Privacy Policy for customers
The purpose of this Privacy Policy is to explain why and how Syklo processes its customers’ personal data. In addition, we share about the rights of the data subjects in this register. For the purposes of this Privacy Policy, a data subject means a customer who may be an individual, an entrepreneur, or a representative of a client company or other entity.
Syklo’s customer data may be processed by one or more data controllers belonging to the Oulun Energia Group, each of whom is independently responsible for the processing of personal data for their own purposes. The company acting as the data controller is determined on the basis of which Oulun Energia Group company the customer has entered into an agreement with, for example, for the delivery of products and services.
For more information on the processing of personal data for marketing purposes, please refer to the Syklo marketing Privacy Policy.
Data controller
The data controllers in accordance with the data protection legislation are:
- Syklo, Business ID: 3275158-9, PL 116, 90101 Oulu
- Oulun Energia Oy, Business ID: 0989376-5, PL 116, 90101 Oulu
- Oulun Energia Sähköverkko Oy, Business ID: 2080002-1, PL 116, 90101 Oulu
(hereinafter referred to as “Syklo,” “data controller”). Syklo is responsible for ensuring that the processing of personal data is carried out in accordance with this Privacy Policy and applicable data protection legislation.
What personal data do we collect?
We collect personal data about our customers primarily from the customer themselves in connection with requests for tender, contracts, orders, and other customer contacts.
In certain circumstances, the data controller may also collect information about its customers from other sources, such as energy meters installed at the customer’s sites, the population information system, or the register of Suomen Asiakastieto Oy.
Oulun Energia Sähköverkko Oy also collects information on the registrant from other energy companies operating in the electricity market from the centralised data exchange system (Fingrid Datahub Oy) on the basis of the exchange of data based on the applicable laws or official regulations.
We collect and process the following information about our customers:
- basic information, such as name, age, year of birth/personal identification number;
- contact information, such as postal address, email address, and telephone number;
- customer service contacts, such as customer calls between the customer and the data controller;
- information related to the use of the customer’s products and services, such as information on the place of energy use, equipment information located at the place of use, and energy consumption data;
- the information necessary for invoicing;
- customer credit information to the extent permitted and required by law.
On what basis do we process your personal data, and what do we use it for?
Customer relationship management and offering products and services
We process our customers’ personal data primarily to provide our customers with the products and services they have ordered. In order to manage the customer relationship, personal data is also processed for invoicing and customer communications. In this case, the processing of personal data is based on an agreement between the data controller and the customer.
Product and service development
We also process personal data to a limited extent to improve our services and to develop new products and services. In this case, the processing of personal data is based on our legitimate interest in collecting sufficient and relevant information to develop and improve our operations.
Security
We process personal data (including camera surveillance recordings) to ensure the security of our customer service facilities, in order to prevent inappropriate access to our premises, to investigate abuses, and to increase the security of our personnel. In this case, the processing of personal data is based on our legitimate interest in ensuring the security of our premises and personnel, as well as the smooth operations of our personnel.
When the legal basis for the processing is a legitimate interest in the above-mentioned sections 2–3, Syklo has carried out an assessment of the processing of personal data using the so-called balance test, in accordance with data protection legislation. The customer has the right to object to the processing based on Syklo’s legitimate interest at any time. For further information, please contact the data protection officer, whose contact details can be found at the beginning of this Privacy Policy.
To whom do we transfer or disclose your personal data?
We may transfer and disclose the personal data of our customers to third parties in the following cases:
- when required or within the limits of legislation or a contractual relationship, for example, to the parties involved in the electricity market and to the centralised data exchange system (Fingrid Datahub Oy) within the limits permitted and required by electricity market and other legislation;
- to trusted third-party service providers (including outsourced customer service) acting on our behalf who do not have independent right of access to the information we transfer to them;
- within the Oulun Energia Group, if it is appropriate, for example, to coordinate customer relationship management;
- if our company is involved in a corporate transaction; and
- when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect you and others, to investigate fraud, or to respond to requests from the authorities.
Do we transfer your personal data outside the EU or the EEA?
We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will ensure appropriate safeguards are in place in accordance with the applicable data protection legislation.
How long do we store your personal data?
Personal data will be stored only for as long as it is necessary to fulfil the purposes specified in this Privacy Policy.
Examples of our usual storage times:
- As a rule, we store customer data for the duration of the customer relationship; customer agreements are stored for up to 10 years from the end of the last contract.
- We retain phone records for 1 year.
Some personal data may also be stored after the end of the customer relationship, within the limits and in accordance with applicable data protection legislation. For example, the Accounting Act (1336/1997) requires us to keep some personal data as part of the invoicing records for six years from the end of the financial year.
How do we protect your personal data?
We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), that we use to restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data processing agreement.
What rights do you have?
As a data subject, you have the right to be informed about how and for what purposes your personal data is processed. Alternatively, you can submit a request directly with Syklo’s customer service. When you request information, we will verify your identity. We will respond to requests within one (1) month of their submission, unless there are specific reasons to extend the response time. We may also refuse to comply with your request on the grounds provided by applicable law.
For more information on the processing of personal data for marketing purposes and your rights as a marketing data subject, such as prohibiting marketing, please refer to the Syklo marketing Privacy Policy.
As a data subject, the following rights are guaranteed to you under applicable data protection legislation:
Right of access
You have the right to request access to your personal data within the limits and in accordance with the applicable data protection legislation. You have the right to be informed about how and for what purposes your personal data is processed.
Right to request rectification and erasure of data and to restrict the processing of personal data
You have the right to request rectification, erasure, or restriction of your data, within the limits and in accordance with applicable data protection legislation.
You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller’s response to your request to rectify or erase your data.
When you, as a customer of Oulun Energia Sähköverkko Oy, request an update to your personal data (name, social security number, postal address, telephone number, and/or email address), we will forward the request to update your customer data to your provider, who is primarily in charge of maintaining your customer data.
Right to object to the processing of personal data
You have the right to object to the processing of your personal data within the limits and in accordance with the applicable data protection legislation. You have the right to object to the processing of your data based on the legitimate interest of the data controller. In connection with the objection, you must identify the situation on the basis of which you object to the processing.
You have the right to object to direct marketing. You can contact Syklo’s customer service to prohibit direct marketing.
Right to transfer data between systems
To the extent of the data you have provided to the controller yourself, you have the right to transfer the data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer it to another data controller, within the limits and in accordance with applicable data protection legislation.
Right to withdraw consent
If your personal data is processed on the basis of the data subject’s consent, you have the right to withdraw your consent by requesting this at Syklo’s customer service.
You can also withdraw your consent to email marketing and targeted online marketing at any time by using the unsubscribe link at the end of each newsletter.
Our site uses marketing cookies to recommend content that may be of interest to you. The use of marketing cookies is based on your consent, which we request before setting any cookies. You can also always withdraw your consent at any time from the cookie banner on our website. For more information, please see our Cookie Policy.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area, if you think that your statutory rights have been violated.
Contact information
If you have any questions regarding the Privacy Policy or the processing of your personal data, you can contact us by email at mira.juola@oulunenergia.fi.
Amendments to the Privacy Policy
We reserve the right to change and update this Privacy Policy. If we make changes to the Privacy Policy, we will add this information to our website, where you can also find the latest version of the Privacy Policy.
Last updated 17 May, 2022.