Personal Data Act (523/1999) 10 § and 24 § and regulation EU (2016/679) including Directive 95/46/EC (General Data Protection Regulation)
Name of the register Customer register of Gemilo
Controller Gemilo Ltd ( Business ID 20990881). Polttimonkatu 4. 33210 Tampere The company’s registered office is in Finland. Contact person in matters related with the register: Katri Lietsala, 040 7499072, firstname.lastname@example.org
recognize the customer’s identity
To verify a corporate
customer’s authorization to sign on behalf of the company
process orders, helpdesk requests, change proposals and notifications
of faults made by the customer, deliveries, participation in joint
take care of communication related with orders, deliveries and
contracts, such as confirmations of orders and deliveries
with Gemilo Oy: for example with the sales, production or customer
take care and to develop customer relationships
measure customer satisfaction. Customer satisfaction is measured to
develop our services and to guarantee that our service functions
execution of customer service tasks and the processing of customer
take care of responsibilities based on statutory and authorities’
regulations and to implement accountability
correctness of data transfers, the prevention and clarification of
irregularities and problems and to ensure the data security of the
the quality control regarding the services, processes, tasks and
communication of Gemilo Oy and the company, to ensure quality and for
customer’s personal data will not be disclosed to third parties for
direct marketing purposes, excluding the advertising, marketing and
communication agencies from which Gemilo Oy subscribes services for
their own use. Even in these cases the minimum amount of data is
disclosed, typically the contact details that enable them to execute
marketing and communication assignments given by Gemilo Oy. This
means that no access to personal data is disclosed or transferred to
be used by these agencies or their customers.
details can be added to a tool designed for the dispatch of a third
party such as a newsletter, which means that the supplier of the
newsletter software is the processor of the register.
customer’s personal data may be transferred to third parties
involved in the execution of the Web services of Gemilo in connection
with the technical realization, data processing, maintenance,
customer service and delivery of the Web services. Personal data is
stored in a safe place in Finland on a server that the supplier of
the server has access to for technical reasons; they, however, have
no access rights to the register data.
data may be added to financial administration software where the
contact details of invoicing and a customer to be invoiced are kept
in a safe place. This is usually requested by customers themselves,
to have the customer’s contact person appear on the invoice.
Gemilo Oy is merged or sold, the customer register will be
transferred to a new owner company. If Gemilo Oy establishes
subsidiaries or changes to a subsidiary of another company, the
customer register will be available to the entire group of companies.
data can be disclosed to authorities, when this is required by the
data shall not be transferred outside of the EU or the European
data shall not be transferred from the customer register of Gemilo Oy
to any personal data registers pertaining to the services that Gemilo
Oy has implemented to their customers.
Personal data shall not
be transferred from the services that Gemilo Oy has implemented to
their customers to the own customer register of Gemilo Oy.
data may be transmitted from services executed to customers to the
customer’s other systems across the interface or to combine them
from other systems into the customer’s system.
customer register of Gemilo Oy contains the following data:
name and last name
Keywords and a description may have been added to the data on the
person’s page. Note: If you only visit the Website, your personal
data will not be recorded into the customer register. Cookies are
used only to follow the visitors of the Gemilo.com Website at the
example the following unique identifiers will be recorded on the
customer’s organization, and they can be found via personal data:
of the organization
Business ID (corporate customers)
organization in which a person works can be seen on this person’s
page or if no organization has been entered for him/her. If the
person is no longer employed by the employer referred to, an
electronic calling card and data entered on the person may be saved
for history data, even though blocked from search results. The
person’s page shows the contact relevant to the business, based on
to which his/her calling card has been connected to.
process and follow data by means of an electronic calling card and a
personal page profiling a person. If a user has a user ID, he/she can
see the same user profile that is also used in Gemilo Oy.
electronic calling card (s. the example image above) is visible to
the entire personnel of Gemilo Oy in the customer register of Gemilo
Oy, in order to avoid duplicates. A personal page (profile) is used
to compile an overall image of transactions by person.
electronic calling card collects a person’s contact details, to
make it easier to contact the person when there is a justified reason
for business. The calling card may have been attached to various
contents in Gemilo’s intranet, CRM, project management and in a
separate tool opened for customer service, where the user may have
also a separate user ID and a user profile.
electronic calling card may be visible in these contexts in Gemilo’s
own systems or in those they have executed for others: * organization profile* sales transaction, offer, sales pipeline* contract* project* event* group* task (e.g. a contact)* agenda / protocol (e.g.
