Updated 7 June 2023
Contact Details in Data Protection Matters: firstname.lastname@example.org
2. Name of register
Customer, Marketing and Stakeholders Register
3. What data do we process and what is the purpose and the legal basis of processing the personal data?
Data subjects are the customers, potential customers and stakeholders of nodeflow GmbH.
4. From where do we receive data?
5. To whom do we disclose data, and do we transfer data outside of EU or EEA?
We may disclose data from this customer, supplier and marketing register to our co-operation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties are i.a. social media operators and advertisement networks). Otherwise we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.
We utilize subcontractors that process personal data on behalf of and for us. We have outsourced our IT management and the maintenance of our customer and marketing systems to outside service providers on whose administrated and protected servers the personal data is stored.
6. How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons
We store the data as long as it is necessary for the purpose of processing the data. Personal data in the Customer, Stakeholder and Marketing register is erased after the claim period related to a specific customer, stakeholder or service relationship has elapsed. This period is typically ten (10) years.
We regularly estimate the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
8. What are your rights as a data subject?
You have the right to access the personal data stored in this register concerning yourself, and the right to demand rectification or erasure of that data. You also have the right to withdraw your consent where we process your data based on your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object to processing or to request restriction of the processing of your personal data at any time and free of charge, and to lodge a complaint with the supervisory authority. Please, see a list for supervisory authorities’ websites here (Link to EU Commission’s website).
For specific personal reasons, you also have the right to object profiling and other processing concerning yourself, when processing the data is based on our legitimate interest. In connection with your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request based only on grounds provided by law.
All requests and requirements concerning this section should be submitted in writing to the address email@example.com.