Privacy Policy

Updated on 6 February 2019

1. CONTROLLER AND CONTACT PERSON

Lumme Energia Oy (later Lumme Energia)

Business ID: 2839885-8

Visiting address: Prikaatinkatu 3A, 50101 Mikkeli

Telephone: 0800 90110

Online service: www.lumme-energia.fi

Contact person for registration matters: Mika Ahola; tel. 010 207 4844

2. CONTACTS

To ensure that their rights are respected, data subjects may, at any time, contact Lumme Energia’s customer service by the following means

Telephone: 0800 90110

Email: asiakaspalvelu@lumme-energia.fi

Visiting address: Prikaatinkatu 3A, 50101 Mikkeli

Data subjects should be prepared to verify their identity in a reliable manner.

Lumme Energia will fulfil customer requests within a month of having received them and after confirming the customer’s identity, unless a longer response period is warranted.

3. NAME OF REGISTER

Lumme Energia’s customer register. Data subjects in the register consist of Lumme Energia’s customers and potential customers.

A potential customer relationship is typically created when a person has expressed an interest in Lumme Energia services via customer events, digital services or in some other personal encounter.

4. PURPOSE OF PERSONAL DATA PROCESSING AND GROUNDS FOR KEEPING THE REGISTE

In the capacity of the controller, Lumme Energia or persons it has authorised through contracts to process personal data use the personal data of customers or potential customers, in accordance with the Data Protection Act, for the following purposes:

  • Management and development of customer relationship

  • Provision, delivery and production of products and services

  • Payments, monitoring of payments, and collection

  • Marketing and distance selling of the controller’s products and services

  • Development of the controller’s business and of the related customer service

  • Segmentation and profiling for the above purposes

 

Personal data processing on the appropriate grounds, in line with the Data Protection Act, such as:

  • Contractual relationship between the data subject and Lumme Energia

  • Lumme Energia’s legitimate interests when, for example, Lumme Energia uses the data subject’s data to market its products and services or processes data within the Suur-Savon Sähkö group, or with a third party participating in producing a service

  • Data subject’s consent, when the data subject has given their consent for electronic marketing, or other consent requested separately by Lumme Energia.

Processing of personal data by Lumme Energia is also based on other mandatory, statutory obligations. These include the Electricity Market Act and related decrees, the Energy Efficiency Act and Consumer Protection Act.

5. DATA CONTENT OF REGISTER

Customer data:

  • Name

  • Personal identity code or business ID

  • Customer number

  • Contact details (address, telephone and email)

  • Any contact persons or representatives

  • Any other data obtained with the consent of the customer or potential customer that is necessary for the provision of the agreed service

  • Permission for electronic direct marketing, and marketing bans

Details of the customer location::

  • Address details

  • Purpose of use of the location

  • Dependence of heating on electricity

  • Energy consumption forecast

  • Any area and volume information

  • Details of equipment used for small-scale production

  • Details of the connection

  • Status of connection with the grid

  • Disconnection criticality

Agreement details:

  • Object of agreement

  • Validity period

  • Agreed prices

  • Invoicing address

  • Any representation details

Measurement data:

  • Energy consumption

  • Energy production

  • Energy quality

Invoicing information:

  • Invoicing principles

  • Information about payments and payment behaviour

  • Bank details

Service event information:

  • Event time

  • Reason for event

  • Recording of customer calls

Customer survey information:

  • Service experiences

Other customer data:

  • Information on membership in loyalty and similar schemes of the controller, and companies in cooperation agreement with it, and information necessary to becoming eligible for the benefits included in the scheme

  • Electric car charging data

  • Data collected by the solar power calculator

  • Equipment, measurement and control data required for services performing demand-side management

Data observed concerning service use:

  • Services used

  • Publications ordered

  • Cookies

  • Material downloads from the web service

  • Page browsing information

  • Browser type and operating system

  • Device type, such as a computer or mobile device

  • IP address

  • Session time and duration

  • Time, frequency and duration of the visit

Data derived from service use:

  • Service use detected by means of analytics and/or data provided by the customer can be used to derive the customer’s potential areas of interest or segment the customer into a certain type of target group.

Data obtained:

  • The above data may be updated or enriched by means of external data sources, described below in the section ‘Regular sources of information’.

6. REGULAR SOURCES OF INFORMATION

Data concerning customers is obtained from themselves in the form of, for example, tender requests, orders, agreements and other contacts, and from data that is stored automatically or otherwise as customers use products or services.

