Privacy policy

Privacy policy of Gemic’s client register

Privacy policy of Gemic’s potential clients register

Privacy policy of Gemic’s jobs applicant register

Privacy policy of Gemic’s interest group register

Privacy Policy of Gemic’s CLIENT register

1. Controller

Gemic Oy (business ID 2177819-6, “we” and ”us”)

Mikonkatu 17, 00100 Helsinki

Tel: 050 361 4650, e-mail: contact@gemic.com

2. controller’s contact person

Eelis Nguyen

Mikonkatu 17, 00100 Helsinki

Tel: 040 507 9070, e-mail: eelis.nguyen@gemic.com

3. Name of register

Client register

4. WHAT PERSONAL DATA WE COLLECT

Personal data is in most cases collected directly from you or generated as part of the use of our services and products.

• Name

• Title and/or role in client organization

• Contact information: phone numbers and email addresses

• Emails and communications

We collect information you provide directly to us and data that can be found from public sources. We do not collect sensitive personal data.

5. HOW WE MAY USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO

We use your personal data to comply with contractual obligations as well as to provide you with offers, advice and services.

5.1 Entering into and administration of agreements (performance of a contract)

The main purpose of our processing of personal data is to administer and complete tasks for the performance of contracts, for example customer service and communication during the contract period.

5.2 Marketing, product- and client analysis and defending against possible claims (legitimate interest)

Personal data is also processed in the context of marketing, product- and client analyses. This processing forms the basis for marketing, process- and business development. This is to optimize our client offerings.

We also store the details of the contract’s performance to defend against possible claims.

6. WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO and do we transfer data TO third countries

We store and share your personal data with others such as third party IT service providers. We have entered into agreements with selected service providers, which include the processing of personal data on behalf of us.

We may also transfer personal data to organisations in countries outside of the European Economic Area. These countries consist of the United States of America (USA), Chile, Singapore and Taiwan. These transfers are protected by virtue of the following:

• the EU Commission has decided that the data processor has an adequate level of protection; and

• other appropriate safeguards have been taken, for example the use of the standard, written contractual clauses (EU model-clauses) approved by the EU Commission.

7. How long we process your personal data

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed.

This means that we keep your data for as long as necessary for the performance of a contract. After the contract has been performed and the client relationship ends, we hold it appropriate to store the details of the contract’s performance up to five (5) years to defend against possible claims and for marketing, product- and client analyses. At any given moment throughout the lifecycle of your data, you have the right to exercise your rights as mentioned in section 9.

8. HOW WE PROTECT YOUR PERSONAL DATA

All authorized users, Gemic employees and possible third party service providers are required to treat personal data as confidential. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction. The personal data is stored in electronic systems that can only be accessed by authorized users. Authorized users are those Gemic employees who have a legitimate reason for processing personal data. Authorized users must enter their individual, unique login credentials and passwords to access the systems. The personal data is stored in databases that are protected by firewalls, passwords and other methods. The databases and their backup copies are located in restricted areas where only authorized personnel can enter.

9. YOUR PRIVACY RIGHTS

You as a data subject have rights in respect of personal data we hold on you. You have the following rights;

(i) request access to your personal data. You have a right to access the personal data we are keeping about you.

(ii) request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.

(iii) request erasure. You have the right request erasure of your data in case:

(a) you object to the processing and there is no justified reason for continuing the processing;

(b) you object to processing for direct marketing; or

(c) processing is unlawful.

(iv) limitation of processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

(v) If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

(vi) object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.

(vii) data portability. You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

10. How changes to this Privacy Policy shall be made

We may change this privacy policy from time to time. We will not diminish your rights under this privacy policy or under applicable data protection laws in the jurisdictions we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.

11. CONTACTING us and THE DATA PROTECTION AUTHORITY

If you have any questions and concerns regarding our privacy policy you can contact controller’s contact person. If you wish to exercise your rights as a data subject, you can send the request to personal-data@gemic.com.

