About Nordic Business House & personal information protection


The Chinese government has released a new national standard on personal information protection National standard on personal information protection, effective from May 1 2018. It lays out detailed new regulations for user consent, as well as how personal data is collected, stored, and shared. The language in the standard is comprehensive and contains more onerous requirements than even the European Union’s General Data Protection Regulation (GDPR).


Privacy Policy

In this Privacy Policy (“Policy”), we explain how Nordic Business House process (meaning collect, use, maintain and disclose) personal data of the users to our Services (as defined in our terms, and proposal). Service users and Site visitors are referred to as “Users”. Please note that this Policy does not describe the details of such personal data processing that is performed on behalf of our customers, in conjunction with supply of the Services, such as details about earned media or snippets from social media accounts.

In this Policy, you can learn about:

What type of personal data we process.
When and how we collect personal data.
How and why we use collected personal data.
Applicable legal grounds for our processing of personal data.
Your rights in relation to the personal data we process about you.
Our company information and contact details, so you can reach out to us, should you have further questions.

In the course of visiting the Site or using the Service, users may be asked for, as appropriate, name, email address, phone number, or credit card or payment information. We will collect such personal data from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal data, except that it may prevent them from engaging in certain Site or Service related activities.

From time to time, we also process technical data attributable to an individual, such as Users’ computer, browser, or mode for connecting to our Site (such as operating system, Internet access service providers, and other similar information.)

We may (ourselves or via a third party) collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit or interact with our Site or Service, such as when they register on the Site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site or via the Service.

Our Site may use ”cookies” to enhance the User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly. We store cookies for up to 3 months. So called session cookies are deleted immediately upon User closes the browser session.

Nordic Business House collects and uses Users’ personal data for the purposes described below. In conjunction with each purpose, we’ve also included details on which legal ground is relevant for this type of processing.

To improve customer service – Information you provide helps us respond to your customer service requests and support needs more efficiently.

Applicable legal ground: Necessary for the purposes of our legitimate interests, where such interest is due fulfilment of our service agreement with our customer.

To personalize user experience – We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

Applicable legal ground: Necessary for the purposes of our legitimate interests, where such interest is either i) due fulfilment of our service agreement with our customer, or ii) our need for understanding how we can improve our Service and/or the Site.

To improve our Site – We may use feedback you provide to improve our Service and the Site.

Applicable legal ground: Necessary for the purposes of our legitimate interests, where such interest is either i) due fulfilment of our service agreement with our customer, or ii) our need for understanding how we can improve our Service and/or the Site.

To process payments – We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the Service.

Applicable legal ground: Necessary to fulfil a legal requirement, where such requirement consist of a legal obligation for us to keep record of our transactions (according to applicable laws for book keeping and archiving, e.g. in Sweden: Bokföringslagen.

Necessary for the purposes of our legitimate interests, where such interest is due fulfilment of our service agreement with our customer.

To run a promotion, contest, survey or other Site feature – To send Users information about topics we think will be of interest to them.

Applicable legal ground: Necessary for the purposes of our legitimate interests, where such interest is due fulfilment of our service agreement with our customer, and you – as contact person working with our customer or presumptive customer – will need this information to perform your assigned work tasks.

To send periodic emails – We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

Applicable legal ground: Necessary for the purposes of our legitimate interests, where such interest is due fulfilment of our service agreement with our customer.

As you may see above, much of our processing of your personal data is based on that we think we have a legitimate interest to handle your personal data. We have put some good thinking into this and concluded that we didn’t think it fair to you (as an individual) to base our processing of your data on your consent. We would not want you to feel forced to consent to something you have limited control over, as opposed to consumer apps etc. which you may choose to use outside of work. From our point of view, Nordic Business House is a B2B service and you – as the contact person of our customer (or potential customer) – merely submit your personal data as part of your job for your employer/commissioner. In order to be perfectly transparent with you, we do not use your personal data to monitor you, as an individual, but merely to serve the needs of our customer.

We adopt appropriate data processing practices and security measures aligned with industry standard to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Sensitive and private data exchange between the Site or Service and its Users is made via a SSL secured communication channel, and is encrypted and protected with digital signatures.

