The data controllers, in accordance with data protection legislation, are Oulun Energia Oy, Oulun Energia Sähköverkko Oy, and Turveruukki Oy (hereinafter referred to as the “group company” or “data controller” or “Syklo”).
For more information on the processing of personal data for marketing purposes, please refer to the Syklo marketing privacy statement.
- Syklo, Business ID: 3275158-9, PL 116, 90101 Oulu
- Oulun Energia Oy, Business ID: 0989376-5, PL 116, 90101 Oulu
- Oulun Energia Sähköverkko Oy, Business ID: 2080002-1, PL 116, 90101 Oulu
- Turveruukki Oy, Business ID: 0210307-0, PL 116, 90101 Oulu
What personal data do we collect?
In principle, we collect information about our stakeholders from the representative of the stakeholders themselves. In certain circumstances, the data controller may also collect information about stakeholders from other sources, such as the contact details provided by stakeholders themselves on their websites.
The following information about stakeholders is collected and processed:
- basic information such as name, title, professional title, position or function in the company, company name;
- contact information, such as postal address, e-mail address, and telephone number;
- information related to the cooperation, such as the project, initiative, or customer relationship;
- information related to the use of the systems, such as user IDs for the information systems;
- video recordings of the surveillance camera (if the stakeholders do business at the site);
- information collected through cookies.
On what basis do we process your personal data, and what do we use it for?
We may process personal data for the following purposes and on the following grounds:
Management of cooperation under the Agreement
Personal data shall be processed for the purposes of organising and managing the business cooperation of the data controller, such as communication, organisation, maintenance, and development of cooperation between the data controller and stakeholder. Where an agreement on cooperation (e.g. a cooperation agreement or subcontracting agreement) has been concluded between the parties, the processing shall be based on an agreement between the data controller and the stakeholder.
Other cooperation with stakeholders
The data controller cooperates with a number of stakeholders, such as public authorities (e.g. Energy Agency), interest groups (e.g. energy industry) and other companies, for example in connection with the development of the energy sector. However, not all cooperation is necessarily based on a contractual relationship, but on maintaining generally good cooperation relations in the field of energy. Cooperation may include, for example, communication and organising events. In this respect, the processing shall be based on the legitimate interest of the data controller in maintaining appropriate cooperative relations with energy stakeholders.
Purposes required by legislation
Personal data may also be collected and processed on the basis of legislation, if required by the legislation applicable to the data controller, for example for accounting purposes.
To whom do we transfer or disclose your personal data?
We may transfer and disclose the personal data of our customers to third parties in the following situations:
- to the extent required by and within the limits of the law or contractual relationship;
- to trusted external service providers acting on our behalf who do not have independent access to the information we transfer to them;
- within the Oulun Energia Group, if it is appropriate, for example, to organise customer relationship management;
- if our company is involved in a corporate transaction; and
- when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect you and others, to investigate fraud, or to respond to requests from the authorities.
Do we transfer your personal data outside the EU or the EEA?
We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will ensure appropriate safeguards in accordance with the applicable data protection legislation, for example by using the European Commission’s standard contractual clauses.
How long do we retain your personal data?
What rights do you have?
An individualised request to exercise your rights as a data subject or a request for information on the processing of personal data should be sent to: email@example.com. When you request information, we will verify your identity. We will respond to requests within one (1) month of submitting the request, unless there are special reasons to extend the response time. We may also refuse to comply with your request on the grounds provided by applicable law.
For more information on the processing of personal data for marketing purposes and your rights related to marketing, please refer to the Syklo marketing privacy statement.
As a data subject, the following rights are guaranteed to you under applicable data protection legislation:
Right of access:
You have the right to request access to your personal data from us, within the limits and in accordance with applicable data protection legislation. You have the right to be informed about how and for what purpose your personal data is processed.
Right to request rectification and erasure of data and to restrict the processing of personal data:
You have the right to request rectification or erasure of your data within the limits and in accordance with the applicable data protection law.
You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller’s response to your request to rectify or erase your data.
Right to object to the processing of personal data:
You have the right to object to the processing of personal data within the limits and in accordance with applicable data protection legislation. For example, you always have the right to prohibit direct marketing to you.
Right to transfer data between systems:
You have the right to transfer data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer them to another data controller, within the limits and in accordance with applicable data protection law;
The right of the data subject to withdraw consent:
If personal data are processed on the basis of the data subject’s consent, you have the right to withdraw your consent.
Right to lodge a complaint with the supervisory authority:
You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area, if you consider that your statutory rights have been violated;
How do we protect your personal data?
We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), whereby we restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data protection agreement.