Privacy Policy for interest groups

The purpose of this Privacy Policy is to explain why and how Oulun Energia Group processes the personal data of its interest groups. Interest groups include Oulun Energia Group partners, suppliers, authorities, or interest groups and their contact persons (“interest groups”).

Data controller

The data controllers in accordance with data protection legislation are Syklo, Oulun Energia Oy, Oulun Energia Sähköverkko Oy, and Turveruukki Oy (hereinafter referred to as the “group member” or “data controller” or “Syklo”).

Syklo’s interest group data may be processed by one or more data controllers belonging to the corporate group, each of whom is independently responsible for the processing of personal data for their own purposes. Each corporate group is independently responsible as a data controller for ensuring that the processing of personal data is carried out in accordance with this Privacy Policy and applicable data protection legislation.

For more information on the processing of personal data for marketing purposes, please refer to the Syklo marketing Privacy Policy.

Data controller contact information:

  • Syklo, Business ID: 3275158-9, PL 116, 90101 Oulu
  • Oulun Energia Oy, Business ID: 0989376-5, PL 116, 90101 Oulu
  • Oulun Energia Sähköverkko Oy, Business ID: 2080002-1, PL 116, 90101 Oulu
  • Turveruukki Oy, Business ID: 0210307-0, PL 116, 90101 Oulu

What personal data do we collect?

We primarily collect data about our interest groups from the representative of the interest groups themselves. In certain circumstances, the data controller may also collect information about interest groups from other sources, such as the contact details provided by interest groups themselves on their websites.

We collect and process the following data about our interest groups:

  • basic information such as name, designation, professional title, position or function in the company, company name;
  • contact information, such as postal address, email address, and telephone number;
  • information related to collaboration, such as projects, initiatives, or customer relationships;
  • information related to the use of the systems, such as user IDs for the information systems;
  • information collected through cookies.

On what basis do we process your personal data, and what do we use it for?

We may process personal data for the following purposes and on the following grounds:

Management of collaboration under contract

Personal data is processed for the purposes of organising and managing the business collaboration of the data controller, such as communication, organisation, maintenance, and development of collaboration between the data controller and interest group. Where an agreement for collaboration (e.g., a collaboration agreement or subcontracting agreement) has been made between the parties, the processing is based on the agreement between the data controller and the interest group.

Other collaboration with interest groups

The data controller works together with a number of interest groups, such as public authorities (e.g., the Energy Authority), interest groups (e.g., Finnish Energy) and other companies, for example in connection with the development of the energy sector. However, not all collaboration is necessarily based on a contractual relationship, but generally on maintaining good working relationships in the energy sector. Collaboration may include, for example, communication and organising events. In this respect, the processing is based on the legitimate interest of the data controller in maintaining appropriate collaborative relationships with interest groups in the energy sector.

Purposes required by legislation

Personal data may also be collected and processed on the basis of legislation if required by the legislation applicable to the data controller, for example, for accounting purposes.

To whom do we transfer or disclose your personal data?

We may transfer and disclose the personal data of our customers to third parties in the following cases:

  • to the extent required by and within the limits of legislation or a contractual relationship;
  • to trusted third-party service providers acting on our behalf who do not have independent right of access to the information we transfer to them;
  • within the Oulun Energia Group, if it is appropriate in order to coordinate collaboration with the interest group;
  • if our company is involved in a corporate transaction; and
  • when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect the rights of you and others, to investigate fraud, or to respond to requests from the authorities.

Do we transfer your personal data outside the EU or the EEA?

We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will ensure appropriate safeguards are in place in accordance with the applicable data protection legislation, for example by using the European Commission’s standard contractual clauses.

How long do we store your personal data?

The data will be stored only for as long as it is necessary to fulfil the purposes specified in this Privacy Policy. Personal data is primarily retained for the duration of the contractual relationship or project, and then deleted unless we are obliged to retain the data by law or by the contractual rights and obligations of the parties. Personal data processed on the basis of a legitimate interest shall be retained only for as long as it is necessary for the purposes of collaboration; for example, when a contact person changes, the old data will be deleted and replaced by the contact details of the new contact person.

What rights do you have?

An individualised request to request the information on the processing of personal data should be sent to: mira.juola@oulunenergia.fi. When you request information, we will verify your identity. We will respond to requests within one (1) month of their submission, unless there are specific reasons to extend the response time. We may also refuse to comply with your request on the grounds provided by applicable law.

For more information on the processing of personal data for marketing purposes and your rights as a marketing data subject, please refer to Syklo’s marketing Privacy Policy.

As a data subject, the following rights are guaranteed to you under applicable data protection legislation:

Right of access:

You have the right to request access to your personal data from us within the limits and in accordance with the applicable data protection legislation. You have the right to be informed about how and for what purposes your personal data is processed.

Right to request rectification and erasure of data and to restrict the processing of personal data:

You have the right to request the rectification or erasure of your data, within the limits and in accordance with applicable data protection legislation.

You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller’s response to your request to rectify or erase your data.

Right to object to the processing of personal data:

You have the right to object to the processing of your personal data within the limits and in accordance with the applicable data protection legislation. For example, you always have the right to prohibit direct marketing to you.

Right to transfer data between systems:

You have the right to transfer data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer them to another data controller, within the limits and in accordance with applicable data protection laws.

Right to withdraw consent

If your personal data is processed on the basis of the data subject’s consent, you have the right to withdraw your consent.

Right to lodge a complaint with a supervisory authority:

You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area if you think that your statutory rights have been violated.

How do we protect your personal data?

We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), that we use to restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data processing agreement.

Amendment to the Privacy Policy

We reserve the right to change and update this Privacy Policy. If we make changes to the Privacy Policy, we will add this information to our website, where you can also find the latest version of the Privacy Policy.

Contact information

If you have any questions regarding the Privacy Policy or your personal data, you can contact our contact person by email at: mira.juola@oulunenergia.fi.

Last updated 17 May 2022.