Skip to content



All data is encrypted both in the database and during data transfer.

Audit trail

Audit trail of data accesses and changes.


The environment that hosts the services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports.

DDoS protected

Distributed Denial of Service (DDoS) protection.

GDPR compliant

All data is stored in the area of EU.


1. Controller Company Oy, business ID: 2578745-2 (hereafter “Company”)
Innovation House Finland, Tekniikantie 2, 02150 Espoo, Finland

2. Contact Person for Matters Concerning the Data File

Data Protection Officer: Jussi Peltoniemi,

3. Name of File

Gillie.AI Service (hereafter “Gillie.AI”)

4. Purpose of Processing Personal Data

The primary grounds for processing personal data are the customer relationship between the employer of the data subject and the Company, the consent of the data subject, or other substantive connection.

The purpose of processing personal data is to enable the data subject itself, a third party authorized by the data subject, or a service provider to deliver services to the data subject using the electronic portal of the Company.

Gillie.AI enables the collection of data produced using various measuring devices and indicating the well-being, health, and social interaction of the data subject, and the combination of these data into a set that can be utilized in various ways.

Remote monitoring enables the automatic collection of some of the data required for the service transaction targeted at the individual.

Processing duties may be outsourced to companies belonging to the same group as the Company and/or to external service providers according to and within the limits of the data protection legislation.

5. Data Contents of the Data File

Relating to the data subject:
– Basic information (name, date of birth, and address information)
– Invoicing information (credit card details)
– User history on Gillie.AI (services used and information related to service transactions)
– Information sent by technical devices used by the data subject to the Company portal with the consent of the data subject
– Information saved by the data subject him/herself in the Company portal
– Information on the data subject saved by a customer or partner of the Company in the Company portal with the consent of the data subject

6. Personal Data Retention Period

The Company shall retain the personal data in the data file until the grounds under section 4 can be deemed to have ended in terms of the data subject. The time of ending shall be determined on the basis of the latest update of the data subject’s data, based on the key business figures of Gillie.AI.

7. Regular Sources of Data

The data subject him/herself and the customers and partners of the Company.

8. Regular Disclosures of Data and Data Transfer outside the EU or the EEA

Personal data shall not be disclosed outside the Company or the parties taking part in the production, development, or maintenance of services and communication on behalf of the Company, except under an agreement, an express consent and/or explicit provisions.

Personal data will not be transferred outside the European Union or the European Economic Area. 

9. Principles of Data File Protection

The electronic user register is password-protected, and the access rights of individuals using the register have been restricted according to the duties of each individual.

10. Profiling

As part of the processing of personal data stored in the data file, the Company may also utilize the data for profiling purposes. Profiling is carried out by creating an identifier for the data subject, which enables the combining of various data on the data subject that are created when using the service. A profile created in the manner described above can then be compared to e.g. the profiles created of other data subjects.

The purpose of profiling is to detect and anticipate deviations relating to the health and well-being of an individual. 

11. Right of the Data Subject to Object to the Processing of Personal Data and Direct Marketing (Right to Object)

The data subject shall have the right to object, on grounds relating to his or her particular situation, to profiling concerning him or her and other processing of the personal data of the data subject by the Company to the extent that such data processing is based on a customer relationship between the Company and the data subject. The data subject may submit a claim concerning the objection in accordance with section 13. In connection with the claim, the data subject must specify the particular situation that he or she is invoking as grounds to object to the processing. The Company may refuse to grant the request concerning objection under legal grounds.

The Company shall not use the data file for direct marketing.

12. Other Rights of the Data Subject Relating to the Processing of Personal Data

12.1 Right of Access

The data subject shall have the right to access his or her data that have been saved in the data file by the Company. The request for access must be made in accordance with section 13 of this Privacy Statement. The right of access may be denied under the grounds set out in the law. Exercising the right of access is, as a rule, free of charge.

12.2 Right of the Data Subject to Rectification, Erasure, or Restriction of Processing

If the data subject is a user of the Gillie.AI, he or she may update personal basic information in the Gillie.AI. Insofar as the data subject or user can act independently, he or she must, without undue delay and after being informed of inaccurate data or after personally noticing inaccurate data, rectify, erase, or complete, on his or her own initiative, any inaccurate, unnecessary, incomplete, or obsolete data in the data file.

Insofar as the data subject is unable to personally rectify the data, a request for rectification shall be submitted according to section 13 of this Privacy Statement.

The data subject shall also have the right to demand the controller to restrict the processing of his or her personal data e.g. in a situation where the data subject is waiting for a reply from the Company to a request to rectify or erase his or her data.

12.3 Right of the Data Subject to Data Portability

Insofar as the data subject has personally submitted data to the data file, which are processed under the consent or order of the data subject, the data subject shall have the right to personally obtain such data in a primarily machine-readable format and have the right to transmit those data to another controller.

12.4 Right of the Data Subject to Lodge a Complaint with a Supervisory Authority

The data subject shall have the right to lodge a complaint with a competent supervisory authority, if the controller has not complied with the applicable data protection regulation in its operations.

12.5 Other Rights

In the event that personal data are processed based on the consent of the data subject, the data subject shall have the right to withdraw his or her consent by notifying the Company of this according to section 13 of this Privacy Statement.

13. Contacts

The data subject must contact the Company in accordance with section 1 in all questions relating to the processing of personal data and in situations involving the exercising of personal rights. If needed, the Company may ask the data subject to specify his or her request in writing, and the identity of the data subject may be verified before undertaking any other measures.