We do not sell, trade, or rent Users personal data to others. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf , such as sending out newsletters or surveys (these suppliers are called “Data Processors”). Any such sharing of personal data to Data Processors is limited to the fulfilment of the purposes set out in this Policy. Some of our Data Processors have business operations in a non-EU / EEA country (so-called ”third countries”). In case we transfer your personal data to Data Processors in such third country, we will take appropriate safeguards and ensure that transferred personal data is handled in accordance with applicable data protection regulations. For example, we may sign the standard contractual clauses established by the European Commission regarding the protection of personal integrity with the Data Processor in question.

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to, or from, our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

You have several legal rights aimed at safeguarding your personal integrity in relation to the processing of your Personal Data. Below, we have summarized these rights to help you understand them and how you may exercise these rights. However, since the legal field is under continuous development, this list may not be exhaustive. For the avoidance of doubt, any additional rights following from new laws, regulations, or industry practices will apply in addition to our summary.

Right to information. Once per calendar year, you are entitled to, by signed application, obtain a transcript of our processing of your Personal Data, free of charge. Please send any such request to email address set out below. Please mark your email: “Request for information concerning data processing.”

Right to rectification. We will in our sole discretion, or upon your request, correct your Personal Data that is found to be incorrect or misleading.

Right to be forgotten. Should you choose to claim your right to be forgotten, we will delete your Personal Data as soon as possible. In addition to this, we will delete your Personal Data as soon as possible if:

You object to our processing and there are no overriding legitimate reasons that outweigh your right to personal integrity, or

The Personal Data must be erased for compliance with a legal obligation set out in Union- or Member State law, or

otherwise when your Personal Data has been unlawfully processed.

Your data was collected when you were younger than 18 years old and you do not want this data to be processed by us (provided there’s no other legal ground that overrides this).

Right to restriction. In some cases, you may require that the processing of your personal data is limited. In this case, limitation means that the personal data will be tagged so that it only processed for limited purposes in the future. As an example, you may invoke your right to limitation if you think that our current records of your personal information is incorrect and you have requested a correction. In such cases, you may also request that our processing of your personal data is limited while investigating the accuracy of the personal data.

Right to object. You are entitled to object to such processing of your personal data that is performed based on (in our opinion) our legitimate interest. If you want to file an objection, you need to specify what processing you are objecting. If you chose to object to processing, we may continue to process your personal data only if we can show that there really are legitimate reasons why your personal data must be processed by us, where these reasons must overrule your interest to protection for your personal integrity.

Right to information concerning transfer outside the EEA. You have the right to learn about which safety measures that apply to establish and maintain an adequate level of safety for your Personal Data when this information is transferred outside the EEA. If you would like to learn more about this, please contact us with your request using the e-mail address set out below.

Right to file complaint with the supervisory authority. You have the right to file complaints concerning our processing of your Personal Data with the supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten.

Right to damages. If you have suffered an injury due to that your personal data have been processed in violation of applicable data protection regulations, you may be entitled to damages. In such cases, after a written request, you may seek damages from us or bring an action for damages in court.

Nordic Business House reserves the right to update this privacy policy at any time in their sole discretion. For material changes, we will also send you direct notification, such as an e-mail. In addition to this, we will set out the date for launch of new versions at the bottom of this page, so you can keep track of which version applies to your data. We encourage Users to frequently check this page for any changes to stay informed about how we are handling personal data. For the avoidance of doubt, you acknowledge and agree that it is your responsibility to review this privacy policy periodically and stay informed of any modifications.

By using our Services and visiting the Site, you signify your acceptance of this Policy, as updated from time to time. If you do not agree to this Policy, please do not use our Service or visit our Site, or – regarding Cookies – adjust your browser settings. Your continued use of the Site and Services following the posting of changes to this policy will be deemed your acceptance of those changes.

If your access to the Service is terminated, we will keep your personal data for approximately 18 months, in order to facilitate for your return to the Service. If you do not wish us to do this, please let us know and we’ll remove your account as soon as possible.

If the ownership of our business or the Service changes (such as in the event of a merger with a third party, upon an equity sale, or transfer of all or a portion of our business or assets), Nordic Business House reserves the right to transfer and assign your information, subscription, user account and personal data to the new owner, or partners thereto, regardless whether they are resident and having business operations within or outside of the EU/EEA. This includes any assignment to a company within our group of companies, including an owner of, or subsidiary to Nordic Business House. Any new legal entity will still have to honour the commitments we have made in this Policy.

We understand that privacy can be tricky. If you have any further questions about this Policy, the practices of the Site, or your dealings with the Site, please contact us at:

Nordic Business House