1. 1. Data Controller
Plugit Finland Oy (Business ID: 2513960-7)
Jasperintie 334 B
2. Person responsible and/or contact person in matters of customer register
Plugit Finland Oy
Puhelin 0207 350 330 (0,088 €/min)
3. Personal data processed
Plugit processes the following personal data of Plugit’s customers and stakeholders’ representatives:
Basic information of data subjects, such as:
- first name, last name
- year of birth
- contact details (postal address, telephone numbers, email addresses)
- information concerning the profession or role of the contact persons of a corporate customer
- information relating to a customer- or other relationship, as well as use of services and content, such as:
- registration data concerning services of the controller (e.g. online store and backend system user IDs and passwords);
- data concerning the data subject’s vehicle and other possible profiling data and information of interest given by the data subject;
- data concerning purchasing, such as products and services purchased, including information on product guarantees, as well as information necessary for payment, invoicing and debt collection, such as credit card data;
- information necessary for delivery of products or services concerning the data subject’s property or housing, such as the electricity company they use;
- information relating to use of products, such as charging frequencies and capacities as well as data relating to charging rights;
- location information (for example in the backend system, coordinates calculated by GPS, if the customer has given specific permission for this);
- information relating to customer communication, including recordings of telephone conversations with the customer;
- feedback and complaints, including information relating to liability for defects and products;
- data relating to marketing and sales promotion, such as marketing activities targeted to the data subject, their utilisation and the data given in this connection, as well and direct marketing permissions and refusals.
4. Purpose of processing personal data
Personal data may be processed for the following purposes:
- the upkeep and management, analysis and development of a customer- or other relationship, such as:
- installation-. survey- or other maintenance service, or execution of another service
- product delivery or implementation of another agreement
- provision of backend system service
- contact with the customer, including electronic customer communication;
- delivery of Plugit’s own newsletter and the Green Lane service newsletter
- analysis and statistics;
- business planning, analysis and development of the controller’s business and that of the companies currently included in the same group;
- marketing of the controller and of the companies included in the same group at any given time, including direct marketing and targeting of material of interest to data subjects, for example with the aid of a profile created on the basis of the customer’s purchase history or other data;
- opinion polls and market research; and
- other such purposes, which are not in conflict with the purposes described above.
5. Legal bases for processing personal data
If you are one of our direct customers, we process your personal data for the performance of a contract to which you yourself are party, or for the implementation of pre-contractual measures taken at your request. A contract is generated when we give notification of the binding conditions of our service on our website and when you register on our service.
5.2 Legitimate interest
Plugit’s right to process your personal data is based partly on the legitimate interest generated by the customer relationship. We process your data on the basis of legitimate interest, when you represent your employer and register on our service or when you otherwise disclose your personal data to us. Legitimate interest is also a basis of handling data analysis and compiling statistics, as well as implementing marketing and communications on the personal data processed. Profiling and allocation of marketing are also connected to the processing of personal data. Profiling helps us to e.g. inform you of your nearest charging point.
You are entitled to withdraw your consent to personal data processing at any time. You can withdraw your consent to direct emarketing by informing our contact person or by clicking the unsubscribe link found at the bottom of each direct marketing message.
6. Recipients or categories of recipient of personal data
Personal data is disclosed within the limits of permissions and obligations of the relevant legislation currently in force. Data will be disclosed in accordance with regulations to the appropriate authorities, such as the tax authorities. Data will also be communicated to the service providers of charging points, so that the service providers can identify our customers as they use the charging point.
Plugit may disclose personal data to carefully selected cooperation partners for marketing purposes, unless you have refused permission to do so. Personal data is not regularly disclosed for other than the abovementioned purposes. However, Plugit may, to the extent permitted under law, to disclose and/or transfer personal data to relevant parties such as prospective or actual purchasers and their advisers in connection with mergers, acquisitions, sales, reorganizations, or other transactions or transfers or changes of control involving Plugit and/or its group companies, services, applications, digital services, or businesses. We may also receive personal data from relevant parties such as sellers and their advisers for the purposes of such transactions. In addition, Plugit may also disclose data for example for statistics and analysis purposes, in such a way that the data disclosed cannot be associated with an individual person (e.g. data on charging frequencies and amounts)
Personal data processing is outsourced to the following service providers, which process the personal data on Plugit’s behalf:
- IT systems suppliers
- providers of accounting services
7. Transfer of personal data to third countries
Personal data may be transferred to Plugit’s cooperation partners and service providers outside the EU and EEA areas. Personal data will not, however, be transferred to such recipients which do not offer the same or equivalent level of personal data protection as Plugit offers.
Transfer of personal data is always carried out in compliance with the appropriate data protection legislation. Transfer mechanisms compatible with the law are applied in the transfer of personal data: mechanisms such as contracts where the standard contractual clauses of the European Commission and applicable supplementary privacy measures are used to guarantee the level of data protection when personal data is processed outside the EU.
8. Retention periods of personal data
Personal data is retained for as long as is necessary from the point of view of the purposes of personal data processing, or of Plugit’s compliance with legal obligations.
- Plugit retains its consumer-customer’s personal data for the duration of the customer relationship, and for two years after the end of the customer relationship, unless Plugit has other grounds for processing, such as processing in compliance with accounting requirements or for sending direct marketing.
