Oomi Oy’s customer register

This privacy statement provides data subjects, i.e. the controller’s customers, and the supervisory authority with the information required by data protection legislation on how and why Oomi Oy processes the personal data of its customers.

1 Joint controllers

Oomi Oy
Business ID: 3101315-4
Postal address: Teknobulevardi 7, 01530 Vantaa, Finland (No customer service point)
Website: oomi.fi

Oomi Solar Oy
Business ID:  3384654-7
Postal address: Teknobulevardi 7, 01530 Vantaa, Finland (No customer service point)
Website: oomi.fi

Oomi Oy and Oomi Solar Oy act as joint controllers in so far as shared customers of the companies in question are processed in the Customer Register. Both companies adhere to the data protection principles described in this privacy statement.

2 Persons responsible for the register and their contact information

Person responsible for the register
Sami Naskali

Data protection officer
Olli Turpeinen

Enquiries about data protection
Online data request form – Oomi (in Finnish only)

3 Name of register

Oomi Oy’s Customer Register (‘Customer Register’)

The register’s data subjects are customers and former customers of Oomi Oy.

4 Division of liability between controllers

Oomi Oy acts as an independent controller for data in which the data subject is a consumer customer or the contact person of a corporate customer and the data is related to an electricity contract with Oomi Oy.

Oomi Solar Oy acts as an independent controller for data in which the data subject is the contact person of a corporate customer and the data is related to a solar electricity or charging solution contract with Oomi Solar Oy.

5 Purpose and legal basis of the processing of personal data

Oomi Oy processes the personal data of its customers for the purposes presented in more detail below.

Oomi Oy processes the personal data of its customers

to manage its customer relationships;
to offer, sell and market its products and services, as well as communicate about them, and analyse the use of services and products;
to develop its products and services;
to compile statistics;
for customer satisfaction surveys, opinion polls and market research; and
to comply with the obligations related to the applicable laws as well as official regulations and instructions.

If the customer of Oomi Oy is a private customer, the personal data processing is primarily based on the implementation of the contract between the customer and Oomi Oy. The processing of personal data is also based on Oomi Oy’s legitimate interest in providing, supporting and developing business services as well as managing and developing customer relationships.

Oomi utilises digital marketing channels and uses the common advertising opportunities available within these channels, as well as customer data to a limited extent in certain forms of advertising, in order to create anonymous target audiences. We do not use customers who have opted out of marketing when forming these anonymous advertising audiences.

Oomi offers content on many social media websites and also carries out marketing measures through them. The use of the content of social media websites complies with the terms of the social media service provider. You can explore the privacy settings and marketing practices in the settings of the services in question.

6 Data content of the register

For the purposes mentioned above, we may process the following data related to customers or other data subjects:

basic information about the data subject (such as names, date of birth, personal identity code, address, business ID, customer number, ID and address of the location of use, user ID and/or other unique identifier, password and native language)
information concerning companies’ contact persons (such as information on the employer and the data subject’s professional status);
contact information (such as address, phone number and email address);
information related to payment and invoicing (such as information on invoicing, fees and transactions, payment and collection, preliminary estimates, information on compensation for damages and credit information requests as well as payment card information);
information related to the customer account and contracts (such as information on the contract, order, valid and terminated services, service use and authorisations, contact recordings and records (such as phone call recordings and email records), correspondence and other communication with Oomi Oy as well as information related to marketing);
information on services and products (such as information on orders, validity, changes and end dates; the necessary information concerning the use of mobile services; information provided by the data subject on their interests; cookies and information on their use; and user profiles formed based on the data processed in the context of the Customer Register);
information on electricity consumption (such as projected annual consumption and reports related to consumption);
any other information collected with the specific consent of the data subject (such as direct marketing opt-ins and opt-outs as well as the information required for a Nordia credit application in relation to Home Energy Solutions services);
any other information concerning an insurance agreement (such as health information, employment status information).

7 Regular sources of data

Data concerning data subjects is regularly received from

the data subjects themselves when they become customers of Oomi Oy, register as users of Oomi Oy’s services, use Oomi Oy’s services or when some other proper connection is established between Oomi Oy and the data subject;
Oomi Oy’s Customer Register may also collect, record and update data through bodies such as the Digital and Population Data Services Agency and Suomen Asiakastieto Oy:
from other parties operating on the electricity market on the basis of information sharing that is based on applicable law, procedures and official regulations;
from companies providing insurance services.

Personal data may also be collected and updated from the authorities and other third parties within the limits permitted by the applicable legislation for the purposes described in this privacy statement.

Oomi Oy may record phone calls made to and received from customers in order to ensure and develop the quality of customer service. Phone calls between customers and cooperation partners acting on behalf of Oomi Oy are also recorded.

8 Automatic decision-making

Oomi Oy has the right to check the credit information of persons from Suomen Asiakastieto’s register before signing an agreement concerning products and services.

Credit information is used in the decision-making related to granting contracts. Credit information is processed in accordance with the Credit Information Act (527/2007).

