Privacy Notice - customer

Business ID: 1852328-0
Street address: Keilalahdentie 2-4, Espoo
Postal address: P.O. Box 100, FI-00048 Fortum, Finland
Tel. +358 10 4511
Network service: www.fortum.fi

Business ID: 0109160-2
Street address: Keilalahdentie 2-4, 02150 Espoo
Postal address: P.O. Box 100, FI-00048 Fortum, Finland

Business ID: 0350017-4
Street address: Kuulojankatu 1, 11120 Riihimäki
Postal address: PL 181, FI-11101 Riihimäki, Finland

Business ID: 1568601-7
Street address: Ravurinkatu 40, 20380 Turku
Postal address: Ravurinkatu 40, FI-20380 Turku, Finland

Business ID: 1604947-4
Street address: Kuulojankatu 1, 11120 Riihimäki
Postal address: PL 181, FI-11101 Riihimäki, Finland

Fortum collects and processes different types of personal data, such as:

• Contact details including your name, address, phone number, username, customer number, password and photo, if necessary
• Contract and service information, such as information on your use of our services, contract period, notice of termination and other contract-related information
• Payment and consumption data, including information on how you purchase our products and use our services
• Financial and invoicing information, including your invoicing address, term of payment, credit card number, and bank account details
• Work order information, such as information on your communication with Fortum’s customer services, installations, orders for supplementary work, complaints, etc.
• Behaviour and consumption data, such as a customer segment, your response to offers we made to you, and the way in which you use our products, services and website
• Device data, such as IP address, and other data from cookies
• Permit information, e.g. marketing permits.

Fortum collects the information that is necessary through the course of your customer relationship with us and for fulfilling the purposes for which your personal data is used. All aspects of personal data processing have a legal basis.

The personal data about you that we process comes from different sources:

• From you when you subscribe to our services, fill out contact forms, or send us personal information. In these cases, we will inform you of the information we need in order to be able to provide you with the service in question.
• From our customer relationship with you, such as energy consumption data, work order processing, device information, or behaviour data.
• From publicly available sources, such as address registers or from third parties we work with, such as credit information providers, debt recovery services, installation partners and marketing partners.
   

Personal data is processed only for purposes that are specified in advance. We process personal data for the following purposes:

• Customer relationship management and customer satisfaction surveys. Fortum needs personal data to maintain customer relationships, and for providing telephone, email and customer services through our digital channels, for example. We handle customer complaints by collecting the necessary data and providing responses. We notify our customers in matters relating to customer relationships through email, telephone and digital channels.
• Management of contracts and products, service provision and maintenance, and reporting on usage. With every customer, Fortum must enter into a contract for the fulfilment of our contractual obligations with the customer. For this reason, we collect the personal data needed for the preparation and management of contracts and delivery of products and services. We keep our customers informed of these matters in various ways, for example, through notifications related to the contract. In order to be able to offer our customers the best possible solutions, we keep our customer data updated and collect data on consumption and related services.
• Invoicing and debt recovery. We process personal data in order to be able to charge our customers for energy use and the other products, goods and services we provide. We produce invoices based on customer data, contract information, and the energy, goods and services that have been provided. We process payments by our customers, respond to requests for changes to invoices, and file invoices and contracts.
• We continually develop our sales and marketing, products and services. We use customers’ email addresses for sending notices, newsletters and for marketing communications, and to inform our customers about our customer benefits, our services and their use, and our new products and other topical matters. With regard to potential new customers, we process the personal data we receive from e.g. events, competitions and surveys on our websites and via other measures. We perform an automatic transcription of our customer service’s recordings which we analyse to improve the quality of our services.
• Internal reporting and reporting to the authorities

We process your personal data on a number of legal grounds:

