSL/TLS encryption for data transmission
  • One-way hash algorithms for password storage
  • Regular security assessments
  • Access controls and authentication

12.2 Organisational Measures

  • Staff training on data protection
  • Confidentiality agreements
  • Incident response procedures
  • Regular policy reviews

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach

14. Children’s Privacy

Our services are designed for business use only. We do not knowingly collect personal data from individuals under 16 years of age.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Updates will be posted on our website with the revision date. For material changes, we will provide additional notice via email.

16. Supervisory Authority

You have the right to lodge a complaint with the Finnish Data Protection Authority if you believe we have not handled your personal data in accordance with applicable laws.

Finnish Data Protection Authority
Website: tietosuoja.fi
Email: tietosuoja@om.fi

17. Contact Information

For questions about this Privacy Policy or data protection matters:

Email: sales@timnordic.fi
Address: Hirsalantie 11, 02420 Jorvas, Finland

This Privacy Policy is available in multiple languages. In case of discrepancies, the English version shall prevail.