Processing of personal data

What regulates processing of your personal data?

The General Data Protection Regulation (GDPR, 2016/679) regulates how we are allowed to process your personal data. This regulation applies throughout the EU from 25th May 2018.

As a result the Swedish data protection law (PuL, Personuppgiftslagen) has been revoked and replaced by a new Swedish data protection law ((Lag med kompletterande bestämmelser till EU:s dataskyddsförordning 2018:218)

Rights of public access

Öresundskraft is a company which is regulated by the laws of public rights of access which apply to public sector companies, municipalities and government bodies. This entails that we are required to provide access to documents which fall within this legislation. Personal data that you provide us can therefore become the subject of a public access request (eg. in the form of e-mail or other documents), and we can be required to provide these to the party requesting access. The public rights of access law (chapter 21 paragraph 7 Offentlighets och sekretesslagen 2009:400) enable us to classify personal data as secret in the event that there is a risk that the data will be used in a manner that is not in line with data protection laws.

What is personal data?

It is all data which can identify an individual person. Both direct and indirect information can in combination lead to being able to identify an individual person, such as IP-Address, user ID, direct telephone number, mobile telephone number, photos, films and recorded telephone calls.

What is processing of personal data?

Processing of personal data is any operation or set of operations performed upon personal data regardless of whether it is automated or not. You can presume that everything that is processed in an IT-system or database counts as processing such as collection, registration, printing, transferring and storing.

Not only do traditional IT systems and databases count as processing but also processing which occurs in for example office programs such as word or excel, as well as pdf files.

Who processes your personal data?

The Controller is the company (legal entity) who determines the purpose and means of processing the personal data.

The main Controller is Öresundskraft AB (company number: 556089-7851)

If you are an electricity or gas retail customer, then the Controller is Öresundskraft Marknad AB (company number: 556519-7679)

If you are a district heating customer, then the Controller is Öresundskraft Företagsmarknad AB (company number: 556573-6906).

If you are a City Fibre Network customer, then the Controller is Öresundskraft AB (company number: 556089-7851) for marketing, dealing with faults within the City Fibre Network, billing of activation and connection fees and change of Network operator. Your service provider is the Controller for all other personal data connected with your services within the City Fibre Network.

Your personal data can also be processed by our partners who process your personal data on our behalf in order to fulfil our contract with you or other legal requirements, or for marketing purposes. We enter into processing agreements with our processors to ensure that your personal data is processed in accordance with the Data Protection Regulations and Laws.

In the event that credit history check is required (this will be stipulated in the contract terms or offer which you receive from us) then this will be made by Credit Safe AB.

We do not sell your personal data to any third party.

What personal data do we process?

Öresundskraft processes and registers personal data which you have provided us with.  

We normally need certain personal data in order to enter into a contract or agreement with you, these can include name, person number (Sweden’s national identification number), telephone number, e-mail address, postal address, residential address.

Information regarding which categories of personal data which we process are registered in our records of processing activities. All processing is performed in accordance with the current data protection regulations.

We may use official and private registers the purpose of keeping your personal data current, complete and up to date, such as updating addresses from the official state address register (SPAR).

For our Company customers extra information will be collected via Credit Safe (source Bolagsverket) regarding the names of Managing Director, Board members and other decision makers within the Company. This is in order to ensure that we have contact with the correct persons at the Company when entering into contracts etc.

Why to we process your personal data?

Your personal data is processed in order for us to fulfil our contract or agreement with you, both prior to the contract being entered into and after. Processing can also be necessary for Öresundskraft to fulfil other legal or regulatory requirements.

Your personal data is used in order to administrate the services or products that we have contracted with you, marketing of Öresundskraft’s products or services, profiling (se marketing and profiling below), evaluation and quality control (including IT-system testing), for statistics (such as statistic that we are required to provide to the Central Statistics Bureau). If you contact us via our communication channels (such as telephone, chat, website, social media) then your personal details and any other information which you provide can be processed by being recorded or stored.

Security for your personal data

Öresundskraft continuously work with assessing and updating our technical and organisational security measures in order to protect your personal data.

