Updated on 6 June 2024
1. CONTROLLER AND CONTACT PERSON
Lumme Energia Oy (later Lumme Energia)
Business ID: 2038931-6
Visiting address: Prikaatinkatu 3A, 50100 Mikkeli
Telephone: +358 (0)29 1800 056
Online service: www.lumme-energia.fi
Contact person for registration matters: Mikko Alftan; tel. +358 (0)40 560 1240
2. NAME OF REGISTER
Lumme Energia’s customer register. Data subjects in the register consist of Lumme Energia’s customers and potential customers.
A potential customer relationship is typically created when a person has expressed an interest in Lumme Energia services via customer events, digital services or in some other personal encounter.
3. PURPOSE OF PERSONAL DATA PROCESSING AND GROUNDS FOR KEEPING THE REGISTER
In the capacity of the controller, Lumme Energia or persons it has authorized through contracts to process personal data use the personal data of customers or potential customers, in accordance with the Data Protection Act, for the following purposes:
- Management and development of customer relationship
- Provision, delivery and production of products and services
- Payments, monitoring of payments, and collection
- Marketing and distance selling of the controller’s products and services
- Development of the controller’s business and of the related customer service
- Segmentation and profiling for the above purposes
Processing of personal data is based on the grounds in accordance with the Data Protection Act, such as:
- Contractual relationship between the data subject and Lumme Energia
- Lumme Energia’s legitimate interests when, for example, Lumme Energia uses the data subject’s data to market its products and services or processes data within the Suur-Savon Sähkö group, or with a third party participating in producing a service
- Data subject’s consent, when the data subject has given their consent for digital marketing, or other consent requested separately by Lumme Energia.
Processing of personal data by Lumme Energia is also based on other mandatory legal obligations. These include the Electricity Market Act and related decrees, the Energy Efficiency Act and the Consumer Protection Act.
4. DATA CONTENT OF REGISTER
Customer data:
- Name
- Personal identity code or business ID
- Customer number
- Contact details (address, telephone and email)
- Any contact persons or representatives
- Any other data obtained with the consent of the customer or potential customer that is necessary for the provision of the agreed service
- Permission for digital direct marketing, and marketing bans
Details of the customer location:
- Address details
- Purpose of use of the location
- Dependence of heating on electricity
- Energy consumption forecast
- Any area and volume information
- Details of equipment used for small-scale production
- Details of the connection
- Status of connection with the grid
- Disconnection criticality
Contract details:
- Object of contract
- Validity period
- Contract prices
- Invoicing address
- Any representation details
Measurement data:
- Energy consumption
- Energy production
- Energy quality
Invoicing information:
- Invoicing principles
- Information about payments and payment behavior
- Bank details
Service event information:
- Event time
- Reason for event
- Recording of customer calls
Customer survey information:
Other customer data:
- Information on membership in loyalty and similar schemes of the controller, and companies in cooperation agreement with it, and information necessary to becoming eligible for the benefits included in the scheme
- Electric car charging data
- Data collected by the solar power calculator
- Equipment, measurement and control data required for services performing demand-side management
Data observed concerning service use:
- Services used
- Publications ordered
- Cookies
- Material downloads from the web service
- Page browsing information
- Browser type and operating system
- Device type, such as a computer or mobile device
Data derived from service use:
- Service use detected by means of analytics and/or data provided by the customer can be used to derive the customer’s potential areas of interest or segment the customer into a certain type of target group.
Data obtained:
- The above data may be updated or enriched by means of external data sources, described below in the section ‘Regular sources of information’
5. REGULAR SOURCES OF INFORMATION
Data concerning customers is obtained from themselves in the form of, for example, tender requests, orders, agreements and other contacts, and from data that is stored automatically or otherwise as customers use products or services.
Data on potential customers is obtained, for example, from competitions, raffles and telephone sales. Data is also collected by means of cookies and similar techniques using methods within the scope permitted by regulations. Use of cookies is explained in the cookie policy of each digital service’s terms of use.
