Oulun Energia logo

Breadcrumbs

Marketing Privacy Policy

The purpose of this Privacy Policy statement is to explain how Oulu Energy processes personal data for marketing purposes. In addition, we will inform you about the rights of data subjects. In this report, the term data subject refers to customers and potential customers to whom marketing measures are targeted. At Oulun Energia, customer data can be processed by one or more data controllers belonging to the Oulun Energia Group, each of whom is independently responsible for the processing of personal data for its own purposes. For more information on other processing of Oulu Energy's customers' personal data, please refer to the Privacy Policy for Customers.

Data controller

Data controllers in accordance with data protection legislation are:

  • Oulun Energia Oy
    Business ID: 0989376-5, PO Box 116, 90101 Oulu

  • Oulun Energia Sähköverkko Oy
    Business ID: 2080002-1, PO Box 116, 90101 Oulu

(hereinafter referred to as "Oulu Energy", "the data controller"). Oulu Energy is responsible for ensuring that the processing of personal data is carried out in accordance with this Privacy Policy and applicable data protection legislation.

What personal data do we collect?

We may process the personal data of our customers and potential customers that is, as a rule, obtained from the data subject, for example on the basis of a customer relationship, forms, subscription to a newsletter or guides, and in connection with lotteries and events. 

In certain circumstances, the data controller may also collect information about its customers from other sources, such as the register of Suomen Asiakastieto Oy. Data are also collected using cookies and similar technologies, in accordance with the current regulations. (Cookie Policy.)

Oulu Energy processes the following personal data for marketing purposes:

  • basic information on the data subject 
    • names, address, telephone number, IP address, and e-mail address
  • information on the contact persons of organisations 
    •  information on the employer and the professional status of the data subject
  • customer relationship information
    •  contacts and marketing information
  • information on products and services provided for the customer 
    • information provided by the data subject themselves concerning their interests, cookies, and information on their use
  • marketing bans and consent 
    • direct marketing ban, telephone marketing ban, electronic direct marketing consent

Processing of personal data in marketing and the legal basis for processing

Traditional direct marketing

We can provide our customers with up-to-date information about our new products and services, for example, by mail or phone. In this case, the processing of personal data is based on Oulu Energy's legitimate interest in marketing its products and services. When the legal basis for the processing is a legitimate interest, Oulu Energy has carried out an assessment of the processing of personal data using the so-called balance test, in accordance with data protection legislation. The customer has the right to refuse marketing communications at any time, as described in the section ”What kind of rights do you have?"

Electronic direct marketing and targeted online marketing

We

can also provide our potential consumer customers with information about our products and services through electronic channels, such as an e-mail newsletter and targeted online advertising using, for example, website banners and social media services. In this case, the processing of personal data is based on the data subject's prior consent, which can be revoked at any time.

Marketing to our organisation customers through electronic channels is based on Oulu Energy's legitimate interest in marketing its products and services. Based on a legitimate interest, we may send direct electronic marketing on products or services belonging to the same product group to our existing consumer customers. In these situations, you have the right to object to electronic marketing communications at any time, as described in the section ”What kinds of rights do you have?"

Profiling

We use profiling to target direct marketing and online marketing. The legal basis for profiling is Oulu Energy's legitimate interest in offering our customers appropriate and interesting products and services. Marketing profiling does not include automated decision-making with significant legal implications. You have the right to object to profiling, as described in the section "What kinds of rights do you have?" You can also deny profiling by objecting to direct marketing or withdrawing consent to direct electronic marketing.

Our site uses cookie-based profiling to recommend content that may be of interest to you. You can allow or deny profiling based on your preferences. For more information, please see our Cookie Policy.

To whom do we transfer or disclose your personal data?

We may transfer and disclose the personal data of our customers to third parties in the following situations:

  • to the extent required by and within the limits of the law or contractual relationship;
  • to trusted external service providers acting on our behalf who do not have independent access to the information we transfer to them;
  • to service providers, such as Facebook, when we provide targeted online marketing on their services;
  • within the Oulun Energia Group, if it is appropriate, for example, to organise customer relationship management;
  • if our company is involved in a corporate transaction; and
  • when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect you and others, to investigate fraud, or to respond to requests from the authorities

Do we transfer your personal data outside the EU or the EEA?

We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will ensure appropriate safeguards in accordance with the applicable data protection legislation, for example by using the European Commission's standard contractual clauses.

How long do we retain your personal data?

Personal data shall be retained only for as long as it is necessary to fulfil the purposes specified in this Privacy Policy statement.

Examples of our primary storage times:

  • If a person has subscribed to our newsletter or guide, or has given consent for direct electronic marketing, the information is retained for as long as the subscription or consent is valid.
  • If a person has participated in a draw, the information is retained for as long as it is necessary to carry out the draw.

How do we protect your information?

We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), whereby we restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data protection agreement.

What rights do you have?

Right of access

You have the right to request access to your personal data within the limits and in accordance with the applicable data protection law. You have the right to be informed about how and for what purpose your personal data is processed.

Right to request rectification or erasure of data and to restrict the processing of personal data

You have the right to request rectification, erasure, or restriction of your data, within the limits and in accordance with applicable data protection legislation.

You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller's response to your request to rectify or erase your data.

Right to object to the processing of personal data

Within the limits and in accordance with data protection legislation, you have the right to object to being profiled and to other data processing that the controller applies to your personal data, to the extent that the processing is justified by the controller's legitimate interest. In connection with the claim, you must identify the situation on the basis of which you object to the processing.

You have the right to object to direct marketing. You can issue a marketing ban at  Oulun Energia Sähköverkko Oy's customer service or Oulun Energia Oy's customer service for heating services.

Right to transfer data between systems

To the extent of the data you have provided to the controller yourself, you have the right to transfer data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer it to another data controller, within the limits and in accordance with applicable data protection law.

The right of the data subject to withdraw consent

If personal data is processed on the basis of the data subject's consent, you have the right to withdraw your consent by requesting this at Oulun Energia Sähköverkko Oy customer service or Oulun Energia Oy's customer service for heating services.

You can withdraw your consent to the e-mail newsletter and targeted online marketing at any time by using the cancellation link at the end of each newsletter.

Marketing cookies are used on our website, and based on the information collected by them, you are provided with recommendations for content that may be of interest to you. The use of marketing cookies is based on your consent, which we request before setting any cookies. You can also withdraw your consent at any time in the cookie banner on our website. For more information, please see our Cookie Policy.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area, if you consider that your statutory rights have been violated.

Contact information

If you have any questions regarding the Privacy Policy or the processing of your personal data, you can contact us by e-mail at: mira.juola@oulunenergia.fi.

Amendment of the Privacy policy statement

We reserve the right to change and update this Privacy policy statement. If we make changes to the Privacy Policy statement, we will add this information to our website, where you can also find the latest version of the Privacy Policy statement.