You can also lodge a complaint or contact the Data Protection Ombudsman.

Back to the top

Privacy Policy of Gemic’s POTENTIAL CLIENTS register

1. Controller

Gemic Oy (business ID 2177819-6, “we” and ”us”)

Mikonkatu 17, 00100 Helsinki

Tel: 050 361 4650, e-mail: contact@gemic.com

2. controller’s contact person

Eelis Nguyen

Mikonkatu 17, 00100 Helsinki

Tel: 040 507 9070, e-mail: eelis.nguyen@gemic.com

3. Name of register

Potential clients register.

4. WHAT PERSONAL DATA WE COLLECT

We collect information you provide directly to us and data that can be found from public sources such as your company’s website.

• Name

• Title and/or role in client organization

• Contact information: phone numbers and email addresses

• Emails and communications

We do not collect sensitive personal data.

5. HOW WE MAY USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO

Marketing and business development, and defending against possible claims (legitimate interest)

We use your personal data to provide you with offers, advice and services. Hence, personal data is processed in the context of marketing and business development. This processing forms the basis for our marketing and is to optimize our client offerings. We also store your personal data and the details of our interaction in order to defend against possible claims.

6. WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO and do we transfer data TO third countries

We store and share your personal data with others such as third party IT service providers. We have entered into agreements with selected service providers, which include the processing of personal data on behalf of us.

We may also transfer personal data to organisations in countries outside of the European Economic Area. These countries consist of the United States of America (USA), Chile, Singapore and Taiwan. These transfers are protected by virtue of the following:

• the EU Commission has decided that the data processor has an adequate level of protection; and

• other appropriate safeguards have been taken, for example the use of the standard, written contractual clauses (EU model-clauses) approved by the EU Commission.

7. How long we process your personal data

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed.

If there has been no interaction between you and us for two (2) years, we shall delete your personal data and remove you from our marketing directory. At any given moment throughout the lifecycle of your data, you have the right to exercise your rights as mentioned in section 9.

8. HOW WE PROTECT YOUR PERSONAL DATA

All authorized users, Gemic employees and possible third party service providers are required to treat personal data as confidential. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction. The personal data is stored in electronic systems that can only be accessed by authorized users. Authorized users are those Gemic employees who have a legitimate reason for processing personal data. Authorized users must enter their individual, unique login credentials and passwords to access the systems. The personal data is stored in databases that are protected by firewalls, passwords and other methods. The databases and their backup copies are located in restricted areas where only authorized personnel can enter.

9. YOUR PRIVACY RIGHTS

You as a data subject have rights in respect of personal data we hold on you. You have the following rights;

(i) request access to your personal data. You have a right to access the personal data we are keeping about you.

(ii) request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.

(iii) request erasure. You have the right request erasure of your data in case:

(a) you object to the processing and there is no justified reason for continuing the processing;

(b) you object to processing for direct marketing; or

(c) processing is unlawful.

(iv) limitation of processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

(v) If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

(vi) object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.

10. How changes to this Privacy Policy shall be made

We may change this privacy policy from time to time. We will not diminish your rights under this privacy policy or under applicable data protection laws in the jurisdictions we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.

11. CONTACTING us and THE DATA PROTECTION AUTHORITY

If you have any questions and concerns regarding our privacy policy you can contact controller’s contact person. If you wish to exercise your rights as a data subject, you can send the request to personal-data@gemic.com.

You can also lodge a complaint or contact the Data Protection Ombudsman.

Back to the top

Privacy Policy of Gemic’s job applicant register

1. Controller

Gemic Oy (business ID 2177819-6, “we” and ”us”)

Mikonkatu 17, 00100 Helsinki

Tel: 050 361 4650, e-mail: contact@gemic.com

2. controller’s contact person

Eelis Nguyen

Mikonkatu 17, 00100 Helsinki

Tel: 040 507 9070, e-mail: eelis.nguyen@gemic.com

3. Name of register

Job applicant register.

