Privacy statement

This privacy policy describes how Fortum (Fortum Corporation and its subsidiaries) processes your personal data. The declaration applies when you use our products and services or interact with us in other ways. The statement also applies if you are a business customer. You can find additional information about privacy related to products and services in the general terms and conditions for the specific service and/or product, in privacy supplements or other statements you will be able to see when you use our product or service.

1. What information does Fortum process?

Fortum collects, processes and takes care of different types of personal data where applicable, for example:

  • Personal information – including contact information (such as name, address, telephone number and email address), demographic data (such as gender, age, language, nationality, occupation and additional information such as interests or segment group) and social security number when necessary to confirm your identity.

  • Agreement and transaction data – such as information about your agreements, orders, purchases, payment status and invoices, recorded and transcribed phone calls, subscriptions and reservations and your other interactions with us, such as service requests and messages to our customer service.

  • Payment and credit information – such as payment card information and account information necessary to confirm purchases, refund money or creditworthiness.
    Electronic data and IDs – data collected with cookies or similar technical solutions, about your use of our services, for example web browsing and segments, your IP address, cookie ID, mobile device ID, information about your browser and device and location.

  • Security data – data used to ensure the use of our services and facilities, for example passwords and login information, security logs and recordings from surveillance cameras.

  • Technical data and consumption data – for example data related to the use of a device, an appliance or an application, including measurement of consumption and production of electricity and other services, and data from charging stations and smart devices, including data from sensors (for example temperature).

2. How does Fortum collect information about you?

The personal data we process comes from different sources:

  • You: when you order or use our services, when you fill out an interest form, participate in a survey or competition, create an account, go to our website or otherwise interact with us.

  • Third parties, for example, Elhub, public address registers, credit reference agencies, debt collection agencies, installation partners, marketing partners, electricity companies, insurance companies and other data providers.

  • Companies in the Fortum group, which share information for the purposes mentioned in point 6 below.

We use your personal data for predefined purposes on the basis of agreement, consent, legal obligation and legitimate interest. We use your personal data for the following purposes:

  • 3.1 Service delivery and customer service - We collect and use personal information about you to process orders, deliver products and services, perform customer service and process payments, agreements and transactions. The information that is necessary to be able to deliver services varies depending on the product or service in question. Online services may require the user to confirm their identity, while electricity agreements require us to measure consumption. Our customer service handles your requests and messages to help you. Customer service can also offer you the optimal contract type for you. We can communicate with you via telephone, e-mail, SMS, chat, automated calls and other digital channels, including social media. The agreement is usually the basis for processing your information in connection with the provision of services and customer service. If required by law, we may ask for your consent to provide certain services, for example location-based services.

  • 3.2 Sales, marketing and communication of interest - We may contact you via marketing even if you are not a customer of ours. We will ask for your consent to contact you when required by law, otherwise we will contact you based on legitimate interest. We may send automated electronic marketing communications without consent that relate to your customer relationship or your professional relationship with us, and use traditional marketing channels (for example, mail, telephone, door-to-door sales) if this is permitted by local law. We also organize lotteries and competitions. In addition to our own marketing and our own sales, we use sales and marketing partners who can contact you about our products and services on the basis of their own customer lists, or sell our products and services on their own premises. Below you can read more about the different types of marketing. You can read about how to manage your marketing preferences under point 10.

  • 3.2.1 Customer marketing - Customer marketing is automated electronic marketing that is sent without consent to existing customers and business customers in the countries where this practice is permitted. To our consumer customers who have ordered our products and services, we regularly send offers and information about products and services that is relevant to the customer relationship. We send this communication to the contact address (phone or e-mail) you have provided in connection with the customer relationship. To our business customers (employees of our existing and potential business customers and business partners and other stakeholders) we send offers and information about products, services, marketing events and services relevant to their professional role. We send this communication to the company's contact address, which we have received from the customer, the company or a public source.

  • 3.2.2 Consent-based marketing - We send automated electronic marketing and newsletters to you if you subscribe to it. This marketing may contain information about products and services from all companies in the Fortum group, or about products and services from partners. We can also obtain permission for marketing on behalf of our partners.

  • 3.2.3 Traditional marketing channels - We may use traditional marketing channels (mail, telephone, door-to-door sales) to contact you about our products or services and products and services from our partners, unless you have blocked the use of your contact details.

