top of page

Privacy Policy

Privacy and Data Protection Statement

This is the privacy and data protection statement of the company Navarco Nord EU in accordance with the General Data Protection Regulation (GDPR). The purpose of this document is to provide the company’s customers with transparent and up-to-date information about how their personal data is processed, for what purposes, and how it is protected.

Prepared on 21.04.2025.

1. Data Controller
Navarco Nord
Business ID: 0807624-5

2. Contact Person Responsible for the Register
Jyrki Puukangas
Email: jyrki.puukangas@navarco.fi

3. Name of the Register
Customer Register of Navarco Nord

4. Legal Basis and Purpose of Processing Personal Data
Personal data is processed for purposes related to managing, administering, and developing the customer relationship, providing and delivering services, as well as for service development and invoicing. It is also processed for purposes required to handle possible complaints and claims.

Personal data is also processed in customer communications, such as for information and news purposes, as well as in marketing. This includes both direct and electronic direct marketing.
The customer has the right to prohibit direct marketing.

The legal bases for processing personal data under the GDPR are:

  • The data subject has given consent for the processing of their personal data for one or more specific purposes (GDPR Art. 6.1.a);

  • Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Art. 6.1.b);

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Art. 6.1.f).
     

5. Data Content of the Register
The data stored in the register includes: name, position, company/organization, contact details (phone number, email address, postal address), website addresses, IP address of the internet connection, information about ordered services and changes thereto, billing information, and other data related to the customer relationship and ordered services.
Data collected is retained only for as long and to the extent necessary for the original or compatible purposes for which the personal data was collected.

The need to retain data is assessed every five years. Personal data of a registered individual will be deleted five years after the end of the customer relationship, once all related obligations and actions have been completed. For example, accounting records are retained for five years after the end of the financial year.
The data controller regularly assesses the necessity of data retention in accordance with internal guidelines. The controller also takes all reasonable steps to ensure that any inaccurate, incorrect, or outdated personal data is promptly deleted or corrected.

IP addresses of website visitors and cookies necessary for service functionality are processed based on legitimate interest, for example, for maintaining data security and collecting statistical information, where such data can be considered personal data.
 
6. Regular Sources of Information
The data stored in the register is primarily obtained from the customer via messages sent through web forms, email, phone, social media, contracts, customer meetings, and other situations where the customer provides their information. Contact information of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other businesses.
 
7. Regular Disclosures and Transfers of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.
Personal data is primarily stored within the European Union (EU) and European Economic Area (EEA). However, the website platform used by Navarco Nord operates on servers located outside the EU/EEA, which means that some customer-provided personal data may be processed outside the EU/EEA to enable the provision of the service.
 
8. Principles of Register Protection
The personal data database is located on a server accessible only to specifically authorized personnel whose job responsibilities require such access. The server is protected with an appropriate firewall and technical safeguards.
Access to databases and systems is granted only via individual usernames and passwords. The controller restricts access rights and permissions to data systems and other storage platforms so that only those individuals who need the data for lawful processing purposes can view and handle it.
 
9. Right of Access and Right to Request Correction
Every individual in the register has the right to inspect their stored personal data and to request correction of any inaccurate or incomplete data. If a person wishes to review or correct their stored data, a written request must be sent to the data controller. The controller may ask the requester to verify their identity. The controller will respond within the timeframe required by GDPR (typically within one month).
 
10. Other Rights Related to the Processing of Personal Data
A data subject has the right to request the deletion of their personal data (“right to be forgotten”).
Under the GDPR, the data subject has the following rights:

  • The right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed, and, if so, access to the personal data and the following information:
    (i) the purposes of the processing;
    (ii) the categories of personal data concerned;
    (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed;
    (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing or to object to such processing;
    (vi) the right to lodge a complaint with a supervisory authority;
    (vii) if the personal data is not collected from the data subject, any available information as to its source (GDPR Art. 15).
    These details (i–vii) are provided to the data subject via this form.

  • The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Art. 7);

  • The right to have inaccurate or incorrect personal data corrected without undue delay and to have incomplete data completed, including by providing a supplementary statement, considering the purposes of the processing (GDPR Art. 16);

  • The right to have personal data erased without undue delay, provided that:
    (i) the data is no longer necessary for the purposes for which it was collected;
    (ii) the data subject withdraws consent, and there is no other legal basis for processing;
    (iii) the data subject objects to processing on grounds relating to their particular situation, and there are no overriding legitimate grounds;
    (iv) the data was processed unlawfully; or
    (v) the data must be erased to comply with a legal obligation under Union or national law (GDPR Art. 17);

  • The right to restrict processing if:
    (i) the accuracy of the personal data is contested by the data subject (restriction applies during the verification period);
    (ii) the processing is unlawful and the data subject opposes erasure and requests restriction instead;
    (iii) the controller no longer needs the data, but the data subject requires it for legal claims;
    (iv) the data subject has objected to processing pending verification whether the controller’s legitimate grounds override those of the data subject (GDPR Art. 18);

  • The right to receive personal data provided by the data subject in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where the processing is based on consent or contract and is carried out by automated means (GDPR Art. 20);

  • The right to lodge a complaint with a supervisory authority if the data subject believes that the processing of their personal data infringes the GDPR (GDPR Art. 77).

Requests regarding these rights should be directed to the contact person mentioned in section 2.
 
11. Web Analytics
The following services collect anonymized data on website visits without personal information:

  • Google Analytics – Google LLC, United States
     

12. Targeted Advertising
Based on website visits, we may carry out targeted advertising using the following services:

  • Meta Ads – Meta Platforms Inc., United States

  • Google – Google LLC, United States

bottom of page