Updated on 6 February 2019
Lumme Energia Oy (later Lumme Energia)
Business ID: 2839885-8
Visiting address: Prikaatinkatu 3A, 50101 Mikkeli
Telephone: 0800 90110
Online service: www.lumme-energia.fi
Contact person for registration matters: Mika Ahola; tel. 010 207 4844
To ensure that their rights are respected, data subjects may, at any time, contact Lumme Energia’s customer service by the following means
Telephone: 0800 90110
Visiting address: Prikaatinkatu 3A, 50101 Mikkeli
Data subjects should be prepared to verify their identity in a reliable manner.
Lumme Energia will fulfil customer requests within a month of having received them and after confirming the customer’s identity, unless a longer response period is warranted.
Lumme Energia’s customer register. Data subjects in the register consist of Lumme Energia’s customers and potential customers.
A potential customer relationship is typically created when a person has expressed an interest in Lumme Energia services via customer events, digital services or in some other personal encounter.
In the capacity of the controller, Lumme Energia or persons it has authorised through contracts to process personal data use the personal data of customers or potential customers, in accordance with the Data Protection Act, for the following purposes:
Management and development of customer relationship
Provision, delivery and production of products and services
Payments, monitoring of payments, and collection
Marketing and distance selling of the controller’s products and services
Development of the controller’s business and of the related customer service
Segmentation and profiling for the above purposes
Personal data processing on the appropriate grounds, in line with the Data Protection Act, such as:
Contractual relationship between the data subject and Lumme Energia
Lumme Energia’s legitimate interests when, for example, Lumme Energia uses the data subject’s data to market its products and services or processes data within the Suur-Savon Sähkö group, or with a third party participating in producing a service
Data subject’s consent, when the data subject has given their consent for electronic marketing, or other consent requested separately by Lumme Energia.
Processing of personal data by Lumme Energia is also based on other mandatory, statutory obligations. These include the Electricity Market Act and related decrees, the Energy Efficiency Act and Consumer Protection Act.
Personal identity code or business ID
Contact details (address, telephone and email)
Any contact persons or representatives
Any other data obtained with the consent of the customer or potential customer that is necessary for the provision of the agreed service
Permission for electronic direct marketing, and marketing bans
Details of the customer location::
Purpose of use of the location
Dependence of heating on electricity
Energy consumption forecast
Any area and volume information
Details of equipment used for small-scale production
Details of the connection
Status of connection with the grid
Object of agreement
Any representation details
Information about payments and payment behaviour
Service event information:
Reason for event
Recording of customer calls
Customer survey information:
Other customer data:
Information on membership in loyalty and similar schemes of the controller, and companies in cooperation agreement with it, and information necessary to becoming eligible for the benefits included in the scheme
Electric car charging data
Data collected by the solar power calculator
Equipment, measurement and control data required for services performing demand-side management
Data observed concerning service use:
Material downloads from the web service
Page browsing information
Browser type and operating system
Device type, such as a computer or mobile device
Session time and duration
Time, frequency and duration of the visit
Data derived from service use:
Service use detected by means of analytics and/or data provided by the customer can be used to derive the customer’s potential areas of interest or segment the customer into a certain type of target group.
The above data may be updated or enriched by means of external data sources, described below in the section ‘Regular sources of information’.
Data concerning customers is obtained from themselves in the form of, for example, tender requests, orders, agreements and other contacts, and from data that is stored automatically or otherwise as customers use products or services.
All contacts by customers may be saved. These can be used to verify contacts, process complaints and improve customer service.
Personal data can also be collected, stored and updated from sources such as the register of the Digital and Population Data Services Agency, Suomen Asiakastieto Oy and other controllers’ registers providing address, update and other similar services.
Data is also updated on the basis of information exchange rules applied in the electricity market.
Without the express consent of data subjects, their data is not disclosed to anyone, except those working for Lumme Energia or third parties contributing to the provision of services.
Data is disclosed to the authorities in cases required by law, such as when investigating or preventing abuses.
The data subject’s data is stored only as long as is necessary to fulfilling the needs specified in section 4.
The most significant data retention obligation based on law concerns the obligation to correct the invoicing of consumers, requiring data to be kept for ten (10) years.
Personal data will only be transferred outside the European Union or the European Economic Area through procedures in accordance with the Data Protection Act, for example by using model contract clauses approved by the European Commission.
When using the digital Lumme Lataus solution, your card details will be stored and processed in the United States by Stripe Inc. Stripe is committed to the EU-US Privacy Shield and the Switzerland-US Privacy Shield. These arrangements refer to policies that describe the privacy practices of the United States regarding the processing of personal data received from the EEA or Switzerland. For more information about Stripe’s commitment and the Privacy Shield principles, please read. https://stripe.com/privacy-shiled-policy
Information in the register is protected by personal usernames and passwords. Only authorised and defined users have access to the information they maintain. The register is backed up regularly. Customer register data is held in databases that are protected with a firewall, passwords and other technical means.
11.1 Right to access and verify information
The data subject has the right to receive a copy in paper or commonly used electronic format, enabling them to check their own data. Data may be obtained using the contact details in section 2.
11.2 Right to rectify data and restrict processing
The data subject has the right to rectify their data by submitting incomplete or incorrect data with explanations, using the contact details given in section 2. If the data subject has access to the electronic service channel provided by Lumme Energia, they can update their own information within the limits enabled by the services.The data subject has the right to rectify their data by submitting incomplete or incorrect data with explanations, using the contact details given in section 2. If the data subject has access to the electronic service channel provided by Lumme Energia, they can update their own information within the limits enabled by the services.
The data subject also has the right to restrict processing until the information has been updated.
11.3 Right to transfer data
The data subject has the right to have personal data transferred to another system. In the energy market, service provision requires the conclusion of an agreement, resulting in the necessary data being created in the new system.
A request for data transfer can be made using the contact details in section 2.
11.4 Right to have data erase
The data subject has the right to request the erasure of their data. Erasing the data of a consumer cannot be done until 10 years after the agreement’s termination due to Lumme Energia's obligation to correct any invoicing errors during that period.
A request for data erasure can be made using the contact details in section 2.
11.5 The right to object to automatic decision-making, including profiling
In digital service channels, it is possible that, on the basis of the information provided by the data subject, the eligibility of the contract is automatically checked, for example.
If automatic processing and decision-making is applied, the data subject has the right to object to this provided that the procedure is not necessary for the conclusion or performance of the agreement.
In such cases, the data subject will be informed of alternative ways of proceeding through other channels.
11.6 Right to withdraw consent
The data subject has the right to consent to and refuse electronic marketing at any time. In addition to using the contact details given in section 2, this can be done through Lumme Energia’s electronic services by updating your personal data and opting not to receive the electronic newsletter.
11.8 Right to appeal to the supervisory authority
Contact details of data protection authority:
Visiting address: Ratapihantie 9 (6 krs.), 00520 Helsinki
Postal address: PL800, 00521 Helsinki
Switchboard: +358 (0)29 566 6700