  • 3.2.4 Electronic marketing - We advertise our products and services online to users who visit our website or our partners' websites, by placing retargeting cookies or pixels on the websites that enable us (or a third party that acting on our behalf) to show Fortum's advertisements to the same user in another network. In order to reach you in social media, we may use your telephone number or your e-mail address, unless you have blocked them for marketing purposes. For marketing in mobile applications, we can use data we have collected about your use of the application, and your CRM data. We also buy advertising services from external companies that target groups that are relevant to Fortum, with advertisements for Fortum's products and services. In such cases, Fortum does not process the data. Read more about advertising practices in our cookie policy.

  • 3.2.5 What data is used to optimize sales and marketing ("profiling") - For marketing and advertising, we use data collected during the customer relationship and from customer surveys, data about online behavior and derived data that, for example, predicts users' interests. On the basis of this data, we can make marketing more relevant and effective and send you better customized offers. An example of derived data is a segment that tells us that the user probably lives in a suburb or a townhouse. You can also receive targeted offers, for example because you have just moved.

  • 3.2.6 Relations with stakeholders - We manage relations with stakeholders by communicating about relevant topics and marketing events. Communication is sent to the contact addresses we have registered.

  • 3.3 Development of products and services - We process personal data in order to be able to improve and develop the services to customers, to be able to support decisions in connection with the business and to be able to assess customer feedback and needs. The basis for processing information in connection with the development of products and services is legitimate interest. This is done, for example, by obtaining feedback directly from users, by using data generated from the use of our services in analyses, or by testing system functionality with temporary sample data. Data processing for the development of our products and services normally takes place with de-identified data to the extent possible. When we collect contact information in connection with surveys or interviews, we can inform you about the use of the contact information. Sometimes we may use samples of real data, for example to test the functionality of our systems. In analyses, we do not process data that can identify persons, but we collect large amounts of data about the use of the services in order to create statistical models, reports, forecasts and trend analyzes to support business decisions, create analyzes about service levels / the performance of the services and calculate customer segments that are used to improve sales and marketing, as described in section 3.2.5.

  • 3.4 Legal obligations - We process personal data in order to comply with our legal obligations, for example accounting and tax legislation and legislation against money laundering.

  • 3.5 Defend legal rights and guarantee the security of our services and customers – We use personal data to defend and secure our rights and our customers' rights The basis for processing information for defense against legal claims, debt collection, credit assessment, information security and combating fraud and abuse is typically a legitimate interest. Personal data is processed to safeguard the security of both the customer and our products and services. This happens, for example, by having access logs and backup copies.

4. Automated decision-making process

We will inform you in advance if we use automated decision-making processes with legal or similar significant effects for you. We ask for your consent if such automated decision-making processes are not approved by law, are necessary to be able to deliver the services/products or to be able to enter into an agreement with us. You can always express your opinion or dispute a decision based solely on automated processing and instead request a manual decision-making process by contacting our customer service.

5. How long does Fortum store the personal data?

Fortum deletes or de-identifies personal data when it is no longer necessary for the purpose for which it was collected. Your personal details and transaction data will not be retained for longer than set out in the table below:

Accounting Act Up to

6 years

Limitation Act up to

13 years

Regulation on power sales and network services up to

3 years

Tax Administration Act up to

10 years

6. Who has access to your personal data?

Where applicable, we may share your personal data with:

Companies in the Fortum group - The companies in the group may use your personal data for the purposes stated in this declaration, based on legitimate interest and to the extent permitted by applicable legislation, including for marketing their products and services to you.

Business partners – We share personal data with our business partners based on legitimate interest and to the extent permitted by applicable legislation. Examples of such situations:

  • If you have purchased our products and services from a business partner, we often need to exchange information about you as part of managing this relationship and your purchase – for example, to be able to identify your order and for us to be able to pay them.

  • If you buy a product or service from one of our business partners through us, you enter into an agreement with the business partner who sells the product or service. Fortum only invoices you directly as part of the agreement with the seller. Fortum may provide your personal data to such a business partner in order to finalize your purchase and for us to be able to pay them.

Our partners include online companies, debt collection agencies, insurance companies, electronics retailers, operators of charging stations, car manufacturers and advertising partners as explained in cookie guidelines.

Consent, agreement or request - We can share your personal data if you give us your consent. Some of our products and services allow you to share your personal data with others. We may also share your personal data with third parties if this is necessary to be able to fulfill our obligations according to the agreement with you, or to be able to deal with a request from you. For example, we pass on your address to postal, courier or installation services in order to deliver a product or service you have ordered.