• Your explicit and freely given consent. If the processing of your personal data is based on your consent, you can withdraw your consent at any time.
• Data processing is necessary for fulfilling the contract made between you and us, and for making such a contract in the first place.
• Data processing is necessary to meet our legal obligations (for example, we are required by law to store data for a certain period of time) and/or legal requirements or complaints, and for enforcing them or defending Fortum from them.
• Data processing is also necessary with regard to the legitimate interests of Fortum or associated third parties, taking into account the interests of the data subject and their fundamental rights and freedoms. In other words, data processing is necessary for maintaining a balance of interests. Our legitimate interests with regard to such data processing are:
  • To maintain proper, meaningful and consistent files and tasks
  • To develop, improve and sell our products and services, to foster good customer relationships, for example with the aid of customer feedback and customer surveys
  • To conduct cost-effective and meaningful business operations
  • To ensure that customer relationships are properly managed, for example in the processing of guarantees and authorisations
  • To provide meaningful and effective direct marketing to existing customers, such as profiling and segmentation for marketing purposes (see below for details)
  • To obtain payment for products and services rendered or delivered, for example in the event of debt recovery
  • To provide effective customer support and case management, such as saving calls in order to ensure customer service quality and fulfilment of orders.

We at Fortum feel that it is important that our marketing is carried out transparently and is useful to our customers Processing of personal data for marketing is necessary for our legitimate interests in developing, improving and selling our products and services, and for maintaining good customer relationships.

In all communication between us, we give you the opportunity to reject and prohibit all future marketing messages through the various channels.

For example, we carry out market analyses, collect statistics, and evaluate and develop our services and products and inform you about them. Unless you specifically prohibit such communication, you may receive monthly newsletters or general information, such as information on customer benefits. We may also send you targeted benefits and offers based on your purchases, the services or products you are using, and/or your communication behaviour. Such targeted offers are aimed at improving the customer experience, and provide you with relevant offers related to products and services we believe you will be interested in. To be able to make targeted offers, we must divide our customers into different segments or customer profiles based on their interaction with us.
 

We can make decisions related to you through automated decision-making, for example by carrying out automatic credit checks when the contract is being made and during the contract period. This may affect your possibilities for using our services. We use automated decisions to ensure that our decision-making and business processes are effective, digitalised, predictable and legally well founded. We will usually provide you with more detailed and precise information on such automated decision-making processes when an application is being launched or in connection with decision-making. Such information may concern, for example, the underlying logic of the new application and its consequences.

If automated decision-making is not necessary for making a contract between us, we will ask you in advance for your consent to automatic decision-making.

If we have made a decision affecting you solely on the basis of automatic processing (such as auto-profiling), and if such a decision affects your ability to use our services, or otherwise significantly affects you, you can request that this decision is not applied to you unless we can prove to you that the decision in question is necessary for making and completing the contract between Fortum and you.
 

We only retain personal information for the period of time that is necessary for that type of data and for fulfilling the purpose for which that personal data is processed.
In general, personal data is stored for the entire duration of the customer relationship, and for a further six years after the customer relationship has ended. Personal data related to measurement data (such as data on energy consumption and production) is kept for 10 years from the date on which the measurement data was received. Storage times may in certain cases vary depending on the categories to which the data belongs. Fortum regularly sets and evaluates storage periods for each specific type of personal data that it holds. When an item of personal data is no longer needed, Fortum will remove it or render it unrecognisable as soon as possible.

As a matter of principle, we do not sell or trade your personal data or grant third parties access to it. Companies belonging to Fortum Group can process personal data in accordance with the applicable privacy protection legislation. We may disclose personal information to authorised employees or subsidiaries if this is necessary for processing purposes. Personal data is never made available to all employees, only to those who need it for their work. We also use third parties as data processors to help us in processing personal data. When a third party processes personal data on our behalf, we always ensure that the data is always processed securely and in accordance with best practices in privacy and data processing.

The following types of third party are involved in personal data personal data on our behalf:

• Service providers such as printing services, debt recovery services, installation partners, credit information providers, and consultancy service providers
• IT service providers, cloud services
• Sales and marketing partners

Personal data may also be submitted to the authorities for processing.

As a rule, Fortum does not transfer personal data outside the European Union or the European Economic Area. However, if we do transfer personal data outside the EU or EEA, we will use the appropriate safeguards in accordance with current data protection legislation, such as the standard contractual clauses approved by the European Commission.

Fortum will implement the necessary technical and organisational measures to ensure and be able to demonstrate that data protection legislation is applied to processing of personal data.

Among these measures are access to personal data, use of firewalls, making data unidentifiable (pseudonymisation), detailed instructions and training for employees in the protection of personal data, and careful assessment of service providers who are involved in processing personal data on Fortum’s behalf.