- Plugit retains the personal data processed for direct marketing purposes until the data subject disallows the sending of direct marketing. In this case Plugit will retain the data from the date of the marketing ban, unless the data subject objects to such processing.
- Plugit retains data relating to bookkeeping for 6 years from the end of the calendar year of the relevant accounting period.
- Plugit retains other data, such as contact information on Plugit’s customer register, for as long as a representative represents Plugit’s corporate customer.
9. Data subject’s rights
You may exercise your data subject’s rights in accordance with the GDPR and the Finnish Data Protection Act by making a request here. Please contact our contact person for more information and advice on your rights.
Please note that if necessary, we may ask you for more information to confirm your identity.
9.1 Right to access data
You are entitled to get confirmation from Plugit on whether we are processing your personal data. You also have the right to access the personal data concerning yourself, and information on personal data processing in accordance with the Data Protection Act.
We will not allow you to access such information on Plugit’s business secrets or information that is to be kept confidential, nor information which may violate another person’s privacy.
When you exercise your right to access information, we supply you with a carbon copy of the personal data that we have processed concerning you. If you request several copies, we may charge a reasonable sum to cover administration costs. If you make your request electronically, we will send you the information in a commonly used electronic format, unless you request the information to be given verbally or on paper.
9.2 Right to rectification of data
You have the right to request that we rectify or add to inaccurate and incorrect data concerning yourself without unnecessary delay. We may ask you to send further clarification, if we need more information e.g. to ascertain your identity or to confirm the accuracy of the new data. Requests for corrections will be sent by e-mail to firstname.lastname@example.org. You may also rectify your own data by logging in to our service.
9.3 Right to have data erased
You are entitled to have Plugit erase, without unnecessary delay, the personal data that concerns yourself, if:
- the personal data is no longer needed for those purposes for which it was collected, or for which it was otherwise processed (e.g. if you are no longer a customer and your most recent purchases or other transactions were made several years previously);
- you object to your personal data being processed for special personal reasons relating to you, and if there is no justified reason for processing, or you object to your personal data being processed for direct marketing purposes;
- Plugit has processed your personal data illegally; or
- your personal data is to be erased to comply with legal obligations applying to Plugit.
We assess your rights and our possibilities to erase data case by case. We endeavour to respect your wishes and rights to erase data within the limits of the law.
9.4 Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data so that, in addition to being retained, the personal data will only be processed upon your consent or for the exercise, drawing up or defence of a legal claim, or to protect another person’s rights if:
- you contest the accuracy of your personal data, whereby we will limit processing until the accuracy is being checked;
- we process your personal data illegally, and you object to the removal of the personal data and demand instead that the personal data should be limited;
- Plugit no longer requires the personal data for processing purposes and we would otherwise remove your data, but you require it for the exercise, drawing up or defence of a legal claim; or
- you have objected to your personal data being processed for special personal reasons and you are awaiting ascertainment of whether Plugit’s legitimate interests override the bases of your objection.
9.5 Right to transfer your personal data from one system to another
If you have submitted your personal data to us yourself, for example when registering on our internet service, you have the right to receive that personal data in a structured and commonly used machine-readable format, and you also have the right to transfer that data to another controller, as long as:
- we process the data automatically; and
- its processing was based on your consent (such as when ordering the newsletter) or the processing of your personal data is required for a contract, e.g. the contract concerning implementation of our backend system service.
The right to transfer data from one system to another is limited to a method which does not interfere with another individual’s rights or freedoms. We do not deliver or transfer another individual’s personal data to you or to another controller, nor do we transfer material that may qualify as Plugit business secrets in readable form.
You are not entitled to transfer data from one system to another if the personal data in question is processed on the basis of Plugit’s legitimate interest.
9.6 Right to object to the processing of personal data
You have the right to object to the processing of your personal data on special grounds of your personal situation in so far as the processing is based on legitimate interest, and there is insufficient due cause or justification in our processing which would override your rights and freedoms.
You also have the right to object to your personal data being processed for direct marketing purposes. You can also object to the profiling we perform for direct marketing. We will no longer send you direct marketing or process your personal data for direct marketing purposes after you have exercised your right to object.
10. Right to lodge a complaint to the supervisory authority
The data subject is entitled to lodge a complaint to the relevant authority (in Finland the Data Protection Ombudsman’s Office: https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman), if the data subject considers that Plugit has infringed the applicable data protection legislation in its processing and if the data subject’s rights under the GDPR and/or the Data Protection Act have been infringed.
11. Where does personal data come from (if not from the data subject him/herself)?
First and foremost, Plugit collects personal data from the data subject him/herself. In addition, personal data is collected from cooperation partners and from car showrooms.
Personal data may also be collected from the company the data subject represents, and from the systems Plugit uses to collect data on the data subject.
12. Security of processing of personal data
Personal data in electronic form is protected by technical methods generally accepted within the data security sector, such as firewalls and passwords. The identified data controller, and employees of cooperating companies who have been designated by the controller and who have been granted personal user rights by the controller, are the only ones to have access to the data contained in the electronic register. Material in manual form containing personal data is protected by physical and organizational security measures, such as restricting access to the material
13. User tracking