Latest update 25.01.2024
Privacy and responsible business are very important for us. In Gofore Plc privacy and data protection are seen as part of all business activities. We protect and safeguard personal data in accordance with the laws and regulations. This notice describes the principles and procedures with which we comply when we collect and process personal data.
In this privacy notice we describe how we handle the personal information of our customers, partners and other contacts. If you are a candidate applying for a job, please familiarize yourself with our privacy notice for recruitment.
Joint controllership of Gofore Plc, Gofore Lead Oy, Gofore Verify Oy, Gofore Drive Oy, Creanex Oy, Rebase Consulting Oy, Sleek Oy, Gofore Estonia OÜ, Gofore Spain SL, Gofore Germany GmbH, eMundo GmBH and eMundo GmbH Austria (jointly, “Gofore”).
Gofore Plc (Business ID 1710128-9, Kalevantie 2, 33100 Tampere)
Gofore Lead Oy (Business ID 1906590-4, Urho Kekkosen katu 7 B 00100 Helsinki)
Gofore Verify Oy (Business ID 2384333-4, Urho Kekkosen katu 7 B 00100 Helsinki)
Gofore Drive Oy (Business ID 2616184-9, Vapaaherrantie 2, 40100 Jyväskylä)
Creanex Oy (Business ID 1818868-9, Rieväkatu 14, 33540 Tampere)
Rebase Consulting Oy (Business ID 3125035-2, Lönnrotinkatu 5, 00120 Helsinki)
Sleek Oy (Business ID 3266908-3, Kalevantie 2, 33100 Tampere)
Gofore Estonia OÜ (Registration number 14628239, Maakri 19/1, 10145, Tallinn, Estonia)
Gofore Spain SL (Registration number B87954749, entro de Empresas UPM Parque Científico y Tecnológico UPM Campus de Montegancedo s/n 28223 Pozuelo de Alarcón, Madrid, Spain)
Gofore Germany GmbH (Registration number HRB 238568, Balanstraße 71a, 81541, Munich, Germany)
eMundo GmbH Germany (Registration number HRB 130424, Hofmannstrasse 25-27, Munich, Bavaria 81379, Germany)
eMundo GmbH Austria (Registration number FN 427301i, Innsbrucker Bundesstraße 71, 5020 Salzburg, Austria)
Regardless of which of the above-mentioned companies is the data controller, you can always be in touch through email@example.com.
Gofore processes personal data in accordance with applicable legislation, including the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), and this privacy notice.
We take into account the requirements set forth in the data protection legislation in all our business activities and we expect and require the same from our subcontractors and other business partners.
We provide orientation and training for our employees regarding the requirements and guidelines for privacy so that they know how to perform accordingly.
Gofore group companies have joint information systems, processes and service provider for which they act as joint controllers.
We process the following personal data solely for predefined purposes described below. These purposes are, for example, taking care of customer and partner relationships, marketing, sales and filling our legal obligations.
If you are our customer or business partner, we may process the following personal data relevant and ordinary for the purposes for which it is collected, such as:
Collected data is used in order for us to manage customer and partnership relations as well as marketing, implementing and developing services and events of Gofore. In addition, we may process the data for purposes of invoicing and verifying the correctness of invoicing, administrational fees and expenses as well as preventing and investigating misuses or crimes. Subcontractor data is also processed in separate systems for the implementation of subcontracting and have their own privacy notice for which more detailed information on processing of personal data is provided.
If you are a stockholder, other investor or an analyst, we process the data you personally or the community you represent or the national book-entry system have provided us:
The information is used primarily for us to fill our legal obligations, such as administering the shareholder register. In addition, the information is used for communications between Gofore, its shareholders, other investors and analysts, in order for us to offer public information as a listed company and execute our legitimate interests. To learn more about how we handle personal information in connection with Gofore shareholder meetings, please go to our shareholder meeting website.
Personal information is being collected directly from shareholders, from the national book-entry system (Euroclear Finland) as well as from other investors and analysts or communities they represent.
If you are in contact with us, for example, to ask about our services, to sign up for an event organised by us, or to order our newsletter, we may process personal data relevant and ordinary for the purposes for which it is collected to the extent we have obtained such data from you:
Collected data is used in order for us to process your contact or request as well as keep in contact with you. In addition, the information is used for marketing, executing and developing the services and events of Gofore.
The personal data collected consists primarily of the information that you choose to provide us. In addition, data may consist information about your use of our website through cookies.
