Register and Privacy Policy

1. The controller

Name: DZR eCommerce Oy
Business ID: 2933035-3
Address: 2 Kampinkuja Street
Postal code: 00100
Postal address: HELSINKI
E-mail address: info@sahkon-kilpailutus.fi

2. The person responsible for the register

Company:DZR eCommerce Oy
Name: Ilkka Ollikainen
Address: 2 Kampinkuja Street
Postal code: 00100
Postal address: HELSINKI
Email: info@sahkon-kilpailutus.fi

3. General & purpose of the register

Information on website users is collected in order to implement agreements with partners. The register is used with the customer's consent and is needed to identify the customer in order to implement the agreements made by the customer on the Service with the partners of the Service. The data may also be used for the development of DZR eCommerce Oy's operations, statistics, processing of complaints and development of services. The data will not be used for direct marketing without explicit consent.

4. Grounds for data collection and processing

Customer data is collected and processed with the customer's consent, or to implement a contract with the customer. The controller collects personal data on behalf of electricity companies and for its own purposes, such as statistics, service development and customer communication. The controller processes the following data, which can be linked to a natural person and thus constitute personal data and personal data modification data:

  • Customer information
    • Details of the electricity contract ordered
    • Contact information (address, phone number, email address)
    • Billing address
    • Name
    • Social ID
    • Preferred billing method
  • Details of the destination for which the electricity contract is to be purchased
    • Postal code
    • Location
    • Address
    • The electricity retailer and network company in force at the time of the tender
    • Information on estimated annual electricity consumption
    • Desired start date for a new electricity contract

The above information collected in the register only applies to electricity contracts ordered on the Site. When the customer goes directly to the electricity company's own online service to order an electricity contract via the link on the Site, the above-mentioned register data will not be collected or stored. Customer data relating to contracts concluded on the electricity companies' own websites will also not be transferred to the operators of the Service.

The personal data mentioned above are used for the execution of electricity contracts concluded on the Site. By agreeing to the Site's Terms of Use and by ordering an electricity contract through the Site, you consent to the disclosure of data to our partners for the purpose of executing contracts.

Data may also be temporarily transferred to our subcontractors' services (e.g. cloud storage services, hosting, email services) for necessary data storage and processing. These services are under contract with us, so the data may not be passed on for other purposes.

5. Data content of the register

  • Information provided by the user or identifying the person
    • Identification information, such as name and social security number
    • Contact
    • Contact information, such as address, email address and phone number
  • Other information
    • Data observed and derived from analytics on the use of services
    • Purchase history, including products ordered and their prices
    • Online shop usage and browsing data and terminal identification data

Identification and contact information is required when ordering an electricity contract via the form on the Service's website.

6. Data retention period

Personal data are stored for as long as they are needed to implement the contract with the customer and to resolve any complaints and ambiguities or to improve customer service and statistics. In addition, some data may be kept longer to the extent necessary to fulfil and demonstrate the proper performance of statutory obligations, such as accounting and consumer responsibilities.

At the Customer's request, personal data concerning the Customer may be deleted or made anonymous from the Service's systems. The deletion and anonymisation operation is irreversible and we cannot recover deleted Customer Data.

For some data, the law imposes obligations to store the data for longer periods, for example for the following purposes:

  • The Accounting Act prescribes longer retention periods for data, regardless of whether the data contains personal data or not.
  • Fulfilling your responsibilities for consumer sales
  • Systems log information is collected and stored as required by law to provide a lawful and secure online shopping experience for our customers.
  • Taking sufficient backups of the store's databases and systems to secure data, correct errors and ensure security and continuity.

7. Regular sources of information

The data collected in the register is collected from the person himself/herself through the electronic forms on the Site. Personal data may also be collected and updated from other personal registers belonging to the controller, from the controller's partners and from authorities and companies providing services related to personal data, such as Suomen Asiakastieto Oy, which focuses on credit information, or the Population Register Centre.

In addition to the information provided through the forms, the following information may also be collected from users:

  • Other information
    • Data observed and derived from analytics on the use of services
    • Purchase history, including products ordered and their prices
    • Online shop usage and browsing data and terminal identification data

8. Regular disclosures and transfers of data outside the EU or the European Economic Area

Personal data can only be accessed directly by the administrators and employees of the Site and by electricity companies with which the Site has a cooperation agreement and whose electricity contract the customer is subscribing to. The processing of personal data is carried out within the limits permitted and required by the legislation in force. Where necessary, personal data will be disclosed to the entities entitled to receive such data. Such parties may include, for example, the competent authorities.

As a general rule, personal data will not be transferred outside the EU and EEA. However, personal data may in some cases be stored or processed in services outside the EU and EEA (e.g. hosting, Google Cloud). Even in such cases, the storage and processing of data will be carried out in accordance with EU data protection law.

9. Use of cookies

We use cookies on our website. A cookie is a small text file sent to and stored on a user's computer that enables the website operator to identify frequent visitors, facilitate visitor logins and allow the compilation of aggregate information about visitors. This feedback allows us to continuously improve the content of our website. Cookies do not harm users' computers or files. We use them to provide our customers with information and services tailored to their individual needs.

If a user visiting our website does not want us to receive the above information by means of cookies, most browsers allow you to disable the cookie function. This is usually done through the browser settings.

However, you should be aware that cookies may be necessary for the proper functioning of some of the pages we maintain and services we provide.

Data used for analytics and marketing targeting is anonymised wherever possible. Otherwise, we treat data as personal to the extent that the identifier contains customer targeting information, such as an IP address. Tags that are linked to the customer in some way are also treated as personal data. Tags used for analytics and marketing targeting have a validity period of 30s to 24 months.

We use Google Analytics for analytics related to our site usage, popular products, trends and sales, among other things. The information sent to Google is anonymised. Read more about how Google Analytics processes your data.

Other technologies we use for analytics and marketing targeting, such as pixel tags, help us better understand our customers' behaviour and tell us which products our customers are interested in and which features and services are most useful to them. You can opt-out of the use of tags by our analytics and marketing partners by enabling the Do Not Track function in your browser and setting your browser to reject third-party cookies.

We use the Hotjar tracking tool to better understand our customers' needs and to improve our store's customer experience accordingly. Hotjar is a technology service that helps us understand our customers' experience (e.g. how long users spend on each page, what links they click, what customers do and don't do, etc.) and this feedback helps us improve and maintain our store. Hotjar uses cookies and other technologies such as local storage to collect data and device information (in particular the IP address of the device) about our customers' behaviour on the Site, and this information is collected and stored only in an anonymised form. Other information collected includes device screen size, device type, browser used, IP address location (Country, no further details) and the language in which the Site is preferably used. Hotjar uses this information to create a pseydonomised user profile. Hotjar or the Site will never use this information to identify users or to link information to a specific user. For more information, please click Here.

10. Protection of the register

The data is transferred over an SSL-secured connection.

Electronic data is protected by a firewall, usernames and passwords.

Only those persons who need the data for their tasks have access to the data.

11. Automatic decision-making

No automated individual decisions (Article 22 of the EU General Data Protection Regulation) are taken.

12. Rights of the data subject

The data subject has the right to check what data concerning him or her has been stored in the personal data register. The written request for inspection must be signed and sent to the person responsible for the register.

The right of inspection is free of charge and is exercised no more than once a year.

The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

Data subjects have the right to withdraw their consent to the processing of their personal data or to lodge a complaint with a supervisory authority about the processing of their personal data.

Data subjects also have the right to object to the use of their data for direct marketing purposes.

>