The customer register of Gemilo Oy contains personal data based on a legitimate interest, taking care of responsibilities based on law or a customer relationship, consent given by the customer, an assignment given by the customer to Gemilo.
The customer register is used for the following purposes:
recognize the customer’s identity
To verify a corporate customer’s authorization to sign on behalf of the company
To process orders, helpdesk requests, change proposals and notifications of faults made by the customer, deliveries, participation in joint projects, contracts
take care of communication related with orders, deliveries and
contracts, such as confirmations of orders and deliveries
Communication with Gemilo Oy: for example with the sales, production or customer service
To take care and to develop customer relationships
To measure customer satisfaction. Customer satisfaction is measured to develop our services and to guarantee that our service functions
The execution of customer service tasks and the processing of customer feedback
To take care of responsibilities based on statutory and authorities’ regulations and to implement accountability
The correctness of data transfers, the prevention and clarification of irregularities and problems and to ensure the data security of the register
For the quality control regarding the services, processes, tasks and communication of Gemilo Oy and the company, to ensure quality and for development tasks
For statistical purposes
Disclosure and transfer of personal data to third parties
customer’s personal data will not be disclosed to third parties for
direct marketing purposes, excluding the advertising, marketing and
communication agencies from which Gemilo Oy subscribes services for
their own use. Even in these cases the minimum amount of data is
disclosed, typically the contact details that enable them to execute
marketing and communication assignments given by Gemilo Oy. This
means that no access to personal data is disclosed or transferred to
be used by these agencies or their customers.
Contact details can be added to a tool designed for the dispatch of a third party such as a newsletter, which means that the supplier of the newsletter software is the processor of the register.
customer’s personal data may be transferred to third parties
involved in the execution of the Web services of Gemilo in connection
with the technical realization, data processing, maintenance,
customer service and delivery of the Web services. Personal data is
stored in a safe place in Finland on a server that the supplier of
the server has access to for technical reasons; they, however, have
no access rights to the register data.
Personal data may be added to financial administration software where the contact details of invoicing and a customer to be invoiced are kept in a safe place. This is usually requested by customers themselves, to have the customer’s contact person appear on the invoice.
If Gemilo Oy is merged or sold, the customer register will be transferred to a new owner company. If Gemilo Oy establishes subsidiaries or changes to a subsidiary of another company, the customer register will be available to the entire group of companies.
Personal data can be disclosed to authorities, when this is required by the law.
Transfer of personal data outside of the EU or outside of the European Economic Area
Personal data shall not be transferred outside of the EU or the European Economic Area.
Transfer of personal data from one system to another
data shall not be transferred from the customer register of Gemilo Oy
to any personal data registers pertaining to the services that Gemilo
Oy has implemented to their customers.
Personal data shall not be transferred from the services that Gemilo Oy has implemented to their customers to the own customer register of Gemilo Oy.
Personal data may be transmitted from services executed to customers to the customer’s other systems across the interface or to combine them from other systems into the customer’s system.
Data content of the register
The customer register of Gemilo Oy contains the following data:
name and last name
Title / Post
Keywords and a description may have been added to the data on the person’s page. Note: If you only visit the Website, your personal data will not be recorded into the customer register. Cookies are used only to follow the visitors of the Gemilo.com Website at the organizational level.
For example the following unique identifiers will be recorded on the customer’s organization, and they can be found via personal data:
of the organization
Business ID (corporate customers)
The organization in which a person works can be seen on this person’s page or if no organization has been entered for him/her. If the person is no longer employed by the employer referred to, an electronic calling card and data entered on the person may be saved for history data, even though blocked from search results. The person’s page shows the contact relevant to the business, based on to which his/her calling card has been connected to.
Data needed to be able to execute customer service
We process and follow data by means of an electronic calling card and a personal page profiling a person. If a user has a user ID, he/she can see the same user profile that is also used in Gemilo Oy.
electronic calling card (s. the example image above) is visible to
the entire personnel of Gemilo Oy in the customer register of Gemilo
Oy, in order to avoid duplicates. A personal page (profile) is used
to compile an overall image of transactions by person.