All contacts by customers may be saved. These can be used to verify contacts, process complaints and improve customer service.
Personal data may also be collected, stored and updated from sources such as the register of the Digital and Population Data Services Agency, Suomen Asiakastieto Oy and other controllers’ registers providing address, update and other similar services.
Data is also updated on the basis of information exchange rules applied in the electricity market.
6. REGULAR DISCLOSURE OF DATA
Without the express consent of data subjects, their data is not disclosed to anyone, except those working for Lumme Energia or third parties contributing to the provision of services.
Data is disclosed to the authorities in cases required by law, such as when investigating or preventing abuses.
7. DATA RETENTION
The data subject’s data is stored only as long as it is necessary to fulfill the needs specified in section 3 .
The most significant data retention obligation based on law concerns the obligation to correct the invoicing of consumers, requiring data to be kept for ten (10) years.
8. TRANSFER OF DATA OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA
Personal data is transferred outside the European Union or the European Economic Area only through procedures in accordance with the Data Protection Act, for example by using model contract clauses approved by the European Commission.
9. PRINCIPLES OF PROTECTING THE REGISTER
Information in the register is protected by personal usernames and passwords. Only authorized and defined users have access to the information they maintain. The register is backed up regularly. Customer register data is held in databases that are protected with a firewall, passwords and other technical means.
10. RIGHTS OF THE DATA SUBJECT
10.1 Right to access and verify information
If you wish to exercise your right to a data request, we ask you to use the data request form (in Finnish).
You are asked to use strong identification, as it is our duty to take good care of your data in this regard as well.
Lumme Energia will fulfill the customer's request no later than one month after receiving the request and identifying the requester, unless there is a specific reason to extend the response time.
The data subject has the right to receive a copy on paper or in a commonly used electronic format and to review their own data described in this policy. If there are any inaccuracies or corrections needed in your information, please contact customer service.
10.2 Right to rectify data and restrict processing
The data subject has the right to rectify their data by submitting incomplete or incorrect data with explanations. If there are any inaccuracies or corrections needed in your information, please contact customer service. If the data subject has access to the electronic service channel provided by Lumme Energia, they can update their own information within the limits enabled by the services.
The data subject also has the right to restrict processing until the information has been updated.
10.3 Right to transfer data
The data subject has the right to have personal data they have provided transferred to another system. In the energy markets, service provision requires the conclusion of a contract, resulting in the necessary data being created in the new system.
If there are any inaccuracies or corrections needed in your information, please contact customer service.
10.4 Right to have data erase
The data subject has the right to request the erasure of their data. Erasing the data of a consumer cannot be done until 10 years after the contract’s termination due to Lumme Energia's obligation to correct any invoicing errors during that period.
If there are any inaccuracies or corrections needed in your information, please contact customer service.
10.5 The right to object to automatic decision-making, including profiling
In digital service channels, it is possible that, for example, the eligibility for a contract is automatically checked based on the data provided by the data subject.
If automatic processing and decision-making is applied, the data subject has the right to object to it if the procedure is not necessary for the conclusion or performance of the contract.
In such cases, the data subject is informed of alternative ways of proceeding through other channels.
10.6 Right to withdraw consent
The data subject has the right to give their consent to digital marketing and to withdraw it at any time. This can be done by contacting customer service, updating your own information through Lumme Energy's electronic services, or using the unsubscribe link in the electronic newsletter.
10.7 Right to object to the use of cookies
Lumme Energia's digital services use cookies. The terms of use of the services describe how to prevent the use of cookies and what effect this has on the service. You can learn about the cookies used on Lumme-energia.fi website here (in Finnish).
10.8 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority if they consider that their personal data has been processed in breach of the current data protection legislation. In Finland, this authority is the Office of the Data Protection Ombudsman. Further information at https://tietosuoja.fi/en/home.