Our subcontractors – We use subcontractors for the delivery of services. Such subcontractors may have access to your personal data and process it on our behalf, but they are not permitted to use the personal data for purposes other than delivering the service agreed with us. Through appropriate agreements, we ensure that the processing of personal data takes place in accordance with this declaration. Typical service providers that process personal data include telephone sales partners and sales partners, payment and invoicing partners and IT program and service providers.

Mergers and takeovers - If we decide to sell, merge or in other ways reorganize the business, this may mean that we pass on your personal data to potential or actual buyers and their advisers.

Authorities, prosecution and law - We will give your information to competent authorities, for example the police, to the extent required by law. We may also pass on your personal data in connection with legal proceedings or at the request of an authority on the basis of applicable legislation, court decision or in connection with a court case or official process, or as otherwise required or permitted by law.

7. Does Fortum transfer personal data to third countries?

Some of our service providers and group companies operate internationally, which means that data is sometimes located outside the European Economic Area. When personal data is transferred to countries outside the EU or EEA, Fortum will take appropriate precautions, for example by using the standard contract terms from the European Commission. You can get more information about the transfers by contacting our customer service.

8. How does Fortum protect personal data?

Some of our service providers and group companies operate internationally, which means that data is sometimes located outside the European Economic Area. When personal data is transferred to countries outside the EU or EEA, Fortum will take appropriate precautions, for example by using the standard contract terms from the European Commission. You can get more information about the transfers by contacting our customer service.

9. Information capsules (cookies)

When you use our services or visit our websites, Fortum may collect information about your devices using cookies and other similar techniques. Our website may also have cookies and other similar technologies used by third parties. You can get more information about how to manage the use of cookies and electronic data by reading our cookie policy.

10. Your rights and how to exercise them

Below you can see which rights you have with regard to personal data about you that Fortum processes. If you have questions about your rights or wish to exercise them, you can use the privacy request form or contact our customer service. Some rights may not apply, for example if the information cannot be linked to you.

  • Right to access personal data - You have the right to be informed about the processing we carry out, and to request a copy of your personal data.

  • Right to correct personal data - You can request that the information about you be corrected if it is not accurate, or if it needs to be updated.

  • Right to data portability – You have the right to obtain and reuse the information you have provided to us. We can deliver a selection of the information in a machine-readable format, where the basis for the processing is either agreement or consent.

  • Right to deletion - We delete your information at your request if it is no longer needed for legal reasons.

  • Right to withdraw consent - If you have given consent to data processing, you always have the right to withdraw consent.

  • Right to object to processing – You have the right to object to the processing of your personal data based on Fortum's legitimate interests, for example to develop our products and services and other purposes explained in points 3 and 6 above. Fortum can reject the request if there is a compelling reason to continue the processing.

  • Right to restrict processing – In some cases, you have the right to request that processing be restricted.

  • Reserve yourself out of electronic marketing communications and customer surveys: If you no longer wish to receive marketing communications from Fortum, you can opt out at any time. The easiest way to do so is to click on the link at the bottom of the marketing communication.

  • Reserve yourself against marketing via phone and post: If you no longer wish to receive marketing calls or advertising in the post from Fortum, you can contact our customer service or inform the customer service representative during the marketing call. In addition, you can manage your choices via the National Reservation Register.

  • Managing cookies and opting out of targeted electronic marketing: If you wish to manage cookies on our websites or opt out of targeted electronic marketing, you use the mechanisms set out in the cookie policy.

Please note that you will still be able to receive marketing communications for a short period after you have made your reservation while we update our systems. We sometimes use marketing partners who can showcase our products and services to you, but who have not received personal information about you from us. If you want to object to such marketing or exercise other rights, you must contact the individual marketing partner directly.

How to submit a complaint: If we do not comply with your requests, we will inform you of the reasons for this. If you are not satisfied with the answer you get from us, or with how we process personal data, you can contact us using the privacy request form. You can also contact our customer service. If you are still not satisfied with the processing, you can contact the national data protection authority.

11. Changes to this privacy policy

Fortum reserves the right to change this privacy policy. Any changes to the privacy policy will be notified on our website or by direct communication to you.

12. Controller of your personal data

If you have questions or wish to exercise your rights, you can use the privacy request form or contact our customer service.

The controller for your information is normally the Fortum company you have entered into an agreement with. The contact details of the most important Fortum companies can be found here.

Further questions and comments regarding your privacy can be directed to the dedicated privacy team using the request form or in writing to the address below.

Fortum OyjPrivacyKeilalahdentie 2-4, 02150 EspooFinland

You can also contact Fortum's data protection representative via the channels stated above.hchc