Gofore Privacy Notice

Latest update 8.1.2019

Privacy and responsible business are very important for us. In Gofore Plc (hereinafter “Gofore”, “we” or “us”) privacy and data protection are seen as part of all business activities. We protect and safeguard personal data in accordance with the laws and regulations. This notice describes the principles and procedures with which we comply when we collect and process personal data.

DATA CONTROLLER

Gofore Oyj (business identity code 1710128-9)
Kalevantie 2
33100 Tampere
Tel: +358 (0)10 439 7777

CONTACT US IN PRIVACY MATTERS

You may send your questions and requests regarding privacy to privacy@gofore.com.

GENERAL DESCRIPTION OF OUR DATA PROTECTION PRACTICES

Gofore processes personal data in accordance with applicable legislation, including the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), and this privacy notice.

We take into account the requirements set forth in the data protection legislation in all our business activities and we expect and require the same from our subcontractors and other business partners.

We provide orientation and training for our employees regarding the requirements and guidelines for privacy so that they know how to perform accordingly.

WHAT PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSE?

We collect the following personal data solely for predefined purposes described below.

Job applicants

We process the following personal data during the job application and recruitment process:

  • First name and surname

  • Email address

In addition to the above, we will process the following data to the extent you provide us with such data during the recruitment process:

  • Telephone number

  • Home address

  • Current employer

  • Education and work experience

  • Skills and know-how

  • Publicly available information on LinkedIn, Github and Twitter profiles

  • Information shared by you through CV and portfolio and other information and annexes you choose to provide us

Additionally, to the appropriate extent, we will save the following data during the recruitment process:

  • Assessment on your suitability to the position you have applied for or, with your consent, to other open positions in our company

  • Correspondence between you and us as well as data collected during the job interview

  • Possible information provided by your referees

  • Information on the progress of the recruitment and outcome thereof as well as implementation of the position possible related to the recruitment

  • Our possible feedback to you so that you can improve even more at work after the recruitment process

Collected data is used in order for us to process your job application (including, to carry out the recruitment process, to review your job application, to carry out the job interview and selection of the recruitment candidate) and keep in contact with you during the recruitment process, as well as support the possible orientation and beginning of the employment relationship.

The personal data collected consists primarily of the information that you choose to provide us. With your consent, information may be received from other sources as well, for example through references given to us by you.

Customers and business partners

If you are our customer or business partner, we may process the following personal data:

  • First name and surname
  • Organisation information including contact details
  • Role and contact details (email and telephone number)
  • Other information provided to us (e.g. customer feedback, registration to an event and subscription to newsletter)
  • IP address

Collected data is used in order for us to manage customer and partnership relations as well as marketing, implementing and developing services and events of Gofore.

The personal data is collected primarily within the context of governance and implementation of customer and partner relationship. Such data include also the information that the person chooses to provide us (e.g. when you sign up for an event organised by us or subscribe to our newsletter or when you visit our website).

Other contacts

If you are in contact with us, for example, to ask about our services, to sign up for an event organised by us, or to order our newsletter, we may process the following personal data to the extent we have obtained such data from you:

  • First name and surname

  • Email address

  • Telephone number

  • Organisation name and contact details

  • Country

  • Role and contact details

  • IP address

  • Other information you choose to provide us (e.g. web address of LinkedIn profile)

Collected data is used in order for us to process your contact or request as well as keep in contact with you.

The personal data collected consists primarily of the information that you choose to provide us. In addition, data may consist information about your use of our website through cookies (read more about our cookie policy in “Cookies” below).

WHAT ARE THE GROUNDS FOR PROCESSING PERSONAL DATA?

When we process personal data for the purposes described above, our processing is primarily based on a legitimate interest of Gofore.

In addition to or instead of the above, the processing may be based on performance of a contract between you and Gofore in which case we process the personal data in order to perform the obligations and carry out the purposes set forth in the respective contract.

In addition to or instead of the above, in some cases the processing may be based on a consent given to us by you (e.g. when you give us the consent to store the information you have given us during the recruitment process for future job opportunities).

FOR HOW LONG DO WE PROCESS PERSONAL DATA?

We process personal data for only as long as required or entitled by applicable legislation.

We review the necessity of the data stored on a regular basis and erase any data when it no longer needed for the purposes mentioned above in this privacy notice.

YOUR RIGHTS

Gofore acts diligently to ensure that you are able to exercise your rights regarding the processing of your personal data. You have a

  • right to access to your personal data. You may request Gofore to confirm whether we process your personal data, and a copy of your personal data possibly processed by us, by sending us such request at the email address mentioned above in this privacy notice;

  • right to rectification and/or erasure of the data. You may request us to correct your personal data that is erroneous or inaccurate, and further, you may request us to erase your personal data. You can exercise these rights by sending us such request at the email address mentioned above in this privacy notice;

  • right to restrict the processing of your personal data. In certain situations, you may request us to restrict the processing of your personal data by sending us such request at the email address mentioned above in this privacy notice;

  • right to object to the processing of your personal data. You may object to certain processing of your personal data if the processing is based on a legitimate interest of Gofore (e.g. use of your personal data for marketing purposes) by sending us such request at the email address mentioned above in this privacy notice.

