This is Gubbe SydänOy's register and data protection declaration in accordance with the EU General Data Protection Regulation (GDPR). Updated: April 30, 2025
Gubbe SydänOy is a care service for elderly people and persons with disabilities. The content of the service is tailored to the customer's needs. The service is for example outdoor activities, activation, business assistance, company and assistance with household chores and technical equipment. We also offer hygiene assistance and home health care.
This privacy statement is a document in which we explain how Gubbe SydänOy processes personal data of subscribers, customers, job applicants and job providers. The aim of the privacy policy is to provide this information as clearly and intelligibly as possible, but if something is unclear or you have any other questions regarding Gubbe's data processing, you can contact Gubbe's Data Protection Officer privacy@gubbe.com.
The use of Gubbe's services is conditional on your consent to the processing of personal data in accordance with this privacy policy, so we hope that interested parties read this privacy statement carefully.
This privacy statement applies only to the processing of data carried out by Gubbe. The Privacy Statement does not cover the processing of data by third parties and Gubbe is not responsible for the processing carried out by third parties.
The controller means the company responsible for the processing of the data, namely Gubbe SydänOy.
Controller and contact details of the controller:
Gubbe SydänOy (later “Gubbe”, “we”)
Business ID: 2949014-6
Sähkö̈madresse: info@gubbe.com
Postal address: Erottajankatu 1-3 A 7-8, 01030 Helsinki
In matters of data protection, we primarily ask you to contact our company's data protection officer:
Contact details of the Data Protection Officer:
Kaisa Kärki
tel. +358 44 724 6007 (customer service number open from 8 am to 4 pm)
privacy@gubbe.com
Processor of personal data:
When Gubbe SydänOy provides a service on behalf of the welfare district or municipality that has commissioned the service, which is responsible for organizing the services, the municipality or welfare district that ordered the service acts as the data controller in relation to customer data. In this case, Gubbe SydänOy acts in accordance with the Data Protection Regulation for personal data
as a processor on behalf of several data controllers.
Further information on the processing of personal data in welfare areas is available on the website of the municipality that issued the payment commitment or service voucher or by contacting the service provider, as indicated in the decision or service voucher.
Contact details of the processor:
Gubbe SydänOy (later “Gubbe”, “we”)
Business ID: 2949014-6
Sähkö̈madresse: info@gubbe.com
Postal address: Otakaari 5, 02150 Espoo
We collect various personal data for the purpose of providing Gubbe's services, sales and marketing, as well as for the development of the company's operations and services. In this section we describe the types of personal data we process from different target groups.
We use a CRM system (pipedrive®), our own ERP system, and DomaCare® social welfare ERP system to process personal data. We store electronic personal data on secure servers that we manage together with our service providers. The electronic personnel data file is always protected by a password.
Any manual material is stored in a locked state, which can only be accessed by individually authorised persons.
Target groups refer to the following groups (short name used below in parentheses)
In addition, we will briefly describe the purpose for which we collect and process this information. Further information on the uses and legal bases can be found below.
i.e
Who do we collect from? Sales and marketing audience, subscribers, company contacts, end user customers, job applicants, job performers
As a rule, for what purpose? Sales and marketing purposes, maintenance of customer and employee relations, provision of contractual services
Who do we collect from? End User Clients, Job Seekers, Job Operators
As a rule, for what purpose? A personal identification number is required for a service contract with the end-user customer. The Paving Agreement is a requirement for the sale of a service without VAT. In the case of employees, the personal identity card is used to identify the person performing the work and for security measures (e.g. checking credit records), since the work involves working independently at the customer's home.
In order to provide personalized and customized services, we collect necessary background information about the end-user customer. We may collect and process a description for example
Who do we collect from? End User Clients
As a rule, for what purpose? For the delivery of a customized and personalized service and the preparation of a service plan.
In connection with the provision of the service and customer service, we collect information related to the customer relationship. In principle, this data is not personal data, but in some cases, especially when combined with other data, it can be classified as personal data. Examples of data to be collected in a service situation:
Who do we collect from? End user customers, subscribers, corporate contacts
As a rule, for what purpose? For the management of contractual customer relationships, and to improve our services.
In addition to the personal data mentioned above, we ask job applicants (and thus also employees) for information related to their work experience and educational background, for example:
Who do we collect from? Job seekers, job performers
As a rule, for what purpose? To be able to make a decision on the suitability of the person applying for a job to perform service visits, and to finally be able to connect the contractor with the customer.
Gubbe SydänOy has the right to use its own register:
Who do we collect from? End User Clients
As a rule, for what purpose? For the provision of services under the contract. For example, to find a suitable service provider, to provide service visits, to familiarize the person performing the work, and to implement the agreed service, such as assisting in the completion of a physiotherapy program.
In order to improve our digital services, we collect some information from our websites and mobile applications automatically.
These include, for example
Who do we collect from? All our digital services (websites and mobile apps) use
As a rule, for what purpose? To monitor the performance of our digital services and to develop our digital services.
