The customer register of Gemilo Oy contains personal data based on a legitimate interest, taking care of responsibilities based on law or a customer relationship, consent given by the customer, an assignment given by the customer to Gemilo.

The customer register is used for the following purposes:

To recognize the customer’s identity
To verify a corporate customer’s authorization to sign on behalf of the company

To process orders, helpdesk requests, change proposals and notifications of faults made by the customer, deliveries, participation in joint projects, contracts

To take care of communication related with orders, deliveries and contracts, such as confirmations of orders and deliveries

Communication with Gemilo Oy: for example with the sales, production or customer service

To take care and to develop customer relationships

To measure customer satisfaction. Customer satisfaction is measured to develop our services and to guarantee that our service functions

The execution of customer service tasks and the processing of customer feedback

To take care of responsibilities based on statutory and authorities’ regulations and to implement accountability

The correctness of data transfers, the prevention and clarification of irregularities and problems and to ensure the data security of the register

For the quality control regarding the services, processes, tasks and communication of Gemilo Oy and the company, to ensure quality and for development tasks

For statistical purposes

Disclosure and transfer of personal data to third parties

A customer’s personal data will not be disclosed to third parties for direct marketing purposes, excluding the advertising, marketing and communication agencies from which Gemilo Oy subscribes services for their own use. Even in these cases the minimum amount of data is disclosed, typically the contact details that enable them to execute marketing and communication assignments given by Gemilo Oy. This means that no access to personal data is disclosed or transferred to be used by these agencies or their customers.

Contact details can be added to a tool designed for the dispatch of a third party such as a newsletter, which means that the supplier of the newsletter software is the processor of the register.

A customer’s personal data may be transferred to third parties involved in the execution of the Web services of Gemilo in connection with the technical realization, data processing, maintenance, customer service and delivery of the Web services. Personal data is stored in a safe place in Finland on a server that the supplier of the server has access to for technical reasons; they, however, have no access rights to the register data.

Personal data may be added to financial administration software where the contact details of invoicing and a customer to be invoiced are kept in a safe place. This is usually requested by customers themselves, to have the customer’s contact person appear on the invoice.

If Gemilo Oy is merged or sold, the customer register will be transferred to a new owner company. If Gemilo Oy establishes subsidiaries or changes to a subsidiary of another company, the customer register will be available to the entire group of companies.

Personal data can be disclosed to authorities, when this is required by the law.

Transfer of personal data outside of the EU or outside of the European Economic Area

Personal data shall not be transferred outside of the EU or the European Economic Area.

Transfer of personal data from one system to another

Personal data shall not be transferred from the customer register of Gemilo Oy to any personal data registers pertaining to the services that Gemilo Oy has implemented to their customers.
Personal data shall not be transferred from the services that Gemilo Oy has implemented to their customers to the own customer register of Gemilo Oy.

Personal data may be transmitted from services executed to customers to the customer’s other systems across the interface or to combine them from other systems into the customer’s system.

Data content of the register

The customer register of Gemilo Oy contains the following data:

Customer’s data:

First name and last name
E-mail address
Telephone number
Title / Post

Keywords and a description may have been added to the data on the person’s page. Note: If you only visit the Website, your personal data will not be recorded into the customer register. Cookies are used only to follow the visitors of the Website at the organizational level.

For example the following unique identifiers will be recorded on the customer’s organization, and they can be found via personal data:

Name of the organization
Business ID (corporate customers)
Street address
Postal number
Post office

The organization in which a person works can be seen on this person’s page or if no organization has been entered for him/her. If the person is no longer employed by the employer referred to, an electronic calling card and data entered on the person may be saved for history data, even though blocked from search results. The person’s page shows the contact relevant to the business, based on to which his/her calling card has been connected to.

Data needed to be able to execute customer service

We process and follow data by means of an electronic calling card and a personal page profiling a person. If a user has a user ID, he/she can see the same user profile that is also used in Gemilo Oy.


An electronic calling card (s. the example image above) is visible to the entire personnel of Gemilo Oy in the customer register of Gemilo Oy, in order to avoid duplicates. A personal page (profile) is used to compile an overall image of transactions by person.

An electronic calling card collects a person’s contact details, to make it easier to contact the person when there is a justified reason for business. The calling card may have been attached to various contents in Gemilo’s intranet, CRM, project management and in a separate tool opened for customer service, where the user may have also a separate user ID and a user profile.

