Data controllers in accordance with data protection legislation are:
- Oulun Energia Oy
Business ID: 0989376-5, PO Box 116, 90101 Oulu
- Oulun Energia Sähköverkko Oy
Business ID: 2080002-1, PO Box 116, 90101 Oulu
What personal data do we collect?
We may process the personal data of our customers and potential customers that is, as a rule, obtained from the data subject, for example on the basis of a customer relationship, forms, subscription to a newsletter or guides, and in connection with lotteries and events.
Oulu Energy processes the following personal data for marketing purposes:
- basic information on the data subject
- names, address, telephone number, IP address, and e-mail address
- information on the contact persons of organisations
- information on the employer and the professional status of the data subject
- customer relationship information
- contacts and marketing information
- information on products and services provided for the customer
- information provided by the data subject themselves concerning their interests, cookies, and information on their use
- marketing bans and consent
- direct marketing ban, telephone marketing ban, electronic direct marketing consent
Processing of personal data in marketing and the legal basis for processing
Traditional direct marketing
We can provide our customers with up-to-date information about our new products and services, for example, by mail or phone. In this case, the processing of personal data is based on Oulu Energy's legitimate interest in marketing its products and services. When the legal basis for the processing is a legitimate interest, Oulu Energy has carried out an assessment of the processing of personal data using the so-called balance test, in accordance with data protection legislation. The customer has the right to refuse marketing communications at any time, as described in the section ”What kind of rights do you have?"
Electronic direct marketing and targeted online marketing
can also provide our potential consumer customers with information about our products and services through electronic channels, such as an e-mail newsletter and targeted online advertising using, for example, website banners and social media services. In this case, the processing of personal data is based on the data subject's prior consent, which can be revoked at any time.
Marketing to our organisation customers through electronic channels is based on Oulu Energy's legitimate interest in marketing its products and services. Based on a legitimate interest, we may send direct electronic marketing on products or services belonging to the same product group to our existing consumer customers. In these situations, you have the right to object to electronic marketing communications at any time, as described in the section ”What kinds of rights do you have?"
We use profiling to target direct marketing and online marketing. The legal basis for profiling is Oulu Energy's legitimate interest in offering our customers appropriate and interesting products and services. Marketing profiling does not include automated decision-making with significant legal implications. You have the right to object to profiling, as described in the section "What kinds of rights do you have?" You can also deny profiling by objecting to direct marketing or withdrawing consent to direct electronic marketing.
To whom do we transfer or disclose your personal data?
We may transfer and disclose the personal data of our customers to third parties in the following situations:
- to the extent required by and within the limits of the law or contractual relationship;
- to trusted external service providers acting on our behalf who do not have independent access to the information we transfer to them;
- to service providers, such as Facebook, when we provide targeted online marketing on their services;
- within the Oulun Energia Group, if it is appropriate, for example, to organise customer relationship management;
- if our company is involved in a corporate transaction; and
- when we believe in good faith that the disclosure of information is necessary to safeguard our rights, to protect you and others, to investigate fraud, or to respond to requests from the authorities
Do we transfer your personal data outside the EU or the EEA?
We may transfer personal data outside the EU or the European Economic Area (EEA) if our trusted service provider operates completely or partly outside these territories. In these cases, we will ensure appropriate safeguards in accordance with the applicable data protection legislation, for example by using the European Commission's standard contractual clauses.
How long do we retain your personal data?
Examples of our primary storage times:
- If a person has subscribed to our newsletter or guide, or has given consent for direct electronic marketing, the information is retained for as long as the subscription or consent is valid.
- If a person has participated in a draw, the information is retained for as long as it is necessary to carry out the draw.
How do we protect your information?
We have the necessary technical and organisational data security measures in place to protect personal data from elimination, destruction, misuse, and unauthorised access. Our security measures include data protection and security training for our staff, and management of access and access rights (firewalls, secure equipment facilities, facility access control, limited and personal role-based access rights), whereby we restrict access to your data only to personnel who need to process such data for their work. With regard to subcontractors, we have ensured the implementation of data protection legislation by means of a separate data protection agreement.
What rights do you have?
Right of access
You have the right to request access to your personal data within the limits and in accordance with the applicable data protection law. You have the right to be informed about how and for what purpose your personal data is processed.
Right to request rectification or erasure of data and to restrict the processing of personal data
You have the right to request rectification, erasure, or restriction of your data, within the limits and in accordance with applicable data protection legislation.
You have the right to demand that the data controller restrict the processing of your personal data, such as when you are waiting for the controller's response to your request to rectify or erase your data.
Right to object to the processing of personal data
Within the limits and in accordance with data protection legislation, you have the right to object to being profiled and to other data processing that the controller applies to your personal data, to the extent that the processing is justified by the controller's legitimate interest. In connection with the claim, you must identify the situation on the basis of which you object to the processing.
You have the right to object to direct marketing. You can issue a marketing ban at Oulun Energia Sähköverkko Oy's customer service or Oulun Energia Oy's customer service for heating services.
Right to transfer data between systems
To the extent of the data you have provided to the controller yourself, you have the right to transfer data from one system to another, that is, to receive personal data relating to you in a structured and commonly used format, and to transfer it to another data controller, within the limits and in accordance with applicable data protection law.
The right of the data subject to withdraw consent
If personal data is processed on the basis of the data subject's consent, you have the right to withdraw your consent by requesting this at Oulun Energia Sähköverkko Oy customer service or Oulun Energia Oy's customer service for heating services.
You can withdraw your consent to the e-mail newsletter and targeted online marketing at any time by using the cancellation link at the end of each newsletter.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority of the European Union or the European Economic Area, if you consider that your statutory rights have been violated.