eSett is a company providing imbalance settlement services to electricity market participants in Finland, Norway and Sweden.

Controller

eSett Oy
Läkkisepäntie 23
00620 Helsinki
+358 10 5018500
(hereafter ”We” or ”eSett”)
(Business-ID 2582499-7)

Contact Person for This Register

Tanja Linnonmaa
Läkkisepäntie 23, 00620 Helsinki
+358 10 501 8500
ict@esett.com

Name of this Register

CUSTOMER AND MARKETING REGISTER

What are the Legal Bases for and Purpose of the Processing of Personal Data?

The bases for processing personal data are the legitimate interests (e.g. customer relationship management, invoicing) and/or a legal obligation of the controller or a third party.

We process personal data to:

  • deliver and develop our imbalance settlement services to meet our customers’ and authorities needs,
  • fulfill our contractual and other promises and obligations,
  • take care of the customer relationship and communications, and
  • enable electronic and direct communication.

We both process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced our IT management to an outside service provider on whose server the personal data are stored.

What Data Do We Process?

We process the following personal data of our customers or other data subjects (like individuals participating in our trainings) in connection with this customer and marketing register:

  • Basic information of the data subject such as name*, date of birth, personal identification number, username and/or other identifier, photograph;
  • Contact information of the data subject such as e-mail address*, phone number*, postal address;
  • Information of the company of the data subject such as company name* and Business ID*;
  • Information of the connection and device the data subject is using such as the IP address, device ID or other device identifier, or location data;
  • Other possible information gathered with data subject’s consent

(*) Committing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide the service.

From Where Do We Receive Data?

We receive information primarly from the data subject itself, authorities, credit information companies and other similar reliable sources.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To Whom Do We Disclose Data and Do We Transfer Data Outside EU or EEA?

We may disclose or transfer some of the personal data we process outside EU/EEA.

How Do We Protect the Data and How Long Do We Store Them?

The information is collected into databases protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. Each user has a personal username and password to the systems where personal data are stored.

We store the data as long as it is necessary for the purpose of processing the data, and delete personal data that is no longer needed for the purpose it was processed for. We regularly review the need for data storage taking into account the applicable legislation. In addition, we take all reasonable actions to ensure that no incompatible, outdated or inaccurate personal data are stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

What Are Your Rights as a Data Subject?

As a data subject you have the right to access the personal data stored in this register concerning yourself, and the right to require rectification or erasure of that data.

As a data subject, you have the right, according to EU’s General Data Protection Regulation (applied from 25.5.2018), to object to processing or to request restricting the processing, and to lodge a complaint with a supervisory authority.

As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.

All requests and requirements concerning this section should be submitted in writing to the address mentioned in section two (2).