4. WHAT PERSONAL DATA WE COLLECT

Personal data is in most cases collected directly from you when you apply for a job at our company. We collect and store personal data such as:

• Name

• Contact information: phone number, post address, email address

• Work history

• Educational history

• Personal interests

• Achievements

• Portrait photo

• Emails and communications

We may also collect personal data about you from third parties, such as professional recruiting firms, your references, prior employers, and Gemic employees with whom you have interviewed. We may collect sensitive personal data via photographs such as ethnicity etc., if you have given explicit consent to the processing of photograph by sending a photograph to us in your application.

5. HOW WE MAY USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO

5.1 Evaluating your fit for potential employment and improving our recruitment process (data subject consent)

We use your personal data to evaluate your fit for potential employment, as well as for future roles that may become available. We may also use your personal data to improve our recruitment process and our ability to attract appropriate candidates. You are not required to provide any requested information to us, but not doing so may result in not being able to continue your candidacy for the job for which you have applied.

5.2 Defending against possible claims (legitimate interest)

We store your personal data and the details of the recruitment process in order to defend against possible claims.

6. WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO and do we transfer data TO third countries

We store and share your personal data with others such as third party IT service providers. We have entered into agreements with selected service providers, which include the processing of personal data on behalf of us.

We may also transfer personal data to organisations in countries outside of the European Economic Area. These countries consist of the United States of America (USA), Chile, Singapore and Taiwan. These transfers are protected by virtue of the following:

• the EU Commission has decided that the data processor has an adequate level of protection; and

• other appropriate safeguards have been taken, for example the use of the standard, written contractual clauses (EU model-clauses) approved by the EU Commission.

7. How long we process your personal data

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed.

This means that we keep your data for as long as necessary for the successful performance of the recruitment process. We hold it appropriate to store and process your data after the recruitment process has ended in order to evaluate your fit for future roles that may become available and in order to defend ourselves against possible claims. Hence, we may keep your data up to two (2) years from the time we received them. At any given moment throughout the lifecycle of your data, you have the right to exercise your rights as mentioned in section 9.

8. HOW WE PROTECT YOUR PERSONAL DATA

All authorized users, Gemic employees and possible third party service providers are required to treat personal data as confidential. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction. The personal data is primarily stored in electronic systems that can only be accessed by authorized users. Authorized users are those Gemic employees who have a legitimate reason for processing personal data. Authorized users must enter their individual, unique login credentials and passwords to access the systems. The personal data is stored in databases that are protected by firewalls, passwords and other methods. The databases and their backup copies are located in restricted areas where only authorized personnel can enter. Data in printed format is also processed only by authorized users. Authorized users are required to treat personal data as confidential. Data in printed format is handled with caution and care, and stored in spaces that can be only be accessed by authorized users. Data in printed format is disposed after the recruitment process in question in a confidential manner.

9. YOUR PRIVACY RIGHTS

You as a data subject have rights in respect of personal data we hold on you. You have the following rights;

(i) request access to your personal data. You have a right to access the personal data we are keeping about you.

(ii) request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.

(iii) request erasure. You have the right request erasure of your data in case:

(a) you object to the processing and there is no justified reason for continuing the processing; or

(b) processing is unlawful.

(iv) limitation of processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

(v) If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

(vi) object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.

(vii) data portability. You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

10. How changes to this Privacy Policy shall be made

We may change this Privacy Policy from time to time. We will not diminish your rights under this Privacy Policy or under applicable data protection laws in the jurisdictions we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.

11. CONTACTING us and THE DATA PROTECTION AUTHORITY

If you have any questions and concerns regarding our Privacy Policy you can contact controller’s contact person. If you wish to exercise your rights as a data subject, you can send the request to personal-data@gemic.com.

You can also lodge a complaint or contact the Data Protection Ombudsman.

