Nordic Transfer respects your privacy and processes personal data in accordance with the EU General Data Protection Regulation (GDPR, EU 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018). This policy describes which data we collect, why, how long it is stored, and what rights you have.
1. Data controller
The data controller is Nordic Transfer, operating under Finnish jurisdiction. Questions about data processing can be sent to nordictransferkontakt@gmail.com.
2. What data we collect
Depending on how you use the platform, we collect the following categories of data:
- Broker accounts: name, email, phone, agency name, country, website and any profile picture.
- Listing information: data about the companies that brokers publish, including financial figures and images.
- Inquiries: name, email, phone and message from people contacting brokers via the platform.
- Contact messages: name, email and message submitted via our contact form.
- Technical data: IP address, browser, device type and logs for security and operational purposes.
3. How the data is used
We process personal data in order to:
- provide, operate and improve the platform,
- enable communication between buyers, sellers and brokers,
- send transactional emails (e.g. inquiry notifications),
- comply with legal obligations and prevent misuse of the service.
The legal basis is performance of a contract (GDPR art. 6.1.b), legitimate interest (art. 6.1.f) and in some cases consent (art. 6.1.a).
4. Retention period
Broker accounts and associated listings are stored as long as the account is active. Inquiries and contact messages are stored for up to 24 months for follow-up, after which they are deleted or anonymised. Accounting and invoicing records are retained under the Finnish Accounting Act (Kirjanpitolaki 1336/1997).
5. Recipients and sharing
We never sell your personal data. Data is shared only with:
- technical sub-processors (e.g. cloud database, email delivery and image storage) acting as data processors,
- authorities when required by law.
Where data is transferred outside the EU/EEA, it is done with appropriate safeguards under GDPR Chapter V (e.g. EU standard contractual clauses).
6. Your rights
Under GDPR art. 15–22 you have the right to:
- request access to the personal data we hold about you,
- request rectification of inaccurate data,
- request erasure ("the right to be forgotten"),
- request restriction of processing,
- object to processing based on legitimate interest,
- request data portability.
You also have the right to lodge a complaint with the supervisory authority — in Finland the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi).
7. Cookies
The platform uses necessary cookies to keep you signed in and for operational purposes (session cookies). We also use anonymised statistics cookies to understand how the service is used. You can delete cookies at any time via your browser. Non-essential cookies are only set with your consent.
8. Security
We apply technical and organisational measures to protect personal data, including encryption in transit (TLS), access controls and logging. No system is fully risk-free — contact us immediately if you suspect an incident.
9. Applicable law
This policy is governed by Finnish law, including the Finnish Data Protection Act (Tietosuojalaki 1050/2018) together with GDPR. Disputes are resolved in Finnish courts with the District Court of Helsinki (Helsingin käräjäoikeus) as the court of first instance.
10. Changes
We may update this policy. The latest version is always available on this page with an updated date at the top.