Privacy policy
This Privacy notice is drafted in accordance with the EU General Data Protection Regulation on 8.4.2022. With this Privacy Notice we provide you information on why and how we process your personal data.
1. Data Controller
The controller of your personal data is Taaleri Energia Oy (business ID: 2772984-6), which is located at Kasarmikatu 21B, 00130 Helsinki, Finland.
Our acting data protection officer (DPO) is Elina Ervamaa (tel. at +358 50 339 9995 and email elina.ervamaa@taaleri.com).
In case you have any questions related to your personal data, please be in contact with our acting DPO.
2. Name of the register
Kivineva wind farm stakeholder and website user register.
3. Purpose and legal basis for processing personal data
The purpose for processing personal data is to communicate with stakeholders and to maintain stakeholder relations, as well as to store stakeholder data.
The legal basis for processing personal data is the legitimate interest of the controller to process the data and to communicate with stakeholders and stakeholder groups.
Personal data is collected only from persons who have disclosed information themselves and public sources, such as the internet, public corporate websites, online social services or other similar registers in accordance with data protection law.
The data is not used for automated decision making or profiling.
4. Register fact sheet
The data to be stored in the register are:
- name, address, email address and phone number
- information related to the stakeholder relationship, such as information on any grievances made and communication related to such grievance, other communication with stakeholders, contact persons and use of services.
5. Regular data sources
The data stored in the register are obtained from the customer for example via web forms, e-mail, telephone, contracts, meetings and other occasions in which the stakeholder discloses data. Contact data for companies and other organisations can also be collected from public sources such as websites, directory services and other companies.
6. Regular disclosures of data and transferring data outside the EU/EEA
The data may be disclosed to co-owners of the power plant, any service provider responsible for the management of the power plant or consultant relevant to resolving any issues arisen. The data is disclosed only to the extent necessary for handling any issue raised by a stakeholder.
The data is not regularly disclosed to other parties. The information may be published to the extent that is agreed upon with the stakeholder.
The data controller may also use the services of third parties for processing data, for example for IT services.
in which case the data controller shall ensure the lawful processing of the data through contractual arrangements and by instructing third parties on processing of data. Third parties may vary, and third parties process the data only on behalf of and for the account of the data controller.
Some of the services used by the data controller in connection with the processing of personal data may operate outside the territory of the Member States of the European Union or the European Economic Area. In this case, the transfer of data complies with the requirements of data protection legislation and, for example, the European Commission’s model contract clauses are used when agreeing on the transfer of data with the data controller.
Personal data will be disclosed to authorities within the limits permitted and required by applicable law.
7. Register protection
The register is handled with due care and the data processed via data systems shall be adequately protected. When register data is stored on cloud-based servers, the physical and digital security of their hardware is adequately addressed. The data controller will ensure that the data is stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
8. Retention period for personal data
Personal data shall be kept for as long as it is necessary for the purpose for which it was collected in accordance with this Privacy notice. Personal data that has become inactive is regularly deleted.
9. The rights of the data subject concerning personal data
Right of access by the data subject
The data subject shall have the right to obtain from the data controller confirmation as to whether personal data concerning him or her are being processed and receive a copy of the information. The data subject shall make a request to the data controller in writing or to the person responsible for the register via email. If necessary, the data controller shall ask for more information in order to identify the data subject.
The response to the request for verification shall be sent by e-mail unless the data subject requests otherwise.
Right to rectification
The data controller shall ensure as far as possible the quality of personal data. The data controller shall correct, delete, or complete defective or unnecessary personal data on its own initiative or from the request of the data subject.
Right to restriction of processing
The data subject shall have the right to obtain restriction of processing from the data controller if the accuracy of the personal data is contested by the data subject. If this occurs the processing of personal data shall be restricted for the time being that the data controller can ensure the accuracy of the data.
Right to erasure
The data subject shall have the right to obtain from the data controller erasure of personal data concerning him or her without undue delay when the personal data is subject to legitimate interest.
Right to lodge a complaint with a supervisory authority
Every data subject shall have the right to lodge a complaint with a supervisory authority.