Applicants have the right to require a human to participate in the data processing, the right to express their opinion about a decision and the right to contest a decision made based on automatic decision-making.

9 Regular disclosures of data and data transfer outside the EU or EEA

In order to provide services, personal data may be processed in Oomi Oy’s data systems for the purposes presented in this privacy statement.

For the purposes described in this privacy statement and within the limits permitted and required by legislation, official regulations and instructions issued by industry associations that are in force at any given time, personal data may be disclosed to the authorities, other energy companies operating on the electricity market, property owners and housing managers as well as parties to the electricity supply and sales contract (e.g. pass-thru invoicing), for example.

Personal data may also be disclosed to cooperation partners carefully selected by the controller (e.g. outsourced customer service) for purposes that support the purposes of personal data processing described in the Customer Register.

The controller may use subcontractors in data processing, and data is transferred outside the EU and EEA to a limited extent. When data is transferred outside the EU/EEA, the transfer is carried out using the standard contractual clauses of the European Commission or another transfer mechanism permitted by legislation.

10 Data retention period

Data is retained only for as long as it is necessary in order to fulfil the purposes defined in this privacy statement; the contract details and information related to the contract are generally retained for the duration of the customer relationship. After this, the data is deleted, unless we are obligated to retain the data in accordance with legislation or the rights and obligations based on the contract between the parties.

The retention period of customer data that is based on a contract is ten (10) years according to the Terms of Electricity Sales and Terms of Electricity Supply.

The retention period of contact recordings (telephone calls and email messages) is twenty-five (25) months.

Customer data related to insurance is retained for up to ten (10) years after the company’s responsibility has ended (section 73 of the Insurance Contracts Act). The data is deleted in accordance with the deletion processes followed by the controller. After the end of the contractual relationship, the controller may process personal data for direct marketing purposes in accordance with applicable legislation.

11 Principles of register protection

Personal data is protected by means that are generally acceptable and reasonable in the sector, such as with access passes, training, firewalls and passwords.

Only identified employees of the controller or companies acting on assignment by or on behalf of the controller have access to the personal data processed in the Customer Register in accordance with the access rights granted by Oomi Oy. Oomi Oy takes into account the applicable legislation, official regulations and instructions issued by industry associations regarding ensuring confidential processing of personal data.

12 Rights of data subjects

Right of access

Data subjects have the right to see what data is recorded about them in the Customer Register. This right of access may be refused on grounds provided by law.

You can submit an online data access request at: Online data request form – Oomi (in Finnish only).

Oomi Oy will charge a reasonable amount of compensation for providing the data if the data subject exercises their right of access more often than once a year.

Right to object to direct marketing

Data subjects may opt in or out of the controller’s direct marketing on a channel-by-channel basis.

Data subjects have the right to object to the processing of their personal data for the purposes of direct mail, distance selling and direct marketing as well as market research and opinion polls. The right to object does not apply to customer communications related to services subscribed to and ordered by the customer or other service-related communications carried out in order to offer services.

You can request to opt out of direct marketing at: Online data request form – Oomi (in Finnish only).

Right to object to the processing of personal data

On account of their special personal situation, data subjects have the right to object to being profiled and to other processing measures carried out by the controller on the data subject’s personal data in so far as the data processing is based on the controller’s legitimate interest. When making the request, the data subject must identify the special situation based on which they are objecting to the processing. The controller may refuse to fulfil the request concerning the objection on grounds provided by law.

You can request to opt out of personal data processing at: Online data request form – Oomi (in Finnish only).

Right to request rectification or deletion of data or restriction of processing

Data subjects have the right to request that Oomi Oy rectify, erase or complete any personal data in the register that is incorrect, unnecessary, insufficient or outdated for the purpose of processing.

Data subjects also have the right to request that Oomi Oy restrict the processing of their personal data in situations such as when the data subject is waiting for the controller to reply to their request regarding the rectification or erasure of their data.

Data subjects are personally responsible for the correctness of the data they provide. Data subjects must notify the controller of any changes to the data they have provided.

You can submit a request concerning rectification or erasure of data or restriction of processing at: Online data request form – Oomi (in Finnish only).

Right to withdraw consent

If the personal data processing is based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying Oomi Oy of this.

Right to transfer data from one system to another

In so far as the data subject has personally provided the register with data that is processed in order to fulfil the contract between the data subject and Oomi Oy or based on consent given by the data subject, the data subject generally has the right to receive the data in machine-readable format or transfer it to another controller.

You can submit a file transfer request at: Online data request form – Oomi (in Finnish only).

13 Filing a complaint with the data protection supervisory authority

If the data subject deems that the processing of personal data is in breach of the applicable legislation or that the data subject’s statutory rights have been infringed upon, they may file a complaint about the matter with the relevant data protection supervisory authority. In Finland, the lawfulness of the processing of personal data is monitored by the Data Protection Ombudsman, whose contact information can be found at the following address: www.tietosuoja.fi/en/home.

13 Changes to the privacy statement

We retain the right to change and update this privacy statement. The up-to-date privacy statements are available on our website at oomi.fi/privacy-statements.

26 September 2024