Privacy Policy statement for customers

The purpose of this Privacy Policy statement is to explain why and how Syklo processes the personal data of its customers. In addition, we will inform you about the rights of data subjects in this register. For the purposes of this statement, a data subject means a customer who may be an individual, an entrepreneur, or a representative of a customer company or other entity.

At Syklo, customer data can be processed by one or more data controllers belonging to the Oulun Energia Group, each of whom is independently responsible for the processing of personal data for its own purposes. Such purposes may include, for example, the supply of electricity or heat to a customer on the basis of a contract entered into by the customer. The company acting as the data controller is determined on the basis of which Oulun Energia Group company the customer has entered into an agreement with, for example, on the delivery of products and services.

For more information on the processing of personal data for marketing purposes, please refer to the Syklo marketing privacy statement.

Data controller

Data controllers in accordance with data protection legislation are:

  • Syklo, Business ID: 3275158-9, PL 116, 90101 Oulu
  • Oulun Energia Oy, Business ID: 0989376-5, PL 116, 90101 Oulu
  • Oulun Energia Sähköverkko Oy, Business ID: 2080002-1, PL 116, 90101 Oulu

(hereinafter referred to as “Syklo”, “the data controller”). Syklo is responsible for ensuring that the processing of personal data is carried out in accordance with this Privacy Policy and applicable data protection legislation.

What personal data do we collect?

In principle, we collect personal data about our customers from the customer themselves in connection with invitations to tender, contracts, orders, and other customer contacts.

In certain circumstances, the data controller may also collect information about its customers from other sources, such as energy meters installed at the customer’s sites, the demographic data system, or the register of Suomen Asiakastieto Oy.

Oulun Energia Sähköverkko Oy also collects information on the registrant from other energy companies operating in the electricity market from the centralized data exchange system (Fingrid Datahub Oy) on the basis of the exchange of data based on the applicable law or official regulations.

The following information about our customers is collected and processed:

  • basic information, such as name, age, year of birth/personal identification number;
  • contact information, such as postal address, e-mail address, and telephone number
  • customer service contacts, such as customer calls between the customer and the data controller;
  • information related to the use of the customer’s products and services, such as information on energy application, equipment information located at the use site, and energy consumption data;
  • the information necessary for invoicing;
  • customer credit information to the extent permitted and required by law

On what basis do we process your personal data, and what do we use it for?

Customer relationship management and offering products and services

We process our customers’ personal data primarily to provide our customers with the products and services they have ordered. In order to manage the customer relationship, personal data is also processed for invoicing and customer communications. In this case, the processing of personal data is based on an agreement between the data controller and the customer.

Product and service development

We also process personal data to a limited extent to improve our services and to develop new products and services. In this case, the processing of personal data is based on our legitimate interest in collecting sufficient and relevant information to develop and improve our operations.

Security

We process personal data (including camera surveillance recordings) to ensure the security of our customer service facilities, in order to prevent inappropriate access to our premises, to investigate abuses, and to increase the security of our personnel. In this case, the processing of personal data is based on our legitimate interest in ensuring the security of our premises and personnel, as well as the smooth operations of our personnel.

When the legal basis for the processing is the legitimate interest in the above-mentioned sections 2-3, Syklo has carried out an assessment of the processing of personal data using the so-called balance test, in accordance with data protection legislation. The customer has the right to object to the processing based on Syklo’s legitimate interest at any time. For further information, please contact the data protection officer whose contact details can be found at the beginning of this Privacy policy statement.

To whom do we transfer or disclose your personal data?

We may transfer and disclose the personal data of our customers to third parties in the following situations:

  • when required or within the limits of legislation or a contractual relationship, for example, to the parties involved in the electricity market and to the centralized data exchange system (Fingrid Datahub Oy) within the limits permitted and required by electricity market and other legislation;
  •  
  • to the extent required by and within the limits of the law or contractual relationship;
  • to trusted external service providers (including outsourced customer service) who act on our behalf and who have no independent right of access to the information we transfer to them;
  • within the Oulun Energia Group, if it is appropriate, for example, to organise customer relationship management;
  • if our company is involved in a corporate transaction; and
  • when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect you and others, to investigate fraud, or to respond to requests from the authorities

Do we transfer your personal data outside the EU or the EEA?

We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will provide appropriate safeguards, in accordance with applicable data protection legislation.

How long do we retain your personal data?

Personal data shall be retained only for as long as it is necessary to fulfil the purposes specified in this Privacy Policy statement.

Examples of our primary storage times:

  • As a rule, we store customer information for the duration of the customer relationship; customer agreements are stored for up to 10 years from the end of the last agreement.
  • We retain phone records for 1 year.

Some personal data may also be stored after the end of the customer relationship, within the limits and in accordance with applicable data protection legislation. For example, the Accounting Act (1336/1997) requires us to keep some personal data as part of the invoicing records for six years from the end of the year in which the financial year ended.

How do we protect your personal data?

We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), whereby we restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data protection agreement.

What rights do you have?

As a data subject, you have the right to be informed about how and for what purpose your personal data will be processed. Alternatively, you can submit a request directly to the customer service of Syklo . When you request information, we will verify your identity. We will respond to requests within one (1) month of submitting the request, unless there are special reasons to extend the response time. We may also refuse to comply with your request on the grounds provided by applicable law.

For more information on the processing of personal data for marketing purposes and your rights as a marketing data subject, such as a ban on marketing, please refer to the Syklo marketing privacy statement.

As a data subject, the following rights are guaranteed to you under applicable data protection legislation:

Right of access

You have the right to request access to your personal data within the limits and in accordance with the applicable data protection law. You have the right to be informed about how and for what purpose your personal data is processed.

Right to request rectification and erasure of data and to restrict the processing of personal data

You have the right to request rectification, erasure, or restriction of your data, within the limits and in accordance with applicable data protection legislation.

You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller’s response to your request to rectify or erase your data.

When you, as a customer of Oulun Energia Sähköverkko Oy, request an update to your personal information (name, social security number, postal address, telephone number, and/or e-mail address), we will forward the request to update your customer information to your provider, who is primarily in charge of maintaining your customer information.

Right to object to the processing of personal data

You have the right to object to the processing of personal data within the limits and in accordance with applicable data protection legislation. You have the right to object to processing operations based on a legitimate interest of the data controller. In connection with the claim, you must identify the situation on the basis of which you object to the processing.

You have the right to object to direct marketing. You can issue a direct marketing ban at Syklo’s customer service.

Right to transfer data between systems

To the extent of the data you have provided to the controller yourself, you have the right to transfer data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer it to another data controller, within the limits and in accordance with applicable data protection law.

The right of the data subject to withdraw consent

If personal data is processed on the basis of the data subject’s consent, you have the right to withdraw your consent by requesting this at Syklo’s customer service.

You can also withdraw your consent to e-mail marketing and targeted online marketing at any time by using the cancellation link at the end of each newsletter.

Marketing cookies are used on our website, and based on the information collected by them, you are provided with recommendations for content that may be of interest to you. The use of marketing cookies is based on your consent, which we request before setting any cookies. You can also withdraw your consent at any time in the cookie banner on our website. For more information, please see our Cookie Policy.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area, if you consider that your statutory rights have been violated.

Contact information

If you have any questions regarding the Privacy Policy or the processing of your personal data, you can contact us by e-mail at: mira.juola@oulunenergia.fi.

Amendment of the Privacy Policy statement

We reserve the right to change and update this Privacy Policy statement. If we make changes to the Privacy Policy statement, we will add this information to our website, where you can also find the latest version of the Privacy Policy statement.

Last updated 17 May 2022.