- Noux Digital Ltd.
- Tel. +358 50 3040034
- VAT No. 3264807-1
1. What kinds of information do we process?
We collect and process data from nouxdigital.com and the Service.
Customer Data is data processed by us on behalf of the Customer using the Service. Customer data contains personal data. The purpose of the processing of this data is the provision of customer engagement and analytics tools in the Digital Sales Room. The Customer Data is owned by the Customer. Regarding Customer Data the Customer is the data controller and Noux Digital the data processor in the meaning of the EU Data Protection Laws (as defined in the DPA).
We process the following types of personal information:
- basic information on the customer, such as name, customer number, username and/or other unique identifier, service language,
- contact information of the customer, such as e-mail address, telephone number, address information,
- information on companies and their contact persons, such as VAT numbers and names and contact information of contact persons,
- information on customer relationships and contracts, such as information on past and present contracts and orders, correspondence,
- information on participants in events and other information related to events, such as a special diet, possible refusal of, or consent to, direct marketing,
- possible other information collected specifically with the consent of the customer.
The data content of the Service consists of the user accounts of the tool, information on customers and their contact persons and information on the use of the service.
The Service data (Users and sales room Visitors) contains the following types of information:
- name, title, company and VAT number, postal address, e-mail address, telephone number;
- customer history (e.g., customer feedback, contacts, chat conversations, orders, information on invoicing and debt collection);
- information on service use by identified customers and visitors (e.g., timestamp of most recent login, number of sales rooms and sales room elements, statistical information related to use).
Information on website visitors is collected with cookies and other similar techniques (e.g., language selection, address from which the visitor arrives, pages loaded, browser type, operating system, date and time, IP address) bans on and consents to direct marketing and other possible information given by the visitors themselves.
2. Benchmark Data
Benchmark Data is anonymous analytics data which we collect from the use of the Service. We use it across Noux Digital Services to provide better Service. Benchmark data does not contain personal data.
The Benchmark data is used for the following purposes:
- Improving the quality of our Services
- Data analysis (e.g., industry benchmarking) and research purposes
- Customer benchmarking and development
- Trend detection
- User profiling
- Content ranking and recommendations
Most browsers accept cookies automatically. However, you can change the settings of your browser to erase cookies or prevent them. In that case, we cannot guarantee that our website or Services will be able to provide you with the intended user experience.
Third Party Cookies
On our own website we also use third party cookies from the following Service providers to help us analyze trends and for tracking purposes, and to gather general information about our visitor base:
- Facebook collects data and analytics regarding traffic flows to/from Facebook and displays ads.
- Google Analytics collects data and analytics regarding the visitor base and traffic of the website.
- Google Ads is used for showing ads in connection with google search results.
- HubSpot is used for email tracking and analytics of website traffic and visitor data.
- Hotjar tracks the cursor movements and keypresses of the visitor and associated visitor analytics.
- Linkedin Marketing Solutions collects data and analytics regarding traffic flows to/from LinkedIn and displays ads.
- Leadfeeder identifies which companies are visiting the website.
4. Noux Digital Sales Room Visitor Consents
When using the Noux Digital Sales Room, our Customer is responsible for acquiring all applicable consents (regarding for example the processing of personal data and cookies) from the Digital Sales Room Visitors as necessary for the delivery of the Service.
5. Data Storage
We do not disclose information stored by us to any third parties. In the processing of personal information, we may make use of subcontractors working for us as specified in the DPA. We have outsourced communications technology to outside service providers, and personal information is saved on servers administered and protected by these. We have taken steps to protect your privacy by preparing a data processing agreement on the processing of personal information by our subcontractors.
Our servers are located in the EU. In addition, all Digital Sales Room documents and downloads are processed in the EU.
In relation to invitation and reminder messages and the recording of videos on the Service, we have outsourced the processing of your personal information to companies located in the United States.
We ensure that:
- a. the transfer is governed by and in accordance with a suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including, without limitation binding corporate rules for processors; or
- b. the transfer is governed by and in accordance with the standard contractual clauses based on the European Commission Decision on standard contractual clauses for data transfers between EU and non-EU countries, or any subsequent version thereof released by the European Commission (which shall automatically apply).
6. How do we protect the information and how long do we keep it?
Only those of our employees who have the right to handle customer information as part of their job are entitled to use the system containing personal information. All users have their own user account and password in the system. The information is collected in databases protected by firewalls, passwords, and other technical means.
The databases and their backup copies are kept in safe locations, and the data can only be accessed by named persons.
We only keep your personal information if is necessary for using the information. Personal information is erased from the register when a person whose information is in the register asks for it to be erased. After customer information is erased from the register of the Noux Service, it can be restored for two weeks. After this, the information can no longer be restored.
We assess the necessity of preserving information regularly, considering the applicable legislation. In addition, we take such reasonable measures as are necessary to ensure that personal information that is incompatible, outdated, or erroneous for the purposes of the processing is not kept in the register. We correct or erase this kind of information immediately.
7. Technical and Organizational Measures
We hereby confirm that we have the appropriate technical and organizational measures in place to meet the data processing requirements of the Data Processing Laws (as defined in the DPA). Our security guidelines are mainly based on ISO27001.
We have appointed a Data Protection Officer.
The Service is TLS protected. At rest-data encryption, IP access controls and high-security password controls are provided as a separate security tool.
We confirm that all persons we have authorized to process personal data of the Customer are bound with a written undertaking of confidentiality.
9. Data Breach Notices
In case we become aware of a data security breach affecting personal data we will report this to the Customer as required by Applicable Laws. In such case we will coordinate and assist the Customer in minimizing any damage and provide the Customer with the required information about the breach.
10. Data Subject Rights
As a registered person, you have the right to check the information saved on you in the register and demand that inaccurate information be erased or rectified. You also have the right to cancel or change your consent.
As a registered person, you have the right under the Data Protection Laws to oppose the processing of your information or ask the processing to be limited, and the right to lodge a complaint on the processing of personal information to the Supervisory Authority.
For special personal reasons, you also have the right to oppose profiling and other processing of your personal information when the basis for the processing is our legitimate interest. When making your demand, you must specify the situation based on which you oppose processing. We can only refuse to carry out a request concerning opposition on grounds given in law.
As a registered person, you also have the right to oppose processing at any time and free of charge, including profiling related to direct marketing.