Updated 4.2.2022
1 Name of the register
The customer, subcontractor, and marketing directory of Keravan Energia concern.
2 Register controller
Keravan Energia Oy (0891026-0) and Sipoon Energia Oy (1030712-9)
Street address: Tervahaudankatu 6, 04200 Kerava
Mail address: PL 37, 04201 Kerava
Telephone: 09-584 95526
3 Contact information on issues regarding the register
info@keoy.fi
Tervahaudankatu 6, 04200 Kerava
Tel. 09-5849 5526
4 The data content of the register
In our directory we handle personal data regarding our private customers, representatives of company customers and potential customers of all groups. In addition we handle data regarding our suppliers and subcontractors and our employees.
We collect and handle the following data:
Kerava Energia companies also process personal data collected through the Whistleblowing channel. You can find out more about the processing of personal data collected through the channel here.
You can find out more about the processing of the personal data of our subcontractors’ employees in the Ilmoita service.
5 The purpose of use and reason for personal data
The controller or a partner authorized by it (acting on behalf of the controller) uses the personal data of customers, potential customers and subcontractors in accordance with personal data legislation for the following purposes:
The directory controller has the right to handle personal data based on the following:
6 Regular sources of information
Information about customers is obtained from customers, e.g. in connection with requests for offers, orders, contracts and other contacts, as well as the information that is or will be saved from the use of the customer’s products or services. Information is also collected with the help of cookies and similar technologies in accordance with the procedures allowed by the regulations in force at any given time. The information of potential customers can be obtained in connection with possible raffles.
All customer contacts can be recorded and saved. The recordings are used e.g. in the authentication of business transactions and in the development of customer service.
Personal data can also be collected and updated from the registers of the Population Register Center, Suomen Asiakastieto Oy and other similar service providers.
The information is also updated based on the rules for exchanging information on the electricity market published by Energiateollisyys ry.
In the case of the employees of our subcontractors, personal data is collected directly from the registrants or their employers.
7 Data processors and other recipients
In principle, personal data is not disclosed to outside parties. Information may be disclosed to the authorities as required by the legislation in force.
In accordance with the electricity market legislation and the supplemental application instructions of the industry, information is disclosed to other parties in the electricity trade (electricity seller, distribution network operator) and to the data controller responsible for the electricity market data exchange solution (Fingrid Datahub Oy) via electronic message traffic.
Information can also be transferred for processing to Keravan Energia Oy’s partners, subsidiaries, service providers or subcontractors for the purposes specified in section five.
Our partners and subcontractors can process personal data only for tasks related to customer relationship management or maintenance performed on our behalf. We always ensure that our partners do not process transferred personal data for any other purposes.
8 Data transfer outside the EU or EEA
Data will not be transferred outside the EU or EEA, unless it is necessary for the technical implementation of the service or data processing. In this case, data protection and information security requirements set by data protection legislation are followed in the transfer of data.
9 Principles of personal data retention
Personal data according to this privacy statement will be stored as long as the data controller uses the data for the purposes described in section five. Personal data stored in the register are deleted when there is no longer a legal basis for their processing.
In the customer information system, personal data is stored for a maximum of ten years from the end of the customer relationship or until the customer requests the deletion of the data.
Personal data may also have to be stored longer than this, if the applicable legislation or our contractual obligations towards third parties require a longer storage period.
Subcontractors’ personal data is stored for six years after the end of the year in which the construction site was completed.
If we process personal data based on consent, the given consent can be revoked at any time.
Personal data processed on the basis of consent will be deleted immediately after withdrawal of consent, if there is no other legal basis for the processing.
10 Principles of registry protection
The data security of the register and the confidentiality, integrity and usability of personal data are ensured by appropriate technical and organizational measures.
Only persons employed by the Keravan Energia Group or its authorized operators, whose job duties require the processing of personal data, have access to the information.
Register data is protected with personal usernames and passwords. Viewing and editing rights are limited by user rights. We require staff and partners to commit to keeping customer information confidential.
11 Rights of the registrant
The registered person has rights according to data protection legislation. Please note that the more precise application of the rights in each individual situation depends on the purpose and situation of personal data processing.
The registered person must send requests regarding his rights in writing and signed to the address:
Keravan Energia Oy
PL 37
04201 Kerava
or via email to info@keoy.fi.
Requests regarding your rights can also be submitted personally on location to the controller’s representative.
As a general rule, the data controller does not charge the data subject a fee for processing the request.
However, if the data subject’s requests are obviously unfounded or unreasonable, such as if they are presented repeatedly, the data controller may charge the data subject a reasonable fee based on the administrative costs of processing the request.
The right to get access to personal data and to receive a copy of personal data
The registrant has the right to receive confirmation as to whether the registrant’s personal data is being processed, as well as the information defined in the data protection legislation about the processing of personal data. In addition, the data subject has the right to receive a copy of the personal data being processed.
The right to check and correct data
The registered person has the right to check what information about him is stored in the register. The registered person has the right to demand the correction of incorrect or inaccurate personal data.
The right to data removal
The registered person has the right to have his personal data deleted without undue delay, provided that
The right to restrict processing
The registered person has the right to have the controller limit the processing if
The right to withdraw consent
If the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw his consent to the processing at any time without affecting the legality of the processing carried out prior to this consent. However, the registered person’s personal data can be stored if compliance with the legal obligation of the controller requires the storage of personal data.
The right to transfer data from one system to another
The registered person has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format, and the right to transfer the data in question to another data controller, if it is technically possible.
The right to file a complaint with the supervisory authority
The data subject has the right to file a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning him/her violates applicable data protection regulations.
12 User tracking
We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same user’s behavior over several sessions – in practice this works similarly to cookie-based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy (https://leadoo.com/privacy-policy/) for more information on what is tracked and what your rights are. Leadoo works as the Processor, and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see https://leadoo.com/privacy-policy-processor.