NoCFO Oy ("Company" or "we") processes the personal data of its customers to manage customer relationships, fulfill contractual obligations, provide services, maintain our CRM system, communicate with customers, and for direct marketing purposes. In addition to current customers, the Company may also process the personal data of prospective customers.
We collect customer-related data ("Customer Data") and technical analytics data ("Analytics Data").
Although Analytics Data is not usually used to identify individuals, in some cases individuals may be identifiable either by itself or in combination with Customer Data. In such cases, Analytics Data is treated as personal data under applicable legislation and we process the combined data accordingly.
Most Customer Data is collected directly from the customer or the data subject. In addition, personal data may be collected and updated from various data services and public registers.
Read more about cookies and web analytics tools in our Cookie Policy.
We process personal data primarily to provide services to our customers and to operate, maintain, and develop our business. Personal data may be used to fulfill our contractual obligations toward the customer. If the customer contacts our customer service, we use the provided data to respond to inquiries and resolve issues.
We may process personal data to contact our customers regarding our services and to notify them of service changes, to collect and manage customer feedback, and to market our services.
We may process data about service usage to improve the quality of our services, for example by analyzing usage trends. We aim to use anonymized or pseudonymized data for this purpose, from which individuals cannot be identified.
We process personal data primarily to comply with contracts with customers and based on our legitimate interest to operate, maintain, and develop our business and customer relationships. When processing is based on our legitimate interest, we weigh our interests against your privacy rights.
Additionally, we process personal data to fulfill our legal obligations such as those required by the Accounting Act. In some situations, we may request your consent for data processing. In such cases, the consent may be withdrawn at any time.
Customer relationship data used to fulfill agreements is deleted no later than three (3) months after the relationship ends. Consent-based communications are stored until consent is withdrawn. Accounting data is retained for six (6) years in accordance with the Accounting Act.
The Company primarily stores your personal data within the European Economic Area (EEA).
However, the service providers we use operate in multiple geographical regions. We and our service providers may transfer personal data to or access personal data from countries outside the EEA or your country of residence.
In such cases, we ensure that your data is sufficiently protected in those regions where it is processed. We arrange appropriate safeguards for transfers outside the EEA through contracts based on European Commission–approved Standard Contractual Clauses or other lawful mechanisms, such as the Privacy Shield framework (where applicable).
We do not disclose your personal data to third parties outside the Company, except in the following situations:
To the extent that third parties need access to personal data to provide the services, the Company ensures appropriate contractual and organizational measures are in place to ensure that data processing occurs solely for the purposes outlined in this Privacy Notice and in accordance with applicable laws and regulations.
We may disclose personal data to third parties if access to or use of the personal data is reasonably necessary (i) to comply with any applicable law, regulation, and/or court order; (ii) to detect, prevent, or address fraud, security, or technical issues; and/or (iii) to protect the interests, property, or safety of the Company, its customers, or the public, in accordance with the law. Where possible, we will notify affected customers about such disclosures.
We may disclose personal data to our authorized service providers (including subcontractors providing storage, sales, marketing, or customer support services). If you provide personal data directly to a third party through a link on our website or in connection with the use of the service, the processing of personal data will typically be governed by that third party's own documentation and standards.
We may disclose personal data to third parties outside our organization for purposes not listed above if we have your explicit consent. You may withdraw your consent at any time.
If the Company is involved in a merger, acquisition, or other business transaction, we may disclose personal data to a third party involved in the transaction. In such cases, we ensure that all personal data remains confidential. We will notify affected customers as soon as reasonably possible about any data transfers or changes in privacy policies resulting from such transactions.
To exercise any of the above rights, please send the following information by post or secure email: name, address, phone number, and a copy of a valid ID. We may request additional information to verify your identity.
We may refuse requests that are unreasonably repetitive, excessive, or clearly unfounded.
We may send you announcements about our services and other direct marketing.
You always have the right to prohibit us from using your personal data for direct marketing, market research, or profiling by contacting us using the details above.
We have implemented administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our safeguards are designed to maintain an appropriate level of confidentiality, integrity, and availability of data.
Only authorized personnel with work-related justification have access to personal data. Access is protected by individual user credentials, passwords, and access rights.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of personal data violates applicable data protection laws.
Last Updated: May 20, 2025
