Since 2016, Silmu Software Oy has considered the EU’s General Data Protection Regulation, 2016/679 (General Data Protection Regulation, GDPR) in its software services. Already at that time, our cloud services have been transferred to European servers. The European Union aims to unify data protection legislation among all European Union member states. The European Union-wide data protection regulation aims to strengthen citizens’ rights to personal data and simplify the regulatory environment so that intra-EU and international business becomes more accessible. In addition, the purpose of the regulation is to make data breaches more difficult. For each individual software package produced for the customer by Silmu Software Oy, a separate GDPR statement is created for the customer at the customer’s request unless the customer makes it himself. The GDPR data protection statement of the software distributed by Silmu Software Oy and its partners is presented below.

Pomolle.fi, Foraboss.com, Foraboss.es, Foraboss.ua and Maponworktime.com SaaS software

The Pomolle.fi software, including in the text the applications named Foraboss.com, Foraboss.es, Foraboss.ua, and Maponworktime.com, implements the GDPR data protection regulation and the data warehouses it contains as described below. The term “Customer” refers to the entity that has created credentials for a company, association, or other legal entity in the SaaS service. The term “Service” refers to the previously named software. The term “Service Provider” refers to Silmu Software Oy or, as specifically mentioned, e.g., to the cloud server provider.

1. Data entry

The customer is responsible for entering data into the service. The customer is responsible for ensuring a secure data communication connection and hardware are in use. In addition, it is the customer’s responsibility to take care of the content of the material they enter and ensure that it meets the GDPR legislation. The service provider cannot be responsible for the secure data entry procedure model or the content’s correctness. To enter the data, the service provider recommends a sufficiently secure computer (e.g., password protection installed on the computer, anti-virus protection, anti-malware protection, firewall, and encrypted hard drive) and a secure data network connection.

2. Storing and using data

Data is stored per EU regulations on cloud servers in Europe. The information entered into the service is stored in the database, and backups are taken daily. The data is spread over DigitalOcean’s database and Amazon’s file server. Both server rooms are located in the Netherlands. The service has been implemented to protect individual protection as widely as possible. The service does not have a field to enter the employee’s social security number; instead, a public tax number is used. However, according to the GDPR, for example, a close relative, account number, or home address can be an individual’s property, so they should be treated cautiously. The customer is responsible for not leaving the service open so that someone outside could examine the data, copy it, or send it to external parties.

The employer can enter and save the following information about his employees in the service:

Names of the employee

Address – Phone number


Immediate Relative (ICE)

Freeform text

Last month’s working hours

Hours of the current month

Total hours

History of working hours

Account number


Tax number

Payroll identifier

Hourly wages


An actual cost to the business


Employment status

Date of commencement of employment

Termination date of the employment relationship

User group

Vehicle groups

Working hours

In certain cases, GPS location*

*This is not an automatic function; it is the employer’s responsibility to agree with the employee, and the employer turns it on if necessary.

3. Data processing and their availability at the customer’s company

The individual-created company account information can be seen by the personnel defined by the company itself. In the software, the company can decide its main user, who has the right to grant rights to other persons or personnel groups. These granted rights are solely the responsibility of the individual customer company. The customer is responsible for ensuring that users keep usernames and passwords carefully and do not disclose them to third parties. The customer is responsible for using the service with the user’s username and password. In terms of use, the customer undertakes to notify the Service Provider without delay if the username or password comes into the knowledge of a third party or if they suspect misuse of the username or password.

4. Data processing and their availability at Silmu Software Oy

For administrative reasons, Silmu Software Oy reserves the right to see and process customer data without using or sharing it with parties outside the company. Information sharing with external parties is regulated not only by the Terms of Use but also by the employment contract signed by each employee of Silmu Software Oy, the wording of which is:


The employee has understood that when Silmu and its partner companies carry out business as well as research, product development, and other activities, economically valuable confidential information (hereinafter “Company secrets”) is created and has been created both in the company’s current and also in other possible business areas, the exclusive ownership of which belongs to For Silmu or its customers. Business secrets are considered, for example, trade secrets, process knowledge, know-how, expertise, computer programs, improvement proposals, formulas, equipment, research results, inventions, works, methods, marketing and sales plans, cost information, strategies, forecasts, material that can be protected by industrial rights and copyright, and customer lists. Business secrets include the corresponding confidential information of Silmu’s customers and partner companies, regardless of how they came to Silmu’s or the employee’s knowledge.


The employee may not disclose or hand over, directly or indirectly, to a third party or otherwise make use of Company Secrets obtained during or before the employment relationship without the written consent of Silmu’s legal representative.

Obligation to protect business secrets:

In addition, the employee undertakes all reasonable steps regarding Silmu’s Company Secrets to prevent Silmu from being acquired or known by third parties. In addition, the employee undertakes to inform Silmu of any unauthorized disclosures or attempted disclosures of Silmu’s Company Secrets.

However, the duty of confidentiality does not apply to information:

Which is now or later becomes generally known or available to the public through no act or omission of the employee or

which was demonstrably in possession of the employee without restrictions on transfer or use before receiving the Silmu Company Secret from Silmu or its customer or contractual partner or

which the employee gets separately from a third party after signing this employment contract without a ban on use or transfer and without the third party violating its confidentiality obligation or

which the employee has demonstrably created independently before Silmu handed over the corresponding information to the employee or

which the employee is required or obliged to disclose or otherwise disclose based on legislation, legal proceedings, an administrative decision, or a court judgment, provided that the employee, in that case, informs Silmu in writing in advance of such a matter and takes all reasonable and legal measures to limit the extent of disclosure of the information.


Customer data is processed on encrypted computers and protected with a password. Parties outside the company do not have access to machines with access to customer data.

5. Deletion of data

Every customer has the option to delete their account in the service as well as their individual employee information. If the customer requires the data to be deleted from the backup disks, a third-party charge for the work and the time necessary will have to be charged for this from the service provider.