Privacy Policy

Updated 16.6.2025

1. Data Controller

Gate Apps Oy
Business ID: FI33415683
Länsituuli 1 A 236, 02100 Espoo, Finland
info@gate-apps.com
Tel. +358 10 321 1201

2. Name of the Register
Gate Apps Oy Customer and User Register

3. Data Subjects
The register includes information on:
– Users registered to the Gate Apps service
– Permit issuers, security guards, and post-shift guards whose details have been added to the system

4. Purpose and Legal Basis for Processing Personal Data
Personal data is processed for the following purposes:
– User identification and access management
– Issuing and managing work permits
– Service development and ensuring data security
– Providing customer service and support

The processing is based on:
– Contract (e.g., managing user accounts)
– Legitimate interest of the data controller (e.g., service maintenance and security)

5. Data Content of the Register
The register may include the following information:
– First and last name
– Email address
– Phone number
– Company name
– Login credentials and history
– Gate-ID (user identifier)
– Permit-related information (e.g., permit and security details)
– Qualification data (e.g., hot work permit number and validity)

6. Regular Sources of Information
Data is obtained from the data subjects themselves or from other Gate Apps service users who issue permits and add individuals to the system.

7. Disclosures and Transfers of Data
Data is not disclosed to third parties without a legal obligation or the user's consent.
Data is not transferred outside the EU or EEA.

8. Data Retention Period
User accounts are anonymized 24 months after the last login.
Permit and security personnel data is anonymized 24 months after the last recorded event.

9. Rights of the Data Subject
The data subject has the right to:
– Access their personal data
– Request rectification or deletion of their data
– Restrict or object to processing
– Transfer their data to another system
– File a complaint with the supervisory authority (Office of the Data Protection Ombudsman)

These rights can be exercised by contacting the data controller by email or in writing.

10. Data Security
Personal data is protected through technical and organizational measures.
Access rights are limited, and systems require personal login credentials.