Privacy policy

This is the Registry and Privacy Statement in accordance with the Personal Data Act (Sections 10 and 24) and the General Data Protection Regulation (GDPR) of the Company. Prepared 27.1.2020. Last updated 21.11.2023

1. Registrar

Name: Gelo.ai
Business ID: 2372011-5
Contact Information: Hallituskatu 19, 33200 Tampere

2. Person responsible for the register

Tero Lahtinen, support@gelo.ai

3. Names of the registers

The company’s customer register, marketing register, stakeholder register, Pic to Description application register, Ennakkolippu.com, Laskutusohjelma.net, Osallistuja.fi and Gelo.ai web service user register, employee register.

4. Legal basis and purpose of processing personal data

The legal basis for the processing of personal data under the General Dap>ta Protection Regulation is

  • The person’s consent
  • A contract in which the data subject is a party
  • The legitimate interest of the controller (customer relationship and employment relationship, membership)
  • Statutory, such as accounting requirements

The purpose of processing personal data is to communicate with customers, maintain customer relationships, marketing, and invoicing.

The data is not used for automated decision-making or profiling.

5. Content of the register

The information to be stored in the register includes: the person’s name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the network connection, IDs/profiles in social media services, information on ordered services and their changes, billing information, other information related to the customer relationship and the services ordered.

6. Regular sources of information

The information stored in the register is obtained from the customer e.g. from messages sent via web forms, by email, by phone, through social media services, from contracts, customer meetings and other situations where the customer provides their information.

7. Regular disclosures and transfer of data outside the EU or the EEA

Data is not regularly disclosed to other parties. Information can be published to the extent agreed with the customer. Data can also be transferred outside the EU or the EEA by the controller. If you disclose personal data to different parties, state here any recipients or groups of recipients.

8. Principles for protecting the register

Care is taken in the processing of the register and the data processed by information systems is properly protected. When registry data is stored on Internet servers, their hardware’s physical and digital security is appropriately taken care of. The controller ensures that the stored data, as well as the access rights to the servers and other critical data for the security of personal data, are treated confidentially and only by those employees whose job description it includes.

9. Inspection right and right to request correction of information

Every person in the register has the right to check the data stored about them and demand the correction of any incorrect information or the supplementation of incomplete information. If a person wants to check the data stored about them or request their correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his/her identity. The controller will respond to the customer within the time limit set in the GDPR (usually within one month).

10. Other rights related to the processing of personal data

The person in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Also, registrants have other rights under the General Data Protection Regulation such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his/her identity. The controller will respond to the customer within the time limit set in the GDPR (usually within one month).