1. Data Controller

• Nordic C-Management Oy
• Business ID: 2485085-1
• Salomonkatu 17 B, 00100 Helsinki
• asiakaspalvelu@c-management.fi

2. Contact Person for Registry Matters

• Jörgen Weckström
• asiakaspalvelu@c-management.fi

3. Name of the Register

• Nordic C-Management Customer Register

4. Registered Individuals

• Customer company representatives
• Employees of customer companies (payroll, HR services)
• Company owners and board members
• Partners and service providers
• Website users (cookies, analytics)

5. Purpose of Processing Personal Data

Collected data is used for the following purposes:

• Accounting and financial management – Taxes, financial statements, payment transactions
• Payroll and HR services – Employment contracts, payroll processing
• Customer relationship management – Communication, invoicing, contracts
• Internationalization services – Market analysis, business development
• Website analytics – Cookies, user experience

All data processing is based on:

• Contracts and customer relationships
• Legal obligations (Accounting Act, tax legislation)
• Consent from the data subject (e.g., marketing communications)

6. Contents of the Register

Stored data includes:

• Contact information – Name, email, phone number, job title
• Accounting data – Invoices, payments, contract documents
• Payroll data – Salaries, tax information, bank account numbers, work records
• Website analytics – IP address, browser, operating system

Updating and deleting data:

• Customers may request updates or deletion of their data unless required by law.

7. Regular Data Disclosures

Data may only be disclosed to:

• Authorities – Tax Administration, pension insurance institutions
• Payroll and financial management services – Software providers, accounting firms
• Banks and payment service providers – Salary payments, financial transactions
• IT and security services – System providers

Data is not sold or disclosed for marketing purposes without consent.

8. Transfer of Data Outside the EU

• Data is primarily not transferred outside the EU/EEA.
• In exceptional cases, EU-approved safeguards are applied.

9. Data Security Principles

Data is protected using:

• Firewalls, encryption, and access control
• Only authorized employees have access to the data
• Regular security audits

10. Data Retention and Deletion

Data retention periods:

• Accounting data – 6 years (Accounting Act)
• Payroll data – 10 years (Tax legislation)
• Customer data – 2 years after the end of the customer relationship
• Analytics data – Based on cookie policies

Data deletion:

• When the retention period ends, data is deleted or anonymized.
• Customers may request data deletion unless legally restricted.

11. Data Subject Rights

The data subject has the right to:

• Confirm whether their data is being processed
• Access and correct their data
• Request data deletion if there is no valid reason for processing
• Restrict or object to data processing
• Withdraw consent (e.g., marketing)
• Lodge a complaint with the Data Protection Authority

Requests will be processed within 30 days.

12. Cookies

Cookies are used for the following purposes:

• Essential cookies – Basic website functions
• Analytics cookies – Website usage tracking (Google Analytics)
• Functional cookies – Language settings, user experience
• Marketing cookies – Targeted content and advertising (only with consent)

Managing cookies:

• Users can manage and delete cookies through their browser settings.