Cookie Preferences

We use cookies to provide a better user experience and personalised service. By consenting to the use of cookies, we can develop an even better service and will be able to provide content that is interesting to you. You are in control of your cookie preferences, and you may change them at any time. Read more about our cookies.

These cookies are technically required for our core website to work properly, e.g. security functions or your cookie consent preferences.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

In order to improve our website going forward, we anonymously collect data for statistical and analytical purposes. With these cookies we can, for instance, monitor the number or duration of visits of specific pages of our website helping us in optimizing user experience.

These cookies help us in measuring and optimizing our marketing efforts.
Edit cookie settings
Skip to content

On Friday, September 26, our customer service will exceptionally be open from 12:30 p.m. to 3:00 p.m.

Privacy Notice

GDPR

Data controller and contact information

Oy Herrfors Ab (“Data Controller”)
Kauppiaankatu 10
68600 Pietarsaari
Finland
Tel: +358 6 7815 300
info@herrfors.fi
Contact person for matters related to the register

Robert Ståhl, CIO
Oy Herrfors Ab
Kauppiaankatu 10
68600 Pietarsaari
Finland
Tel: +358 6 7815 326
robert.stahl@herrfors.fi
Name of the register

Customer register of Oy Herrfors Ab
Purpose of processing personal data

Personal data is used by the data controller or their authorized partner for the following purposes:
• management and development of the customer relationship
• provision and delivery of products and services
• payments, payment tracking, and debt collection
• marketing and remote sales of the data controller’s products and services
• development of the data controller’s business operations and customer service.

The processing of personal data is primarily based on the data subject’s consent or the data controller’s legitimate interest.
Data content of the register and categories of personal data

Data from the data controller’s customer register: contact persons of customers, companies, and partners, as well as contact persons of potential customers and partners, and information about users of Herrfors’ website, may be stored in the register.
Customer data
  • name
  • personal identity code
  • customer number
  • legal or natural person
  • language code
  • contact details for communication (e.g. phone number and email address)
  • log data of electronic data exchange between companies (moving date, final meter reading, electricity supplier, meter replacement)
Information about the point of use
  • •street address
  • postal code
  • city
  • owner of the electricity connection
  • usage times
  • heating system (district heating)
  • estimate or data on electricity consumption (statistical information)
  • main fuse size
  • information on microgeneration
Billing and payment information
  • billing address and name of the payer
  • due date
  • billing interval
  • billing method
  • account number
  • payment details
  • details of the electricity contract and transmission agreement
  • customer magazine information
Other information

• customer feedback
• customer satisfaction
• information on service usage and purchasing behavior
• legally required consent and prohibition details for direct advertising, distance selling, and other direct marketing
• information on whether the above-mentioned customer or potential customer is part of the data controller’s or its partners’ loyalty program or equivalent, and the information needed to utilize the benefits of such systems
• other data obtained with the consent or authorization of the customer or potential customer that is necessary to provide the requested service
Regular sources of information

Customer data is obtained through requests for quotations, orders, contracts, and other communications, as well as from information that is recorded or stored when the customer uses services or products. Data on potential customers is obtained through, for example, competitions, raffles, telemarketing, use of online services (including the data controller’s websites and social media channels), cookies, or other customer interactions, or through participation in events. Only information on potential customers who have given marketing or contact consent is stored. All communications from the data controller’s customers may be recorded. These are used for verifying business transactions, handling complaints, and improving customer service. Data is also updated based on the data exchange rules for the electricity market published by the Finnish Energy authority (Energiateollisuus).
 Storage of personal data

Personal data is stored only as long as necessary to fulfill the purposes defined in this privacy statement, taking into account legal restrictions. Based on applicable law, the data controller may be required to retain the data for a longer period than mentioned above. Voice recordings are stored for three years. Outdated and unnecessary data is destroyed in an appropriate manner. Personal data is entered into the register in the form provided by the data subject and is updated according to notifications made by the data subject to the data controller.
Regular disclosures of data

Information in the data controller’s customer register is not disclosed to parties outside the corporate group. Data may be disclosed to authorities as defined by law.
Disclosure and transfer of personal data

The data controller may use subcontractors and service providers in managing the customer register: service maintenance, customer support, management and analysis of user data, surveys, customer communications, and execution of various campaigns. Personal data may be disclosed to subcontractors and service providers only to the extent necessary for fulfilling the purposes specified in this privacy statement. The aforementioned third parties are not permitted to use the personal data for any other purposes than those stated in this privacy statement and defined by the data controller.