of the minutes, secretary, chairperson, rapporteur, list of
participants)* course, exercise, returning of the exercise, lectures, educational programme* portfolio works* idea, idea pipeline* application* job application* transport
related with a customer relationship will be supplemented with:
measuring customer satisfaction, supplied by the customer
Personalising data supplied by the customer
provided by the customer
of the customer service
may contain added comments, descriptions and attachments which may
contain personal data such as a person’s name, so that we know with
whom we can handle the matter or to whom the matter under handling is
related. The number of personal data items shall be minimized.
content has usually been limited by business areas in a way that in
sales the sales personnel see the sales related entries, in the
production the production personnel see the production related
entries and in help desk the helpdesk personnel see the helpdesk
related entries. A project may have been closed to be accessed only
by the participants of the project, which means that only a limited
group of persons can see data interpreted as personal data in the
project, other than contact details. The name of an individual
project is not visible in connection with a person’s calling card
to persons other than the participants of the project in question and
the main users of the service, even though the actual calling card
(contact details) is visible to the whole personnel.
electronic calling card is used in all the services delivered by
Gemilo Oy and in the systems used by Gemilo Oy. Personal data is not
transferred by machine between these systems.
and payment transaction data:
on payment transactions carried out by a customer are followed at the
company level, not at the personal level. Gemilo Oy does not practice
consumer sales. We operate on the B2B market.
on orders placed by the customer and contacts related with the orders
on sellers who have contacted us will be recorded. The personal data
items include the seller’s name, organization, telephone number,
e-mail and the matter the contact was about. If the details the
seller has given in the offer and its attachments contain personal
data, these contents will be kept in a safe place.
customer’s personal data is being collected into the customer
register of Gemilo Oy mainly from the customer via the Gemilo.com
Website, in connection with the registration to the customer service
channel or in connection with transactions. The Website can be
accessed without registration.
connection with orders and contracts, the identity of the person
signing will be verified by a verification procedure selected by the
invitations to participate a person’s identity will be verified by
sending e-mail to the person’s e-mail address; sometimes we may use
a key code. In services requiring registration a person’s identity
will be recognized on the basis of a user ID and a password or with a
unique ID obtained across an interface.
data can be purchased from external companies selling contacts for
customer register, and added to the customer register.
period of storage shall be determined on the basis of the duration of
customer relationship or lis pendens of irregularity cases. A
customer’s personal data shall be kept until the customer requests
removal from the register, unless the deletion of data is prevented
by legislation. A registered customer may edit their customer details
by logging in to the service for which the ID has been created or
which can be accessed via customer identification by means of an
existing ID for another system. Rectification of details may also be
requested by contacting email@example.com.
data is collected into databases that are protected by firewalls,
passwords and by other technical means. Physically the databases are
located in locked and controlled premises. Access to personal data in
the register is limited within Gemilo Oy only to those persons who
need the access. Logging in requires a personal ID and a password,
and Gemilo Oy shall be responsible for the granting and
administration of them in Gemilo’s own services, whereas in
Gemilo’s customers’ services the organization which has ordered
the service shall have the responsibility for them. The persons
processing personal data in the customer register of Gemilo have
signed a non-disclosure agreement.
to Personal Data Act 26 §, the registered shall have the right to
check which data on him/her has been recorded into the customer
register. If you wish to check your personal data, submit the request
in writing and undersigned either by e-mail to the address
firstname.lastname@example.org or in person to the office of Gemilo Oy. At Gemilo’s
office you’ll have to show an identity document. The check request
shall have to contain the first and last name, identity code, address
data and telephone number. The reply to the check request will be
delivered by mail or the person is asked to visit Gemilo’s office
or to a remote meeting when the data is shown in a personal meeting.
It is possible for a person to check his/her own data free of charge
once a year. In services executed by us the right to check in
registered customer may edit his/her customer data by logging in to
Gemilo Oy’s service. Outside users shall not have access to the
intranet and CRM of Gemilo Oy; the rectification of these data items
will be carried out by contacting email@example.com. A registered party
shall have the right to request the removal of personal data on
him/her entirely or partly, unless this is prohibited by legislation.
Requests to delete data shall be sent to firstname.lastname@example.org.
Back: Gemilo's contact details | Home
In Finland we have the office of the Data Protection Ombudsman which provides counselling in data protection matters and supervises data protection matters.
provides standard forms for transactions.
or contractual relationship is not required for all the processing of
personal data. In this case, it is about legitimate interest. Direct
marketing, customer service and processing of personal data within
the group of companies, clarification of abuses, product and service
development, log register activities are in Gemilo a part of
practicing our business, to which a company is entitled to and which
entails processing of personal data in order to get things done.