Back to the top

Privacy Policy of Gemic’s Interest Group Register

1. Controller

Gemic Oy (business ID 2177819-6, “we” and ”us”)

Mikonkatu 17, 00100 Helsinki

Tel: 050 361 4650, e-mail: contact@gemic.com

2. controller’s contact person

Eelis Nguyen

Mikonkatu 17, 00100 Helsinki

Tel: 040 507 9070, e-mail: eelis.nguyen@gemic.com

3. Name of register

Interest group register.

4. WHAT PERSONAL DATA WE COLLECT

This register consists of Gemic’s interest groups such as business partners and institutions that we have dealt with, are dealing with or will potentially deal with.

Personal data is collected directly from you when you offer your services to us or from public sources such as your website. We collect and store the following personal data:

• Name

• Titles and/or role in organization

• Contact information: phone numbers and email addresses

• Emails and communications

We do not collect sensitive personal data.

5. HOW WE MAY USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO

We store your personal data to enable efficient communication and effective collaboration between you and us. We also use your personal data to comply with contractual obligations.

5.1 Maintaining an interest group directory and defending against possible claims (legitimate interest)

Personal data is processed in the context of operating a business efficiently. We maintain an interest group directory that enables us to get in touch with our interest groups whenever a need arises. We also store the details of the contract’s performance to defend against possible claims.

5.2 Entering into and administration of agreements (performance of a contract)

We process personal data to administer and complete tasks for the performance of contracts, for example paying invoices and keeping books of transactions.

6. WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO and do we transfer data TO third countries

We store and share your personal data with others such as third party IT service providers. We have entered into agreements with selected service providers, which include the processing of personal data on behalf of us.

We may also transfer personal data to organisations in countries outside of the European Economic Area. These countries consist of the United States of America (USA), Chile, Singapore and Taiwan. These transfers are protected by virtue of the following:

• the EU Commission has decided that the data processor has an adequate level of protection; and

• other appropriate safeguards have been taken, for example the use of the standard, written contractual clauses (EU model-clauses) approved by the EU Commission.

7. How long we process your personal data

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed.

We hold it appropriate to store and process your data even after and before we have liaised with one another. We keep your data for as long as necessary for the successful performance of our contract. However, if there has been no interaction between you and us for two (2) years, we shall delete your personal data and remove you from our interest group directory. At any given moment throughout the lifecycle of your data, you have the right to exercise your rights as mentioned in section 9.

8. HOW WE PROTECT YOUR PERSONAL DATA

All authorized users, Gemic employees and possible third party service providers are required to treat personal data as confidential. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction. The personal data is stored in electronic systems that can only be accessed by authorized users. Authorized users are those Gemic employees who have a legitimate reason for processing personal data. Authorized users must enter their individual, unique login credentials and passwords to access the systems. The personal data is stored in databases that are protected by firewalls, passwords and other methods. The databases and their backup copies are located in restricted areas where only authorized personnel can enter.

9. YOUR PRIVACY RIGHTS

You as a data subject have rights in respect of personal data we hold on you. You have the following rights;

(i) request access to your personal data. You have a right to access the personal data we are keeping about you.

(ii) request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.

(iii) request erasure. You have the right request erasure of your data in case:

(a) you object to the processing and there is no justified reason for continuing the processing;

(b) you object to processing for direct marketing; or

(c) processing is unlawful.

(iv) limitation of processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

(v) If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

(vi) object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.

(vii) data portability. You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

10. How changes to this Privacy Policy shall be made

We may change this Privacy Policy from time to time. We will not diminish your rights under this Privacy Policy or under applicable data protection laws in the jurisdictions we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.

11. CONTACTING us and THE DATA PROTECTION AUTHORITY

If you have any questions and concerns regarding our Privacy Policy you can contact controller’s contact person. If you wish to exercise your rights as a data subject, you can send the request to personal-data@gemic.com.

You can also lodge a complaint or contact the Data Protection Ombudsman.

Back to the top