Privacy Policy

Last updated: 23 October 2025

This Privacy Policy explains how TS Capital & Consulting Oy (operating as NordicCosta) (“we”, “us”, “our”) collects and processes personal data on the NordicCosta marketplace.

This policy reflects our practices under the EU General Data Protection Regulation (GDPR) and Finnish law.
If you have any privacy-related questions, please contact us at info@nordiccosta.com.

1. Data Controller

TS Capital & Consulting Oy (operating as NordicCosta)
Business ID: 3131822-2
Email: info@nordiccosta.com

2. What Data We Collect

Data you provide

  • Account details (name, email, phone, language, country)
  • Provider details (company info, services, payout details via our payment partner)
  • Order information (bookings, messages, reviews)
  • Support requests, uploaded files, or other materials

Data collected automatically

  • Technical data (browser, OS, device, anonymized IP, time zone, country/city)
  • Usage data (page views, searches, performance metrics)
  • Anonymous analytics data (see Section 7)

We do not collect sensitive data or knowingly process information about users under 18 years of age.

3. Legal Bases for Processing

We process personal data under the GDPR on the following bases:

  • Operating the marketplace

    • Creating and managing accounts, listings, orders, in-app messages
    • Legal basis: Contract (GDPR Art. 6(1)(b))

  • Payments, payouts, invoicing and bookkeeping

    • Payment processing via our PSP, payouts to providers, statutory records
    • Legal basis: Legal obligation (Art. 6(1)(c)) and Contract (Art. 6(1)(b))

  • Security, fraud prevention and abuse handling

    • Protecting users, detecting misuse, enforcing policies
    • Legal basis: Legitimate interests (Art. 6(1)(f))

  • Customer support and incident handling

    • Answering questions, resolving disputes, service notifications
    • Legal basis: Contract (Art. 6(1)(b)) and/or Legitimate interests (Art. 6(1)(f))

  • Reviews and other trust features

    • Collecting and displaying verified reviews/ratings
    • Legal basis: Legitimate interests (Art. 6(1)(f))

  • Anonymous, cookie-free analytics

    • High-level usage metrics without personal identifiers
    • Legal basis: Legitimate interests (Art. 6(1)(f))

  • Marketing and CRM communications

    • Newsletters, offers, lifecycle messages (including via CRM/marketing tools)
    • Legal basis: Consent (Art. 6(1)(a)).
      • B2B exception: For communications to corporate contacts, we may rely on Legitimate interests (Art. 6(1)(f)) where permitted by local law, with a clear opt-out at any time.

  • Marketing/remarketing cookies and pixels (if/when used)

    • Advertising measurement and personalization
    • Legal basis: Consent (Art. 6(1)(a)) via a compliant consent mechanism

4. Data Sharing and Processors

We share personal data only with trusted service providers essential to operating and improving our marketplace:

  • Payment processing partner (Stripe Payments Europe, Ltd.) – payments, payouts, verification
  • Hosting and infrastructure services – secure platform operation and backups
  • Analytics tools – anonymous traffic measurement (see Section 7)
  • Email and CRM / marketing tools (such as Brevo, HubSpot, or similar) – used to manage customer relationships, send service notifications, or deliver marketing content to users who have given consent
  • Support and communication tools – for order confirmations, receipts, and customer inquiries

All partners are bound by GDPR-compliant Data Processing Agreements and process data only on our instructions.
We do not sell or share data for advertising or resale purposes.

5. Data Retention

  • User accounts: stored while the account is active
  • Transactions and accounting data: 6 years (Finnish bookkeeping law)
  • Support and chat records: up to 24 months after case closure
  • Analytics data: anonymized and aggregated

When retention periods expire, data is securely deleted or permanently anonymized.

6. Payments

All payments and payouts are processed through a secure EU payment provider.
We do not store card or bank details.
The payment partner acts as an independent data controller for payment information and provides receipts automatically to customers.
VAT invoices for services are issued by each individual provider (seller).

See payment partner’s privacy notice: https://stripe.com/privacy

7. Analytics (Anonymous, No Cookies)

We use Plausible Analytics, a privacy-focused, cookie-free analytics tool hosted in the EU. It helps us understand general website usage (e.g. which pages are visited, from which countries) without identifying individual users or tracking devices.

Plausible does not use cookies, local storage, or browser fingerprinting. No personal data (such as IP addresses or user IDs) is stored or shared. All data is anonymized and aggregated.

This allows us to monitor and improve the platform's performance in full compliance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.

Users are not tracked across sessions or websites, and no consent is required under the ePrivacy Directive.

More information: https://plausible.io/data-policy

8. Email Marketing and CRM

We may contact users via email for legitimate business or marketing purposes.
You may receive:

  • service-related updates (bookings, confirmations, or account messages)
  • newsletters or offers (only if you have opted in)

We use GDPR-compliant tools such as Brevo or HubSpot to manage our mailing lists, store opt-in consents, and measure communication performance (e.g., open or click rates).

You can unsubscribe from any marketing email at any time by clicking the unsubscribe link in the email or by contacting info@nordiccosta.com.

9. Marketing and Third-Party Advertising

We promote the NordicCosta platform using third-party advertising platforms, such as Meta (Facebook/Instagram), Google Ads, and LinkedIn. These platforms may use their own data to show relevant ads to users.

We do not currently use advertising pixels, remarketing tags, or tracking cookies on our website. Visitors are not tracked across websites, and no advertising identifiers are stored or shared.

If in the future we introduce such tools, we will implement a cookie consent mechanism and update this privacy policy accordingly.

10. Your Rights

You have the right to:

  • Access, correct, or delete your data
  • Request restriction or object to processing based on legitimate interest
  • Withdraw consent (for marketing communications)
  • Receive a copy of your data in a portable format

To exercise your rights, contact info@nordiccosta.com.
You may also contact the Finnish Data Protection Ombudsman: https://tietosuoja.fi/en

11. Security

We apply strong technical and organizational safeguards including TLS encryption, secure authentication, limited internal access, and regular backups.
While we take all reasonable steps to protect your data, no online service is entirely risk-free — please keep your login credentials confidential.

12. Children

Our service is intended for adults aged 18 and over.
If we become aware that a minor’s data has been submitted, it will be removed promptly.

13. Policy Updates

We may update this policy to reflect changes in our services or in applicable laws.
The latest version is always available at www.nordiccosta.com/privacy-policy.
Material updates will be clearly communicated on our website.

Summary

NordicCosta does not use cookies or advertising trackers.
Visitor statistics are collected anonymously and in compliance with GDPR.
Customer and marketing communications are handled only with explicit consent or legitimate business interest.