In order to develop Gubbe's services, various customer surveys are carried out regularly, in connection with which more detailed information may be collected already mentioned. Participation in the surveys is completely voluntary and the disclosure of information is carried out with the customer's or the subscriber's own consent. In addition to service-related information, we may collect additional information in surveys, e.g.
Who do we collect from? Voluntary contributions from participants in the study. As a rule, subscribers and sales and marketing audience.
As a rule, for what purpose? For the development of services and marketing.
As a rule, personal data is collected from the data subject through various channels. Personal data is not collected from external sources or services.
Channels through which personal data are generally disclosed and collected
End user customers, subscribers, representatives of corporate and public cooperation clients
Employers and job applicants
Cookies are small text files that a website stores on your device. Cookies are used to improve the user experience of the website.
When navigating the Gubbe website, the user is asked about the use of cookies. For the functionality of the website, such as logging in and remembering previous conversations, mandatory cookies are set automatically, other cookies with separate consent. Other cookies include, for example, cookies intended to optimize the efficiency of the site's functions, as well as tracking and analytics cookies. Tracking and analytics cookies are used to track website usage and improve services. Cookies that are already allowed can be changed at any time on Gubbe's website.
Users can also block apps from running in their browser or set their browser to alert you when an app is attempted to be installed. It should be noted that when doing so, some of the functionalities of the service may not work correctly. For more information on cookies and how to remove them, please visit www.allaboutcookies.org.
Gubbe's websites use Google Analytics and other analytics tools to generate reports about the website's operation in order to improve the site and the service. More information about Google Analytics can be found at http://www.google.com/analytics. You can opt out of the collection of data by Google Analytics by downloading an add-on to your browser at https://tools.google.com/dlpage/gaoptout.
Just as we use cookies to collect information about the users of our websites, we also collect information automatically when using our other digital services, such as mobile applications.
As presented earlier, this information is mainly technical information about the use of the service. For example, in the case of mobile applications, this may mean information about the device model and operating system used, functionalities used within the application and pages visited, time of use, problems encountered during use.
Gubbe processes personal data for a number of purposes:
Gubbe processes personal data primarily to provide services to its customers. Gubbe uses personal data to perform its contractual obligations. Personal data is used to provide services and manage customer relationships. If the customer contacts customer service, the information provided will be used to find an answer and resolve any complaints.
Gubbe may process personal data in order to contact customers in relation to the service and inform about changes to services and products, as well as to market its services to customers. The data is used for research and analysis to improve our digital services.
Gubbe can use data on the quality of its services to improve the quality of its services, for example by analyzing various trends related to the use of services. For this purpose, the aim is to use, as far as possible, anonymous information from which the person cannot be identified.
Gubbe processes the personal data of contractors and job applicants in order to establish and maintain an assignment relationship, for example, to assess their suitability to deliver service visits, to draw up an assignment contract, to find a suitable customer.
As a general rule, Gubbe processes personal data in order to fulfill its obligations to subscribers, customers and contractors arising from agreements between different parties.
Gubbe processes personal data that are not necessary due to an existing contractual relationship or legal obligation, but, for example, necessary for the development of operations with the consent of the data subject. Consent is typically requested, for example, by ticking a box in connection with an online form.
Gubbe processes specific categories of personal data, such as health-related data, with the express consent of the data subject. Explicit consent means that the expression of will is requested for strictly delimited information for strictly delineated purposes.
Consent can always be withdrawn as easily as it can be given. Depending on the case, you can withdraw your consent by changing the settings in the digital service or by contacting Gubbe's customer service at asiakaspalvelu@gubbe.com or the data protection officer privacy@gubbe.com.
Personal data may also be processed for the maintenance and development of services and business. In such situations, we assess Gubbe's own legitimate interest against the data subject's privacy protection and, for example, we offer the option to opt out of our newsletters and direct marketing.
In some cases, Gubbe has a legal obligation to process personal data. For example, the Accounting Act obliges you to keep receipts for the financial year, which may contain personal data, six years after the end of the financial year.
The register is not used for automated access or profiling (Article 22 of the EU Data Protection Regulation). Any data breaches affecting the data subject's data shall be communicated to the data subjects and the authorities in accordance with the regulations.
Data will not be disclosed on a regular basis.
We share personal data within the Gubbe organization and only to the extent necessary to perform and develop our services.
Personal data is disclosed to service providers (so-called “Gubbet Assistants”) to the extent required for the performance of the service under the contract. Before the disclosure of information, a written agreement on confidentiality is concluded with the contractors. In addition, information that can be defined as personal data may be shared with the customer's family, or with another person expressly designated by the customer, with the customer's express consent. In customer relationships where Gubbe SydänOy acts as a service provider to the welfare district or municipality, information cannot be disclosed through Gubbe, but requests for information must be addressed to the controller, i.e. the municipality or the welfare district.
Otherwise, personal data will not be disclosed to third parties outside the Gubbe organisation unless one of the following conditions applies:
To the extent that third parties need access to personal data in order to perform the services, Gubbe has taken appropriate contractual and organisational measures to ensure that personal data is processed solely for the purposes set out in this privacy policy and in accordance with applicable law.