An electronic calling card may be visible in these contexts in Gemilo’s own systems or in those they have executed for others:

* organization profile
* sales transaction, offer, sales pipeline
* contract
* project
* event
* group
* task (e.g. a contact)
* agenda / protocol (e.g. examiner of the minutes, secretary, chairperson, rapporteur, list of participants)
* course, exercise, returning of the exercise, lectures, educational programme
* portfolio works
* idea, idea pipeline
* application
* job application
* transport

Data related with a customer relationship will be supplemented with:

Data measuring customer satisfaction, supplied by the customer
Personalising data supplied by the customer
Restrictions provided by the customer
Customer feedback
Contact history of the customer service

Contents may contain added comments, descriptions and attachments which may contain personal data such as a person’s name, so that we know with whom we can handle the matter or to whom the matter under handling is related. The number of personal data items shall be minimized.

The content has usually been limited by business areas in a way that in sales the sales personnel see the sales related entries, in the production the production personnel see the production related entries and in help desk the helpdesk personnel see the helpdesk related entries. A project may have been closed to be accessed only by the participants of the project, which means that only a limited group of persons can see data interpreted as personal data in the project, other than contact details. The name of an individual project is not visible in connection with a person’s calling card to persons other than the participants of the project in question and the main users of the service, even though the actual calling card (contact details) is visible to the whole personnel.

An electronic calling card is used in all the services delivered by Gemilo Oy and in the systems used by Gemilo Oy. Personal data is not transferred by machine between these systems.

Order and payment transaction data:

Data on payment transactions carried out by a customer are followed at the company level, not at the personal level. Gemilo Oy does not practice consumer sales. We operate on the B2B market.

Data on orders placed by the customer and contacts related with the orders

Data on sellers who have contacted us will be recorded. The personal data items include the seller’s name, organization, telephone number, e-mail and the matter the contact was about. If the details the seller has given in the offer and its attachments contain personal data, these contents will be kept in a safe place.

Regular sources of personal data

A customer’s personal data is being collected into the customer register of Gemilo Oy mainly from the customer via the Website, in connection with the registration to the customer service channel or in connection with transactions. The Website can be accessed without registration.

In connection with orders and contracts, the identity of the person signing will be verified by a verification procedure selected by the customer.

In invitations to participate a person’s identity will be verified by sending e-mail to the person’s e-mail address; sometimes we may use a key code. In services requiring registration a person’s identity will be recognized on the basis of a user ID and a password or with a unique ID obtained across an interface.

Personal data can be purchased from external companies selling contacts for customer register, and added to the customer register.

Determining of the period for which personal data are stored

The period of storage shall be determined on the basis of the duration of customer relationship or lis pendens of irregularity cases. A customer’s personal data shall be kept until the customer requests removal from the register, unless the deletion of data is prevented by legislation. A registered customer may edit their customer details by logging in to the service for which the ID has been created or which can be accessed via customer identification by means of an existing ID for another system. Rectification of details may also be requested by contacting

Data security of the register

Personal data is collected into databases that are protected by firewalls, passwords and by other technical means. Physically the databases are located in locked and controlled premises. Access to personal data in the register is limited within Gemilo Oy only to those persons who need the access. Logging in requires a personal ID and a password, and Gemilo Oy shall be responsible for the granting and administration of them in Gemilo’s own services, whereas in Gemilo’s customers’ services the organization which has ordered the service shall have the responsibility for them. The persons processing personal data in the customer register of Gemilo have signed a non-disclosure agreement.

Right to check

According to Personal Data Act 26 §, the registered shall have the right to check which data on him/her has been recorded into the customer register. If you wish to check your personal data, submit the request in writing and undersigned either by e-mail to the address or in person to the office of Gemilo Oy. At Gemilo’s office you’ll have to show an identity document. The check request shall have to contain the first and last name, identity code, address data and telephone number. The reply to the check request will be delivered by mail or the person is asked to visit Gemilo’s office or to a remote meeting when the data is shown in a personal meeting. It is possible for a person to check his/her own data free of charge once a year. In services executed by us the right to check in accordance to the privacy policy applied to each individual service.

Right to rectify incorrect or obsolete data

A registered customer may edit his/her customer data by logging in to Gemilo Oy’s service. Outside users shall not have access to the intranet and CRM of Gemilo Oy; the rectification of these data items will be carried out by contacting A registered party shall have the right to request the removal of personal data on him/her entirely or partly, unless this is prohibited by legislation. Requests to delete data shall be sent to

Back: Gemilo's contact details | Home