When we process personal data for the purposes described above, our processing is primarily based on a legitimate interest of Gofore. Legitime interest is mainly the implementation of a contract between Gofore and the company you represent, customer relationship or other relevant relationship. Legitimate interest also applies when the processing of data is done for purposes of marketing and customer acquisition, handling and developing customer relations, as well as other legitimate, business-related actions such as developing services or preemptive measures or investigation of malpractice.
In addition to or instead of the above, in some cases the processing may be based on a consent given to us by you (e.g. when you subscribe to our newsletter or register to our event in our system) or an obligation based on law or other legal matter.
Delivering personal information in the way this privacy notice describes may be based on the mutual agreement between you or the company you represent. Entering an agreement or providing services requires you or the company you represent to deliver certain personal information. Failure in providing the information may lead to Gofore’s inability to fill contractual or other requirements or commitments. Processing personal data may also be compulsory to, for example, deliver communications you have asked for or participate in our events.
We process personal data for only as long as required or entitled by applicable legislation. The length of storing the data, therefore, depends on the type of the data and the reason it is used for. Gofore stores personal data at least as long as it is necessary to fill the purpose of processing, for example for filling contractual requirements or for administering the contractual relationship between Gofore and customer.
The length of storing the data is based on the following criteria:
We review the necessity of the data stored on a regular basis and erase any data when it no longer needed for the purposes mentioned above in this privacy notice.
Gofore acts diligently to ensure that you are able to exercise your rights regarding the processing of your personal data. Please note that your rights depend on the legal grounds of handling information and using your rights require verifying your identit. Within the limits of applicable legislation, you have a right to
Information security and protection of personal data has been organised in accordance with generally accepted and up-to-date practices in the sector in a way that personal data is protected from unauthorised access and processing as well as against unlawful and accidental destruction, loss and corruption. In addition, Gofore constantly improves practices in order to protect data. Information security and related risk management are based on the governance system and related information security policy. The information security policy of Gofore and it´s group companies is in compliance, or corresponds, with the ISO/IEC 27002:2013 standards. For more information on Gofore’s data protection practices, please visit gofore.com/tietoturvapolitiikka/.
Responsibility for the maintenance of information security operations and processing of any deviations lies with an information security group that is being managed by the leader of that information security group.
We process personal data as confidential information and all our users are committed to confidentiality and comply with our guidelines on data protection and information security. Access management of confidential information has been organised through a centralised or system-specific user directory. Only named persons may grant an access and user rights to a data system, provided that the person requesting for an access has been identified and that the person’s need for access to confidential information has been verified. Gofore assesses and reviews access and user rights on a regular basis.
If we outsource processing of personal data to third parties, we make agreements with such third parties as required by the data protection legislation in order for us to ensure that the processing of personal data complies with this privacy note as well as applicable laws, regulations and orders issued by relevant authorities.
We use third-party data systems and services when processing personal data, which means that the third party processes the personal data for us. Examples of such third parties are Microsoft, Oracle, Salesforce and Hubspot. Some of our data processors are outside of the EU or EEA, in which cases we ensure by contracts that the transfer occurs in accordance with the applicable data protection legislation. Data transfers related to these contracts are based on standard clauses approved by the EU Commission or other appropriate safeguards.
Gofore and its subsidiaries are located in the member states of the EU. If the purpose of the processing of personal data requires transfer of data between Gofore and its subsidiary, we may share personal data within the Gofore group in which case, likewise, we will ensure that the processing of personal data complies with the applicable data protection legislation and this privacy notice. If you want additional information on cross-border transfers of personal data or protective measures used in them, please send a request to the address mentioned in the beginning of this privacy notice.
We may deliver limited amount of contact information of our customers to our partners and vice versa, if it is needed in order to offer services, communications or cooperation.
We may deliver personal information within the limits of effective legislation and/or obliged by legislation in cases of, for example, legal reasons, to prepare for legal proceedings or to defend against legal claims. In addition, we may deliver personal data to collection agencies for purposes of collecting receivables, and other service providers within the limits it is required to execute the task.
In case of us selling our business or part of it, or in case we make other corporate restructurings, we may deliver personal information to buyer candidates or their advisors, within the limits of applicable legislation.
We update this privacy notice when there are changes in the processing of personal data or in the applicable laws of which we need to inform you. In addition, we may update this privacy notice when we develop our website, services or business activities. The most recent version of the privacy notice is available at this website.