Privacy policy for Arctic Charge & Comsel System Oy's services

This privacy policy contains information on how your personal data is collected, used, stored or otherwise processed by Comsel System Oy (hereinafter "Data Controller", "we" or "us") in connection with the use of our services, as well as about your rights and how you can contact us.

1. Purpose of processing your personal data

We use your personal data to provide you with our services and to offer you the best possible way to communicate with us. The Controller's purpose with the processing of your personal data is to manage and maintain customer service, develop, maintain, administer and monitor customer relationships and to use them for product development, technical support, advertising and marketing purposes as further described in section 2.

2. Legal basis and purposes of the processing of personal data and categories of personal data

When you register for our services, we collect your name and email address. We may also record your payment details if you use a service that requires this.

The registered data is needed to identify you as a user of our services, to manage the customer relationship and to charge you for the services, where applicable.

In connection with the installation of our equipment, we save data regarding the installation (for example, results of installation testing, pictures from the installation site, information about peripherals installed in connection with installation).

When you use our services, we save information about your consumption and charging history, including where and when you have charged your car. This allows you to track how you use this service and for us to enable the services as well as to charge you according to usage, if applicable

If you use any of our services or products and connect Comsel manufactured products to your account, information about the products' place of use, name and other data regarding your product (applicable product model, serial number, date of manufacture, warranty period, configurations, data regarding communication methods such as telecommunications service provider, signal strength, data consumption, network addresses) will be linked.

In connection with the connection of other equipment not manufactured by Comsel, data regarding login data or access codes to pair your third-party product with Comsel's services may also be saved.

If you use a service that links your consumption data to Fingrid's data hub, information related to your electricity consumption and electricity contract is stored and saved from Fingrid's data hub. The contract data mainly includes the electricity sales and distribution companies with which you have an agreement, the point of consumption code (GSRN), the main fuse size and pricing model (fixed price or spot price) and electricity consumption.

This data is used to deliver the service.

For security reasons, we store the history of logins and requests that reach our systems in connection with the use of all our services.

You or the Data Controller may add additional information to your account to enable and improve the use of the service (e.g. company name, billing reference, vehicle information and identifier and RFID tag number or other information you provide to us).

We can carry out a credit check for companies and coverage reservations on private individuals' debit or credit cards. When conducting the credit check, we may collect data from third-party sources, such as from public sources.

Registered users' personal data is processed in order to fulfil contractual obligations and for our legitimate interest. When you use our services without registering for, for example, a one-time payment for a charging service, you can use the service without registering for our service. In such cases, we only process your payment information.

The legislation in some countries requires you to provide personal data in order to pay (name, address, e-mail). In that case, we process your email address as part of the charging transaction. When using a one-off payment, your personal data is only processed to comply with statutory requirements and the service contract for the service and associated payment transactions.

3. Downloading and using our application (app)

In addition to the personal data associated with the use of our services as a registered or unregistered user, we process the data in the app to fulfill the service agreement and for our legitimate interests, with the intention of improving your experience of the service.

We may request access to your camera or images to allow you to scan QR codes relating to our Services.

We may use your electricity, water or district heating meter's location data to effectively provide you with our services related to the installation of equipment or for the provision of our services. If you use our electric car charging service, we process your location data, for example, to search for chargers and navigate.

Your device (which is linked to your account, if you are logged in as a registered user) can be used to identify you when you make a support request through the app.

4. Use of web-based interfaces for our services

You can use a web-based registration website to register for our services. In such cases, we process the information according to the above description of registration and registered use of service.

We may offer you an opportunity to give consent to the processing of your personal data or to direct marketing in addition to what is described above. All processing based on such consent takes place in accordance with the consent you have given and the basis for the processing is your consent.

Personal data may be transferred to the Controller's partners Vaasan Sähkö Oy for the purposes listed above in section 2.

We have entered into data processing agreements with all service providers who process personal data on our behalf and we have agreed on appropriate safeguards to protect the personal data with these service providers.

The Controller may also use other service providers for the processing of personal data outside the European Union ("EU") or the European Economic Area ("EEA"). The transfer of personal data outside the EU or EEA is always based on one of the following legal grounds:

5. Retention period for personal data

The personal data is stored for as long as the customer relationship lasts. After the customer relationship has ended, personal data may be stored for a maximum of one year. Personal data may be stored for a longer period of time for operational needs (e.g. for backup) or if permitted or required by applicable law (e.g. the Accounting Act) or if the Controller's contractual obligations towards a third party require a longer storage period.

6. Your rights

You may exercise the following rights vis-à-vis the Controller at any time and free of charge:

The Controller may ask the data subject to specify his or her request in writing and to confirm his or her identity before processing the request. The Controller may refuse to implement the request on compelling legitimate grounds that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

7. Contacts

Requests for exercising the rights of the data subject, questions about this privacy policy and other requests should be sent to the data transfer service by e-mail to privacy@comsel.fi

8. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time, for example as a result of changes in legislation. The current privacy policy was last updated on March 1, 2023. We strive to take all reasonable steps to inform the data subjects in good time of any changes and their effects.

9. Contact details of the Controller

Name: Comsel System Oy

Address: Museokatu 11, 65100 Vaasa, Finland Business ID: 2504050-0

Email:privacy@comsel.fi

10. Right to lodge a complaint with the supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority or supervisory authority of the EU Member State where the data subject lives or works, if the data subject considers that the Controller has not processed the personal data in accordance with applicable data protection legislation.

11. Security

All electronically processed personal data is processed and stored in the Controller's information system, which is only accessible to those persons who need the information to perform their authorized duties. Everyone who uses the personal data is bound by confidentiality.