Privacy policy

Updated 23rd May 2018

1 DATA CONTROLLER AND CONTACT PERSON

Järvi-Suomen Energia Ltd (hereafter Järvi-Suomen Energia or we)
Business ID: 0981408-6
Street address: Otto Mannisen katu 6, 50100 Mikkeli
Telephone: +358 800 90444
Website: www.jseoy.fi
Register liaison: Arto Pajunen, tel. +358 10 210 4203

2 CONTACT

To exercise their rights, the data subject can always contact the customer service of Järvi-Suomen Energia via the following channels:
Telephone: +358 800 90444
Email: asiakaspalvelu@sssoy.fi
Street address: Otto Mannisen katu 6, 50100 Mikkeli

The data subject should be prepared to provide valid proof of their identity.

We will fulfil customer requests within a month of receiving the request unless there is a specific reason to prolong the response time.

3 REGISTER NAME

The customer register of Järvi-Suomen Energia. The data subjects are customers or potential customers of Järvi-Suomen Energia.

Potential customers have typically expressed their interest in our services at customer events, digital services or other personal encounters.

4 WHY WE GATHER PERSONAL DATA

Järvi-Suomen Energia, as the data controller, or our authorized third-party information handlers use the personal data of our customers and potential customers in accordance with the data protection legislation for the following purposes:
• Customer relations management and development
• Offering, delivering and producing products and services
• Payments, billing coordination and debt collection
• The marketing and distance selling of our products and services
• Developing our business and customer service
• Segmentation and profiling for the abovementioned purposes.

The handling of personal data is based on the principles of the privacy protection legislation in force, such as:

• The contractual relationship between the data subject and us
• Our legitimate interest when we use the personal data of the data subject to promote our products and services or handle personal data inside the Suur-Savon Sähkö business group or with a third-party service provider
• The consent of the data subject to digital marketing or consent to other separate operations of Järvi-Suomen Energia.

In addition, the handling of personal data is based on legal obligations, such as the Electricity Market Act and its decrees, the Energy Efficiency Act, the Consumer Protection Act and the electricity infrastructure parts of the Land Use and Building Act.

5 REGISTER CONTENTS

Personal data:

• Name
• Social security number or business ID
• Customer number
• Contact details such as address, telephone number and email
• Potential contact persons or representatives
• Other information consensually given by the customer or potential customer, which is necessary for providing the agreed service
• Consent and withdrawal of consent to digital marketing

Property data:

• Address
• Property purpose
• Heating’s dependence on electricity
• Energy consumption estimate
• Potential area and volume information
• Technical information about small-scale energy production
• Technical information about power connection
• The status of grid connection
• Power outage criticality

Contract data:

• Contract subject
• Contract length
• Contract pricing
• Billing address
• Potential contact person

Energy meter:
• Energy consumption
• Energy production
• Energy quality

Billing data:
• Billing principles
• Data on payments and payment behavior
• Bank details

Service encounter data:
• Date and time
• Purpose
• Customer service call recordings

Customer survey data:
• Customer service experiences

Landowner data in the electrical grid area:
• Landowner data
• Geographic information on area boundaries

Service use data:
• Services used
• Subscriptions
• Cookies
• Downloads on the website
• Browsing
• Browser and operating system
• Device type, such as desktop or mobile
• IP address
• Time and length of session
• Time, length and frequency of visits

Service use data:
We may use the service use data acquired from analytics and given by the customer to define the potential interests of the customer or to segment the customer into target groups.

Acquired data:
We may use outside sources to update and complement the abovementioned data. The sources are listed in the Information Sources section below.

6 INFORMATION SOURCES

We acquire customer data from offer requests, orders, contracts and other contacts along with the customer’s own product and service use.

We acquire potential customer data from competitions, raffles and telemarketing. We also collect data using cookies and similar technology, always according to the regulations in force. There is a separate section for the use of cookies in every digital service’s terms and conditions.

We may record all customer contacts. We use the recordings for authentication, handling of complaints and customer service development.

We may also collect, record and update personal data using the registers of National Land Survey of Finland, Digital and Population Data Services Agency, Suomen Asiakastieto Oy or other data controllers offering similar address and update services.

We also update data in accordance with the rules of the electricity sector information exchange.

7 ACCESS TO PERSONAL DATA

We don’t pass on personal data outside recipients working for Järvi-Suomen Energia or third-party service providers without consent from the data subject.

Passing on data to agents in the electricity market is governed by the industry’s non-discrimination regulation and rules of information exchange.

We are bound by law to pass on data to the authorities in some cases, such as investigating or preventing misdemeanors.

8 STORING DATA

We store personal data only as long as it serves the purposes stated in section 4, Why We Gather Personal Data.

Of the legal obligations concerning record keeping, the consumers’ billing appeals are the most significant. The appeals must be kept for ten (10) years.

We store physical documents at Järvi-Suomen Energia’s locked and secure offices.

9 TRANSFERRING DATA OUTSIDE THE EU OR EEA

We only pass on personal data outside the EU or the EEA using procedures based on the Data Protection Act, such as model contractual clauses approved by the European Commission.

10 DATA PROTECTION PRINCIPLES

We secure the register information using usernames and passwords. Only authorized users can access the personal data they administer. We make regular backups of the register. We store the register information in databases that are secured by a firewall, passwords and other technical measures.

11 RIGHTS OF THE DATA SUBJECT

11.1 Right to access and check personal data
To check the personal information defined in this document, the data subject has the right to get a copy of their personal data in both physical and standard digital forms. Weprovide the data through the channels defined in section 2.

11.2 Right to correct and restrict the handling of data
The data subject has the right to correct their personal data by delivering missing or incorrect information and explanations using the channels provided in section 2. If the data subject uses our digital customer service platforms, they can update their personal information within the limits of the platform.

The data subject has the right to restrict the handling of their data until the information is up to date.

11.3 Right to transfer data
The data subject has the right to transfer their personal data to another system or register. Services in the electricity market always require a contract, which also governs the data entry to new systems.

Transfers can be requested using the channels provided in section 2.

11.4 Right to delete data
The data subject has the right to request the deletion of their personal data. As we are required to handle billing appeals until 10 years after the contract has expired, the deletion is only possible 10 years after the customer relationship has ended.

Deletions can be requested using the channels provided in section 2.

11.5 Right to object to automated decision-making, including profiling
In digital service channels, the register data can potentially be used to automatically check eligibility for a contract.

The data subject has the right to object to automated decision-making unless it is necessary for the negotiation and implementation of the contract.

In these cases, we offer the customer alternative ways and channels they can use to handle the customer relationship.

11.6 Right to withdraw consent
The data subject has the right to consent to digital marketing and to withdraw said consent at any time. The withdrawal can be made using the channels provided in chapter 2, by updating personal information on our digital service platforms or by clicking the unsubscribe link in our newsletter.

11.7 Right to decline cookies
We use cookies in our digital services. The process and effects of declining cookies are explained in the terms and conditions of the services.

11.8 Right to file a complaint with a supervisory authority
If the data subject considers that their data has not been handled according to the guidelines stated in this document and the legislation in force, they have the right to file a complaint to us with a competent supervisory authority.

Contact information for supervisory authority:

Street address: Ratapihantie 9 (6th floor), 00520 Helsinki
Postal address: P.O. box 800, 00521 Helsinki
Switch: +358 29 566 6700
Email: tietosuoja@om.fi