- Data controller
Enerim Oy
Valimotie 17-19, 00380 Helsinki - Data Protection Officer or other contact person
Heikki Hiltunen
Valimotie 17-19, 00380 Helsinki
email: privacy(@)enerim.com - Name of the register
Customer and partner register - Purpose of processing personal data
The controller collects and processes personal data related to the management of customer relationships as well as personal data related to the management of the controller's service providers, suppliers and other stakeholders. The basis for processing is the fulfilment of the controller's legitimate interests (Article 6, paragraph 1, point f), such as managing customer and supplier relationships, developing services and communicating with various stakeholders related to cooperation between authorities and companies.
- Description of the categories of data subjects
Representatives of the controller's customers, service providers and suppliers as well as other stakeholder representatives. As a rule, data is collected from the data subject himself/herself, the data subject's employer or our stakeholders and our suppliers for their subcontractors. Data in relation to use of Enerim’s systems is obtained from the relevant systems.
- Description of the categories of personal data processed
Customers:
- Basic information of the person: name, address, e-mail address, telephone number
- Information on registration in the organisation's newsletters and online forms
- Customer satisfaction surveys
- Analytics data, e.g. related to newsletter reader tracking
- User data of the controller's electronic services
- Event registration information
- Footage
Service providers and suppliers:
- Basic personal information: name, address, e-mail address, telephone number, CV information
- Information about signing up for the organization's newsletters
- Analytics data, e.g. related to newsletter reader tracking
- User data of the controller's electronic services
- Event registration information
- Footage
Special categories of personal data*:
Enerim does not collect sensitive data.
- Automated decision-making
Is the data processed for automated decision-making (e.g. profiling)?
☐ Yes ☒ No
- Legal basis for processing
Standard personal data
☐ Consent of the data subject
☐ Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
☐ Compliance with a legal obligation to which the controller is subject
☐ Protection of the vital interests of the data subject or of another natural person
☐ Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
☒ To pursue the legitimate interests of the controller or a third party.
Processing of special categories of personal data
☐ Explicit consent of the data subject
☐ Processing is necessary for compliance with the obligations and specific rights of the controller or the data subject,
☐ Any other basis pursuant to Article 9 GDPR.
- Recipients or categories of recipients of personal data
Personal data is regularly disclosed to the following parties, among others:
- Personal data is not regularly disclosed to third parties.
Personal data may be disclosed between Enerim Oy's group companies in order to fulfil the rights of data subjects and to third parties in order to fulfil contractual obligations and the rights of data subjects.
- Transfer of personal data outside the EU/EEA
☐ Yes ☒No
Personal data is stored on servers located within the EU/EEA.
- Retention period of personal data
Personal data is processed for as long as it is necessary for the original purpose of use. The retention periods of personal data are reviewed annually.
- Exercising the rights of data subjects
Under the General Data Protection Regulation, the data subject has the right to:
- Withdraw consent at any time;
- Access to data;
- Right to have errors corrected;
- the right to prohibit direct marketing;
- Right to object to processing;
- Right to restriction of processing;
- the right to have data transferred.
If the data subject withdraws his/her consent, a request is requested to be made to the contact person of the register in order to implement the rights of the Data Subject. If the data subject suspects that his or her rights under data protection legislation have been violated, the data subject has the right to lodge a complaint with the Data Protection Ombudsman.
- General description of technical and organizational data security measures
Personal data is stored on the service provider's servers, which are protected in accordance with general industry practices. The personal data collected and processed is kept confidential and is not disclosed to anyone other than those who need it in their work. Access to personal data is protected with user-specific IDs, passwords and access rights. Enerim Oy is responsible for technical and organizational measures to protect personal data.
*Racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation are prohibited.
How to contact us
If you have any questions about Enerim’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: privacy(@)enerim.com