Marketing and profiling

If you haven’t barred marketing contact, then we may process your personal data in order to market our own products and services or to provide you with customised offers from the Öresundskraft Group. These can be based upon your current products or services, changes in the products or services you have with us as well as how you use our communication channels. We may contact you in marketing activities via e-mail if you haven’t expressly declined marketing contact via e-mail by, for example, unsubscribing.

Your personal data may be profiled in order to provide you with better information regarding for example energy usage and offers regarding our products or services. Your personal data can be included in automated profiling where a certain profile is required to receive a certain offer. We do not apply profiling which could entail that you are denied our products or services.

In the event that a credit history check is necessary in order to enter into a contract with us (as stated in contract terms or the offer you have received) then a decision will be based upon an individual assessment of your credit worthiness and our ability to enter into a contract with you based upon that assessment. We use Credit Safe AB to provide a credit history report.

Procurement

Personal data relating to consultants, employees or reference providers (as provided by the Vendor) will be processed during the course of a public procurement or direct procurement. The Vendor is responsible for informing the data subject that their details will be provided and processed during the procurement process.

The personal data which is normally processed is name and contact information. In some cases, CV information can be processed if certain skills or experience are requested.

Öresundskraft uses TendSign for public procurement.

How long will we process your personal data?

Öresundskraft will process your personal data during the time that you are our customer. Thereafter we will need to process certain personal data in order to fulfil legal requirements, such as accounting laws and regulations or archive regulations. When the legal requirement is no longer applicable we will be able to delete or anonymise your personal data (so it can no longer be attributed to you). Please note however that certain personal data is necessary in order for us to be able to fulfil our contractual obligations to you or other legal requirements such as collected meter readings, billing information, debited contracts. Such information cannot be restricted or deleted.

All telephone calls with our Customer Services are recorded in order to improve our service to you. If your call is not an important part in a case or contractual obligation between us, then you can request that the call be deleted by contacting our Customer Services. Calls will otherwise be saved for 3 years.

Deletion or partial removal (thinning out) of information will be in accordance with our retention plan in accordance with the type of personal information or document. Contact our Data Protection Officer in order to receive a copy of this. Our retention plan is approved annually by the Company Board. Documents which are to be retained in accordance with archiving laws are transferred to Helsingborgs Stadsarkiv (the archiving authority), thereafter Helsingborgs Stad becomes the data Controller.

Your rights in relation to personal data processing

You have the right to obtain information regarding your personal data that Öresundskraft processes (a subject access request).

If you wish to know what personal data we process which relates to you then you can send a request in writing. The request needs to be signed by you and be accompanied by a copy of documentation which supports your identity (such as driving license or passport) to the address provided below under “contact”. Alternatively, you can use our e-service, see information (in Swedish) under:  https://www.oresundskraft.se/gdpr/registerutdrag

We shall provide you with the details within a month of receiving your request, under certain circumstances (such as the number of requests received) this can be extended by a further two months. If this is the case, then we will inform you of this within a month of receiving your request.

If you do not wish us to use your personal data for marketing or profiling purposes, then you can send your request to address under “contact” below. Please contact us immediately if you consider any details which we process about you to be incorrect or unrepresentative.

Apart from the right to a subject access request and to have data corrected you also have the right to object to your data being processed by us, request that your personal data be deleted or that processing is restricted to a certain purpose. You also have the right to have your personal data (personal data that you have provided to us or that has arisen from the use of our products or services) transferred to another Data Controller in a machine-readable format (otherwise known as data portability).

You have the right to recall any consent which you have provided to us. You can recall this by contacting us via the address below. Our processing will cease from the date we receive and register your retraction.

You have the right in accordance with the Data Protection Regulations to make a complaint regarding the processing of your personal data to the Swedish data protection authority “Datainspektionen”. You can contact them via e-mail at datainspektionen@datainspektionen.se

You can find out more information regarding data protection regulations on their website www.datainspektionen.se

Öresundskraft Contact information:

Data Controller:

Öresundskraft AB, Öresundskraft Marknad AB, Öresundskraft Företagsmarknad AB

Box 642

251 06 Helsingborg

Telephone: 042-490 30 00

E-mail: kundservice@oresundskraft.se

Data Protection Officer

Name: Annika Runert

Telephone: 042-490 34 68

E-mail: dataskyddsombud@oresundskraft.se