An electronic calling card collects a person’s contact details, to make it easier to contact the person when there is a justified reason for business. The calling card may have been attached to various contents in Gemilo’s intranet, CRM, project management and in a separate tool opened for customer service, where the user may have also a separate user ID and a user profile.
An electronic calling card may be visible in these contexts in Gemilo’s own systems or in those they have executed for others:
* organization profile
* sales transaction, offer, sales pipeline
* task (e.g. a contact)
* agenda / protocol (e.g. examiner of the minutes, secretary, chairperson, rapporteur, list of participants)
* course, exercise, returning of the exercise, lectures, educational programme
* portfolio works
* idea, idea pipeline
* job application
Data related with a customer relationship will be supplemented with:
measuring customer satisfaction, supplied by the customer
Personalising data supplied by the customer
Restrictions provided by the customer
Contact history of the customer service
may contain added comments, descriptions and attachments which may
contain personal data such as a person’s name, so that we know with
whom we can handle the matter or to whom the matter under handling is
related. The number of personal data items shall be minimized.
The content has usually been limited by business areas in a way that in sales the sales personnel see the sales related entries, in the production the production personnel see the production related entries and in help desk the helpdesk personnel see the helpdesk related entries. A project may have been closed to be accessed only by the participants of the project, which means that only a limited group of persons can see data interpreted as personal data in the project, other than contact details. The name of an individual project is not visible in connection with a person’s calling card to persons other than the participants of the project in question and the main users of the service, even though the actual calling card (contact details) is visible to the whole personnel.
An electronic calling card is used in all the services delivered by Gemilo Oy and in the systems used by Gemilo Oy. Personal data is not transferred by machine between these systems.
and payment transaction data:
Data on payment transactions carried out by a customer are followed at the company level, not at the personal level. Gemilo Oy does not practice consumer sales. We operate on the B2B market.
Data on orders placed by the customer and contacts related with the orders
Data on sellers who have contacted us will be recorded. The personal data items include the seller’s name, organization, telephone number, e-mail and the matter the contact was about. If the details the seller has given in the offer and its attachments contain personal data, these contents will be kept in a safe place.
Regular sources of personal data
A customer’s personal data is being collected into the customer register of Gemilo Oy mainly from the customer via the Gemilo.com Website, in connection with the registration to the customer service channel or in connection with transactions. The Website can be accessed without registration.
In connection with orders and contracts, the identity of the person signing will be verified by a verification procedure selected by the customer.
In invitations to participate a person’s identity will be verified by sending e-mail to the person’s e-mail address; sometimes we may use a key code. In services requiring registration a person’s identity will be recognized on the basis of a user ID and a password or with a unique ID obtained across an interface.
Personal data can be purchased from external companies selling contacts for customer register, and added to the customer register.
Determining of the period for which personal data are stored
The period of storage shall be determined on the basis of the duration of customer relationship or lis pendens of irregularity cases. A customer’s personal data shall be kept until the customer requests removal from the register, unless the deletion of data is prevented by legislation. A registered customer may edit their customer details by logging in to the service for which the ID has been created or which can be accessed via customer identification by means of an existing ID for another system. Rectification of details may also be requested by contacting firstname.lastname@example.org.
Data security of the register
Personal data is collected into databases that are protected by firewalls, passwords and by other technical means. Physically the databases are located in locked and controlled premises. Access to personal data in the register is limited within Gemilo Oy only to those persons who need the access. Logging in requires a personal ID and a password, and Gemilo Oy shall be responsible for the granting and administration of them in Gemilo’s own services, whereas in Gemilo’s customers’ services the organization which has ordered the service shall have the responsibility for them. The persons processing personal data in the customer register of Gemilo have signed a non-disclosure agreement.
Right to check
Right to rectify incorrect or obsolete data
A registered customer may edit his/her customer data by logging in to Gemilo Oy’s service. Outside users shall not have access to the intranet and CRM of Gemilo Oy; the rectification of these data items will be carried out by contacting email@example.com. A registered party shall have the right to request the removal of personal data on him/her entirely or partly, unless this is prohibited by legislation. Requests to delete data shall be sent to firstname.lastname@example.org.