The data controller requires them to maintain the confidentiality of personal data and ensure an adequate level of data protection. Personal data may be disclosed to competent authorities in accordance with their lawful requests and relevant legislation. Customer register data is not transferred outside the EU or EEA.
Cookies

The data controller’s websites use cookies. Cookies are small text files stored on the user’s computer or other terminal device. Cookies do not cause any harm to the user’s device.

Customer register: To improve the website, the data controller collects statistical information via the Google Analytics service. Google Analytics cookies store information such as how visitors arrived at the site (via search engine, direct link, etc.), which pages were visited, and how long each page was viewed. This data helps us continue to improve our site and monitor the success of our new development projects. Statistics are collected about the number of users, user location, time of access, browser used, and the content the user visited.

The user can disable cookies in their web browser settings if needed. Disabling this feature may result in certain websites functioning more slowly or even blocking access to specific pages entirely.
Principles of register protection

Customer register data is stored in databases protected by firewalls, passwords, and other technical methods. The data is accessible only to employees of the data controller or authorized parties who need the information for their duties. The data controller requires confidentiality from its personnel and partners. Access to the data requires a username and password. Manually stored material is kept in locked and monitored premises used by the data controller.
Right to access, restrict, rectify, and erase personal data

Right to access
The data subject has the right to review what personal data concerning them has been stored in the data controller’s customer register. The right to access may be denied only on grounds specified by law. Exercising the right to access is generally free of charge once per calendar year.

Right to restriction and objection
The data subject has the right at any time to object to the processing of their personal data if they believe the data controller has processed their data unlawfully or has no legal basis to process the data. However, the right to object does not apply to data necessary for the data controller to fulfill legal obligations or other statutory requirements.

Right to erasure
The data subject has the right to request the correction of incorrect data, the completion of incomplete data, and the deletion of their data from the data controller’s customer register. This right does not apply to data that must be retained due to the data controller’s legal obligations or other lawful grounds.

Right to data portability
To the extent that the data subject has provided data to the data controller’s marketing register and such data is processed based on consent or agreement, the data subject has the right to receive the data primarily in electronic form and to transfer it to another data controller.

Right to object to direct marketing
The data subject has the right at any time to prohibit the use of their data for direct marketing purposes.

Right to lodge a complaint
The data subject has the right to file a complaint with the competent supervisory authority if the data controller fails to comply with applicable data protection laws.

Other rights
If data is processed based on the data subject’s consent, they have the right to withdraw that consent by notifying the data controller in accordance with item twelve of this privacy statement.

Requests for access or correction must be submitted in writing and signed, and sent to the data controller’s customer service at the following addresses:
Kauppiaankatu 10, 68600 Pietarsaari or Torikuja 3, 84100 Ylivieska.
The customer must be able to verify their identity. The data controller will provide a written response within 30 days of receiving the written request or the customer’s in-person visit to customer service.
Changes to the privacy statement

The data controller continuously develops its operations and therefore reserves the right to modify this privacy statement by announcing changes on its website. Changes may also result from legislative amendments. The data controller recommends that data subjects review the content of the privacy statement regularly.

Cookies

What is a cookie?

A cookie is a text file stored on your computer. Cookies are commonly used on most websites to improve user experience and site functionality. The information stored in a cookie may also be used to track the visitor’s other internet usage.

How do we use cookies?

We use Google Analytics visitor tracking, which stores cookies on your device. With cookie data, we can monitor how our visitors use the website. The cookie data does not contain information that would allow us to identify our visitors. We do not use any other cookies beyond this.

Do you have to allow cookies?

If you want to visit our website but do not want cookies to be stored on your computer, you can browse privately by opening an incognito window (Chrome), private window (Firefox), or InPrivate window (Microsoft Edge). When you close the browser window, the cookies will be deleted from your computer.