Data on potential customers is obtained from competitions, raffles and telephone sales, for example. Data is also collected by means of cookies and similar techniques using methods within the scope permitted by regulations. Use of cookies is explained in the cookie policy of each digital service’s terms of use.

All contacts by customers may be saved. These can be used to verify contacts, process complaints and improve customer service.

Personal data can also be collected, stored and updated from sources such as the register of the Digital and Population Data Services Agency, Suomen Asiakastieto Oy and other controllers’ registers providing address, update and other similar services.

Data is also updated on the basis of information exchange rules applied in the electricity market.

7. REGULAR DISCLOSURE OF DATA

Without the express consent of data subjects, their data is not disclosed to anyone, except those working for Lumme Energia or third parties contributing to the provision of services.

Data is disclosed to the authorities in cases required by law, such as when investigating or preventing abuses.

8. DATA RETENTION

The data subject’s data is stored only as long as is necessary to fulfilling the needs specified in section 4.

The most significant data retention obligation based on law concerns the obligation to correct the invoicing of consumers, requiring data to be kept for ten (10) years.

9. TRANSFER OF DATA OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA

Personal data will only be transferred outside the European Union or the European Economic Area through procedures in accordance with the Data Protection Act, for example by using model contract clauses approved by the European Commission.

When using the digital Lumme Lataus solution, your card details will be stored and processed in the United States by Stripe Inc. Stripe is committed to the EU-US Privacy Shield and the Switzerland-US Privacy Shield. These arrangements refer to policies that describe the privacy practices of the United States regarding the processing of personal data received from the EEA or Switzerland. For more information about Stripe’s commitment and the Privacy Shield principles, please read. https://stripe.com/privacy-shiled-policy

10. PRINCIPLES OF PROTECTING THE REGISTER

Information in the register is protected by personal usernames and passwords. Only authorised and defined users have access to the information they maintain. The register is backed up regularly. Customer register data is held in databases that are protected with a firewall, passwords and other technical means.

11. RIGHTS OF THE DATA SUBJECT

11.1 Right to access and verify information

The data subject has the right to receive a copy in paper or commonly used electronic format, enabling them to check their own data. Data may be obtained using the contact details in section 2.

 

11.2 Right to rectify data and restrict processing

The data subject has the right to rectify their data by submitting incomplete or incorrect data with explanations, using the contact details given in section 2. If the data subject has access to the electronic service channel provided by Lumme Energia, they can update their own information within the limits enabled by the services.The data subject has the right to rectify their data by submitting incomplete or incorrect data with explanations, using the contact details given in section 2. If the data subject has access to the electronic service channel provided by Lumme Energia, they can update their own information within the limits enabled by the services.

The data subject also has the right to restrict processing until the information has been updated.

 

11.3 Right to transfer data

The data subject has the right to have personal data transferred to another system. In the energy market, service provision requires the conclusion of an agreement, resulting in the necessary data being created in the new system.

A request for data transfer can be made using the contact details in section 2.

 

11.4 Right to have data erase

The data subject has the right to request the erasure of their data. Erasing the data of a consumer cannot be done until 10 years after the agreement’s termination due to Lumme Energia's obligation to correct any invoicing errors during that period.

A request for data erasure can be made using the contact details in section 2.

 

11.5 The right to object to automatic decision-making, including profiling

In digital service channels, it is possible that, on the basis of the information provided by the data subject, the eligibility of the contract is automatically checked, for example.

If automatic processing and decision-making is applied, the data subject has the right to object to this provided that the procedure is not necessary for the conclusion or performance of the agreement.

In such cases, the data subject will be informed of alternative ways of proceeding through other channels.


11.6 Right to withdraw consent

The data subject has the right to consent to and refuse electronic marketing at any time. In addition to using the contact details given in section 2, this can be done through Lumme Energia’s electronic services by updating your personal data and opting not to receive the electronic newsletter. 


11.7 Right to object to the use of cookies

Lumme Energia's digital services use cookies. The terms of use of the services describe how to prevent the use of cookies and what effect this has on the service.


11.8 Right to appeal to the supervisory authority

If the data subject considers their data to have been processed in breach of the Privacy Policy and law, they have the right to file a complaint to the competent supervisory authority.

Contact details of data protection authority:

Visiting address: Ratapihantie 9 (6 krs.), 00520 Helsinki

Postal address: PL800, 00521 Helsinki

Switchboard: +358 (0)29 566 6700

Email: tietosuoja@om.fi