Privacy policy for Arctic Charge & Comsel System Oy's services
This privacy policy contains information on how your personal data is collected, used, stored or otherwise processed by Comsel System Oy (hereinafter "Data Controller", "we" or "us") in connection with the use of our services, as well as about your rights and how you can contact us.
1. Purpose of processing your personal data
We use your personal data to provide you with our services and to offer you the best possible way to communicate with us. The Controller's purpose with the processing of your personal data is to manage and maintain customer service, develop, maintain, administer and monitor customer relationships and to use them for product development, technical support, advertising and marketing purposes as further described in section 2.
2. Legal basis and purposes of the processing of personal data and categories of personal data
When you register for our services, we collect your name and email address. We may also record your payment details if you use a service that requires this.
The registered data is needed to identify you as a user of our services, to manage the customer relationship and to charge you for the services, where applicable.
In connection with the installation of our equipment, we save data regarding the installation (for example, results of installation testing, pictures from the installation site, information about peripherals installed in connection with installation).
When you use our services, we save information about your consumption and charging history, including where and when you have charged your car. This allows you to track how you use this service and for us to enable the services as well as to charge you according to usage, if applicable
If you use any of our services or products and connect Comsel manufactured products to your account, information about the products' place of use, name and other data regarding your product (applicable product model, serial number, date of manufacture, warranty period, configurations, data regarding communication methods such as telecommunications service provider, signal strength, data consumption, network addresses) will be linked.
In connection with the connection of other equipment not manufactured by Comsel, data regarding login data or access codes to pair your third-party product with Comsel's services may also be saved.
If you use a service that links your consumption data to Fingrid's data hub, information related to your electricity consumption and electricity contract is stored and saved from Fingrid's data hub. The contract data mainly includes the electricity sales and distribution companies with which you have an agreement, the point of consumption code (GSRN), the main fuse size and pricing model (fixed price or spot price) and electricity consumption.
This data is used to deliver the service.
For security reasons, we store the history of logins and requests that reach our systems in connection with the use of all our services.
You or the Data Controller may add additional information to your account to enable and improve the use of the service (e.g. company name, billing reference, vehicle information and identifier and RFID tag number or other information you provide to us).
We can carry out a credit check for companies and coverage reservations on private individuals' debit or credit cards. When conducting the credit check, we may collect data from third-party sources, such as from public sources.
Registered users' personal data is processed in order to fulfil contractual obligations and for our legitimate interest. When you use our services without registering for, for example, a one-time payment for a charging service, you can use the service without registering for our service. In such cases, we only process your payment information.
The legislation in some countries requires you to provide personal data in order to pay (name, address, e-mail). In that case, we process your email address as part of the charging transaction. When using a one-off payment, your personal data is only processed to comply with statutory requirements and the service contract for the service and associated payment transactions.
3. Downloading and using our application (app)
In addition to the personal data associated with the use of our services as a registered or unregistered user, we process the data in the app to fulfill the service agreement and for our legitimate interests, with the intention of improving your experience of the service.
We may request access to your camera or images to allow you to scan QR codes relating to our Services.
We may use your electricity, water or district heating meter's location data to effectively provide you with our services related to the installation of equipment or for the provision of our services. If you use our electric car charging service, we process your location data, for example, to search for chargers and navigate.
Your device (which is linked to your account, if you are logged in as a registered user) can be used to identify you when you make a support request through the app.
4. Use of web-based interfaces for our services
You can use a web-based registration website to register for our services. In such cases, we process the information according to the above description of registration and registered use of service.
We may offer you an opportunity to give consent to the processing of your personal data or to direct marketing in addition to what is described above. All processing based on such consent takes place in accordance with the consent you have given and the basis for the processing is your consent.
Personal data may be transferred to the Controller's partners Vaasan Sähkö Oy for the purposes listed above in section 2.
We have entered into data processing agreements with all service providers who process personal data on our behalf and we have agreed on appropriate safeguards to protect the personal data with these service providers.
The Controller may also use other service providers for the processing of personal data outside the European Union ("EU") or the European Economic Area ("EEA"). The transfer of personal data outside the EU or EEA is always based on one of the following legal grounds:
- The European Commission has established that the recipient country in question ensures an adequate level of data protection;
- the Controller has implemented appropriate safeguards for the transfer of the personal data, using standard contractual clauses approved by the European Commission. The Data Subject then has the right to obtain a copy of these standard contractual clauses by contacting the Personal Data Controller as described in section 7 "Contacts"; or
- the data subject has given his or her explicit consent to the transfer of the personal data, or there is another legitimate basis for the transfer of the personal data outside the EU or EEA. Currently, we do not use any service providers outside the EU or EEA.
5. Retention period for personal data
The personal data is stored for as long as the customer relationship lasts. After the customer relationship has ended, personal data may be stored for a maximum of one year. Personal data may be stored for a longer period of time for operational needs (e.g. for backup) or if permitted or required by applicable law (e.g. the Accounting Act) or if the Controller's contractual obligations towards a third party require a longer storage period.
6. Your rights
You may exercise the following rights vis-à-vis the Controller at any time and free of charge:
- Right to object to the use of data: The data subject has the right to object to the processing of his or her personal data. The data subject has the right to object to the use of his or her personal data for direct marketing purposes at any time. The Data Subject may give the Controller specific consents and prohibitions regarding direct marketing (for example, the Data Subject may prohibit marketing by e-mail, but allow marketing messages sent by post).;
- Right to access data: The data subject has the right to access his or her personal data;
- Right to rectification of data: The data subject has the right to demand that incorrect and/or incomplete personal data be corrected or supplemented;
- Right to erasure of data: The data subject has the right to demand the erasure of his or her personal data if the requirements laid down in the EU General Data Protection Regulation 2016/679 (GDPR) Article 17 are met;
- Right to data portability: The data subject has the right to receive his or her personal data electronically in a structured format and in accordance with the limitations provided for in the EU General Data Protection Regulation 2016/679 (GDPR) Article 20;
- Right to restrict the use of data: The data subject has the right to demand that the processing of his or her personal data be restricted if the requirements laid down in the EU General Data Protection Regulation 2016/679 (GDPR) Article 18 are met; and
- Right to withdraw consent: The data subject has the right to withdraw given consent at any time. In such cases, the data subject must submit a request for the enforcement of the above-mentioned rights by e-mail to privacy@comsel.fi.
The Controller may ask the data subject to specify his or her request in writing and to confirm his or her identity before processing the request. The Controller may refuse to implement the request on compelling legitimate grounds that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
7. Contacts
Requests for exercising the rights of the data subject, questions about this privacy policy and other requests should be sent to the data transfer service by e-mail to privacy@comsel.fi
8. Changes to the Privacy Policy
This Privacy Policy may be updated from time to time, for example as a result of changes in legislation. The current privacy policy was last updated on March 1, 2023. We strive to take all reasonable steps to inform the data subjects in good time of any changes and their effects.
9. Contact details of the Controller
Name: Comsel System Oy
Address: Museokatu 11, 65100 Vaasa, Finland Business ID: 2504050-0
Email:privacy@comsel.fi
10. Right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority or supervisory authority of the EU Member State where the data subject lives or works, if the data subject considers that the Controller has not processed the personal data in accordance with applicable data protection legislation.
11. Security
All electronically processed personal data is processed and stored in the Controller's information system, which is only accessible to those persons who need the information to perform their authorized duties. Everyone who uses the personal data is bound by confidentiality.