Personal data may be shared with third parties outside Gubbe's organisation if there is a reasonable reason to believe that access to the personal data or its use is necessary:
(i) for the purpose of enforcing an applicable law, regulation or law;
(ii) to detect, prevent or treat a threat, safety risk or technical problem
(iii) To protect the interests, property or safety of persons, operators or the public in accordance with the requirements of law. Interested parties will be informed of the use of personal data in such cases where this is possible.
Mikäli Gubbe is a party to a merger, business transaction or other acquisition, personal data may be transferred to a third party involved in that acquisition. In such a situation, the confidentiality of personal data is guaranteed and subscribers or customers are informed before the data is transferred or the data protection policy is changed.
Personal data may be shared with third parties in situations other than those listed above where explicit consent has been obtained to do so. The consent previously given is entitled to be withdrawn at any time.
Aggregate information and other anonymous information related to the use of the Website may be shared with advertisers, business partners and other third parties.
Gubbe does not transfer personal data to countries outside the European Union or the European Economic Area. Exceptions to this are countries that have received the European Commission's data protection equivalence decision, such as the United Kingdom.
Gubbe processes personal data with due care and in accordance with the requirements of applicable law.
Care shall be taken in the processing of personal data and the data processed by means of information systems shall be adequately protected. When personal data is stored on web servers, the physical and digital security of their hardware is appropriately taken care of. Gubbe ensures that stored data, server permissions and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs.
Personal data is stored on secure servers that we manage together with service providers. The stored personal data is protected by security and security controls, including two-step use of name and password identification and appropriate data encryption.
Gubbe does not keep personal data longer than is required by law and longer than required to provide services. The storage time depends on the nature of the data and the purpose of the processing. The storage time may therefore vary depending on the information and the purpose of the processing. *
After the customer has stated that the customer relationship ends definitively, the customer's personal data will be deleted or anonymised within 90 days. The data is stored after the end of the customer relationship in case of possible complaints. Similarly, the personal data of the contractors will be deleted or anonymised within 90 days after the termination of the assignment relationship.
In some cases, personal data is retained for legal reasons for longer than 90 days after the end of the customer or assignment relationship. For example, the Accounting Act obliges you to keep receipts for the accounting period, which may contain personal data, for six years of the financial year.
In accordance with the Data Protection Act and Regulation, the data subject has rights to his or her own personal data processed by Gubbe*. This section details these rights. You can contact Gubbe's Data Protection Officer for all matters relating to these rights or the processing of personal data in general privacy@gubbe.com.
Gubbe provides the data subject with access to the data subject's own personal data, which is processed. This means that the data subject receives, on his or her own written request, information on how much personal data relating to the register has been collected and processed, and for what purpose the data is used or used. Before access to the data, if necessary, the requester may be asked to prove his/her identity.
The data subject has the right, upon request, to correct or correct incorrect, inaccurate, outdated or unnecessary information.
Data subjects may request Gubbe to delete their personal data from the system. The procedures according to your request will be carried out, Mikäli Gubbe has no legitimate reason not to delete the information. The data will not be removed safely from any of our backup or other similar systems. Such backups will be deleted as soon as possible.
Data subjects may request restrictions on the processing of their personal data, if the data is processed for purposes other than performing our services or fulfilling a legal obligation. The data subjects may also object to the processing of their personal data in the future if the processing is based on previously given consent. Objections to the processing of personal data may lead to more limited opportunities to use Gubbe's services.
Data subjects always have the right to prohibit the use of personal data collected by us for direct marketing, market research or profiling by contacting privacy@gubbe.com
Data subjects may also request Gubbe to restrict the processing of certain personal data. A request to restrict the processing of data may lead to more limited opportunities to use Gubbe's websites and services.
The data subjects have the right to obtain their personal data from Gubbe in a distributed and commonly used form.
The rights mentioned herein may be exercised by sending a letter or e-mail to the addresses mentioned above, including the following information: name, address, telephone number and a copy of a valid identity document. Gubbe may request the provision of additional information necessary for proving the registered person's identity. Requests that are repeated unreasonably often, are excessive or are clearly unfounded may be rejected. If the data subject considers that the personal data processing measures are inconsistent with the applicable law, the data subject may lodge a complaint with the local data protection authority.
You have the right to lodge a complaint with the supervisory authority if you consider that the processing of your personal data violates the EU General Data Protection Regulation (EU) 2016/679.
Office of the Data Protection Ombudsman:
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PL 800, 00531 Helsinki
Telephone switchboard: 029 566 6700
Registrar: 029 566 6768
Our privacy policy: telephone service
E-mail (registry): tietosuoja (at) om.fi
Homepages: https://tietosuoja.fi/tietosuojavaltuutetun-toimisto
It may be necessary to amend this Privacy Statement due to changed legal requirements or changes in our data protection standards or due to the development of our business. Changes to this privacy policy will take effect as soon as they are published on our website.
If you have any further questions regarding our privacy practices, please contact us at privacy@gubbe.com.