Privacy Notice – Customer relations and marketing

Updated 1 July 2021

The purpose of this privacy notice is to give you information regarding how we process personal data in our customer relationship management and marketing activities.


eSett Oy
Läkkisepäntie 23
00620 Helsinki
+358 10 5018500
(hereafter ”We” or ”eSett”)
(Business-ID 2582499-7)

Contact Details in Privacy Matters

eSett Oy / Privacy Matters

Läkkisepäntie 23, 00620 Helsinki
+358 10 501 8500

Name of this Register


What are the Legal Bases for and Purpose of the Processing of Personal Data?

We collect information related to our business customers. When performing marketing or customer relationship management activities we process personal data of contact persons or decision makers of our customers. The processing of personal data is based on a contract, legitimate interests of eSett (e.g. direct marketing, customer relationship management, invoicing) and/or a legal obligation of the controller or a third party and your consent (e.g. related to the cookies).

We process personal data to:

  • deliver and develop our imbalance settlement services to meet our customers’ and authorities’ needs,
  • fulfill our contractual and other promises and obligations,
  • take care of the customer relationship and communications, direct marketing,
  • collect customer feedback and implement opinion and market surveys,
  • organize marketing events,
  • plan and develop business operations and services,
  • identify users and management of access rights,
  • enable electronic and direct communication and
  • detect and prevent fraud or misuse.

What Data Do We Process?

We process the following personal data on decision makers and contact persons of our customers (incl. newsletter subscribers, users of our online services, individuals who have requested a quote or submitted a contact request, and participants of events and/or trainings):

  • Basic information such as name*, date of birth, personal identification number, username and/or other identifier, photograph;
  • Contact information such as e-mail address*, phone number*, postal address;
  • Information of the company of the data subject such as company name* and Business ID*;
  • Information of the connection and device the data subject is using such as the IP address, device ID or other device identifier, or location data;
  • Customer history (e.g. participation in the events);
  • Login credentials and usage log of electronic services (e.g. eSett Online Service)
  • Direct marketing permissions and/or prohibitions;
  • Other possible information relevant for the business relationship.

We collect following data on potential customer companies’ or organizations’ decision makers and contact persons:

  • Name, company/employer, contact details e.g. postal address, e-mail address, phone number;
  • Information about individual’s duties and position in business life or a public office;
  • Direct marketing permissions and/or prohibitions.

(*) Committing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide the service.


From Where Do We Receive Data?

We receive information primarily from the data subject itself, authorities, credit information companies and other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To Whom Do We Share Data and Do We Transfer Data Outside EU or EEA?

Unless you prohibit the disclosure of your data, we may disclose data i.e. to selected collaboration partners within the limits of the legislation for providing the service.

We use services of external service providers for, e.g.,

  • IT management, maintaining systems and customer data;
  • maintaining newsletter mailing lists.

In accordance with data protection agreements, each service provider can only process personal data to the extent that is necessary for the provision of the service in question.

We may transfer data to countries outside the EU or EEA in case it is necessary for the purposes of the processing of personal data described above or for the technical implementation of the processing. The level of data protection outside the EEA may be lower than in the EEA. In the absence of adequacy decision by the EU Commission we apply standard contractual clauses approved by the European Union or other approved transfer mechanisms in order to maintain the adequate level of data protection. SCCs available:

How Do We Protect the Data and How Long Do We Store Them?

The information is collected into databases protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. Each user has a personal username and password to the systems where personal data are stored.

We store the data as long as it is necessary for the purpose of processing the data and delete personal data that is no longer needed for the purpose it was processed for. We regularly review the need for data storage taking into account the applicable legislation. In addition, we take all reasonable actions to ensure that no incompatible, outdated or inaccurate personal data are stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

What Are Your Rights as a Data Subject?

Right of access, rectification and erasure

As a data subject you are entitled to obtain information of your personal data processed by eSett. You have also a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of your data.

Direct marketing prohibition and right to restrict the processing

You have the right to object or to demand restriction of the processing and prohibit the direct marketing.

Withdrawal of a consent

When the processing of information is subject to your consent, you may withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent. Withdrawals can be made by requesting withdrawal from

Right to lodge a complaint with a supervisory authority

If you consider that the processing of personal data relating to you infringes the data protection regulation, you have the right to lodge a complaint with a supervisory authority. You may lodge your complaint in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Other rights

You may also request the personal data collected based on your consent or for the performance of a contract to which you are party and concerning you to be transmitted to another controller in a case where the data is in machine-readable and transferable format.

Whom can you contact?

If you have any questions related to the personal data processing or you want to exercise your above mentioned rights, please contact