  • right to data portability. You may request us to provide you with your data in a structured, commonly used and machinereadable format so that you can transmit your data to another controller by sending us such request at the email address mentioned above in this privacy notice. This right concerns personal data in an electronic format, the processing of which is based on either consent given by you or performance of a contract;

  • right to withdraw your consent. Where the processing is based on a consent given by you, you may withdraw such consent at any time by sending us such request at the email address mentioned above in this privacy notice; and

  • right to file a complaint with a supervisory authority. If you wish to file a complaint as to how we process your personal data, according to the GDPR, you have a right to file a complaint with the supervisory authority in the member state where you live or work or where an alleged breach of the GDPR has occurred. In Finland, the Data Protection Ombudsman acts as the respective supervisory authority (www.tietosuoja.fi).

COOKIE POLICY

A cookie is a small text file that the browser saves on the terminal device when the user uses the website.

Gofore uses cookies on its website to facilitate the use of the website. The user cannot be identified based only on cookies. The cookies and the data collected with them is used in order to monitor usage, analyse the usability and use of the website, and to develop the website.

We use following cookies on our website:

  • Google Analytics. We use Google Analytics for monitoring our website. In addition, Google saves cookies on our website under which Google monitors the use of its customers’ website(s). Read more about Google Analytics here and Google’s services in general here.

  • Hubspot. We use Hubspot for user monitoring, functionalities of the forms available at our website, as well as automation of marketing. Read more about Hubspot’s cookies here.

  • Disqus. We use Disqus to enable comments (e.g. in connection with blogs). Read more about Disqus’ cookies here.

  • Twitter. We use Twitter for enabling the share button as well as user monitoring of our website. Read more about Twitter’s cookies here.

  • Facebook. We use Facebook for enabling the share button as well as user monitoring of our website. Read more about Facebook’s cookies here.

  • LinkedIn. We use LinkedIn for enabling the share button as well as user monitoring of our website. Read more about LinkedIn’s cookies here.

  • Hotjar. We use Hotjar for the monitoring of our website. Read more about Hotjar’s cookies here.

You can prohibit the use of cookies on your computer by changing your browser settings. Please note that if you do not accept the use of the cookies, all parts of the pages may not be visible on your computer.

PROTECTION OF PERSONAL DATA

Information security and protection of personal data has been organised in accordance with the industry best practices at Gofore. Personal data has been protected from unauthorised access and processing as well as against unlawful and accidental destruction, loss and corruption. In addition, Gofore constantly improves practices in order to protect data. Information security and related risk management are based on the governance system and related information security policy. The information security policy is in compliance with the ISO27002 (2013) structure, as applicable.

Responsibility for the maintenance of information security operations and processing of any deviations lies with an information security group that is being managed by the leader of that information security group.

We process personal data as confidential information and all our users are committed to confidentiality and comply with our guidelines on data protection and information security. Access management of confidential information has been organised through a centralised or system-specific user directory. Only named persons may grant an access and user rights to a data system, provided that the person requesting for an access has been identified and that the person’s need for access to confidential information has been verified. Gofore assesses and reviews access and user rights on a regular basis.

If we outsource processing of personal data to third parties, we make agreements with such third parties as required by the data protection legislation in order for us to ensure that the processing of personal data complies with this privacy note as well as applicable laws, regulations and orders issued by relevant authorities.

TRANSFER OF DATA OUTSIDE THE EU OR EEA

Personal data on our recruitment candidates is processed by our USbased IT service provider Lever Inc., with whom we have entered into a data processing agreement in accordance with Article 28 of the GDPR. Also, data concerning our customers, business partners and other contacts may be processed by service providers outside the EEA in which case we have entered into appropriate agreements with such service providers in order to ensure that data transferred will be processed in accordance with the law. Any data transfers related to such agreements are based on the decision of the European Commission of 5 February 2010 and related standard contractual clauses and/or Privacy Shield arrangement entered into by and between the EU and the United States.

Always if and when personal data is transferred outside of the EU or EEA, we ensure by contracts or other legal instruments that the transfer occurs in accordance with the applicable data protection legislation and that there is an adequate level of data protection.

Gofore and its subsidiaries are located in the member states of the EU. If the purpose of the processing of personal data requires transfer of data between Gofore and its subsidiary, we may share personal data within the Gofore group in which case, likewise, we will ensure that the processing of personal data complies with the applicable data protection legislation and this privacy notice.

UPDATES TO THIS PRIVACY NOTICE

We update this privacy notice when there are changes in the processing of personal data or in the applicable laws of which we need to inform you. In addition, we may update this privacy notice when we develop our website, services or business activities. The most recent version of the privacy notice is available at this website.