Data protection and processing of personal data

We process our customers' personal data in accordance with the GDPR. On this page, you can view our privacy statement.

Customer Register Privacy Statement

Valid from: 15 April 2021

This privacy statement applies to the customer register used by Turku Energia in their customer service for business operations related to electricity sales, electricity network services and heating.

1. Controllers

Oy Turku Energia – Åbo Energi Ab (Business ID 0984944-9)
Turku Energia Sähköverkot Oy (Business ID 2001717-6)

2. Controller’s contact person

Customer Service Manager / Customer Service

Turku Energia Customer Service
P.O. Box 106 (Teollisuuskatu 40)
20521 Turku
Tel. 02 2628 111 (local/mobile network charge)

3. Name of the data file

Customer Register

4. Purpose and bases for the processing of personal data

The controller or its authorised partner (acting on behalf of the controller) processes the personal data of customers or potential customers in compliance with personal data legislation for the following purposes:

  • customer relationship management and development

  • provision, delivery and production of products and services

  • contract management and invoicing

  • payments, payment control and recovery of receivables

  • marketing, advertising and selling of products and services

  • business and service development and related customer service development and

  • segmentation and profiling done for the above-mentioned purposes.

The controller has the following legal bases for data processing:

  • The processing of personal data is necessary for the performance of a contract between the controller and the customer or for the implementation of pre-contractual measures.

  • The processing of personal data is necessary for the controller to comply with their legal obligation.

  • The controller has a legitimate interest based on the customer relationship to utilise customer data for service development and for the marketing of products and services, under the conditions and restrictions specified in legislation.

The controller will erase personal data from the customer register if it no longer has the above-mentioned bases for storing the data.

  • For potential customers, the data will be erased three months after their entry if the marketing measures have not led to the commencement of a customer relationship.

  • Customer data is stored for 10 years after the customer relationship has ended. The data will be erased within the calendar year following the deadline.

5. Data content of the register or other information system

The following information is processed within the scope of the customer register:

  • Customer information

    • The customer’s personal identity code is used to identify the customer. Under the Electricity Market Act, the electricity vendor or distribution system operator may process personal identity codes to unambiguously identify its end-user customers. Under the Personal Data Act, personal identity codes may be processed, for example, in activities related to lending or collecting a debt. Pursuant to the above, when entering into a contract, the controller has the right to use the personal identity code for the unambiguous identification of the customer.

  • Information on the destination or accounting point of the service

  • Information on the use of services and energy

  • Contractual information

  • Invoicing and payment information

  • Information obtained or collected for the purposes of marketing of products and services and information on marketing measures

  • Information on customer contacts

    • All contact by the customer to the customer service may be recorded. Recordings are used to authenticate business transactions, process complaints and develop the customer service.

6. Regular sources of information

As a rule, information is collected for the customer register from the following sources:

  • The customers themselves, when entering into a contract or in marketing situations, with the consent of the customer.

  • The authentication services of banks and telecommunications operators when the customer is authenticated during the electronic contract order process or when logging in to the EnergiaOnline e-service.

  • The services maintained by data controllers providing update services for personal and address data, in connection with the validation of the customer's unique personal data or the customer's creditworthiness check.

  • The register of accounting points maintained by Fingrid, when the customer enters into a new electricity contract.

  • The electronic message communication between electricity traders (electricity vendor, distribution system operator) related to situations involving moving, a change of vendor or a change of contract.

  • The centralised data exchange solution “datahub” maintained by Fingrid Datahub Oy, when required by customer contract transactions or with the customer’s explicit authorisation.

  • The measurement data received for invoicing purposes from the distribution system operator responsible for measuring energy consumption.

  • Information collected through cookies from the customers themselves on their use of electronic services maintained by the controller. This information is used to improve the usability of the data controller's services and to target marketing measures.

Information on potential customers may be collected from marketing events, competitions and lotteries. The information is stored in the system if the person has given permission for marketing or contact.

Personal data can also be retrieved for marketing and sales purposes from the service of the controller providing the address and update service, and this information may be updated in the customer register.

7. Where information is regularly disclosed

In accordance with the purpose of the customer register, information is disclosed to the external controller providing the invoicing, payment monitoring and recovery services for the Turku Energia Group, to the extent required for the performance of the above-mentioned tasks.

In accordance with the electricity market legislation and its supplementary industry guidelines, information is disclosed to other parties of the electricity trade (electricity vendor, distribution system operator) and to the controller responsible for the information exchange solution for the electricity market (Fingrid Datahub Oy) via electronic message communications.

Information is disclosed to the authorities to the extent required by legislation.

Turku Energia will not disclose the information contained in the customer register to other organisations without the customer's explicit consent.

8. The protection of the registry

Access to the data and recordings stored in the customer register is restricted by security measures based on usernames and passwords. The access rights of the employees processing the data are limited to the information they need to perform their tasks. The staff have been instructed in the processing of customer data in accordance with the Group's information security policy, and the employees are committed to complying with these instructions.

Customers registered in the EnergiaOnline e-service have the possibility to access their own customer relationship data via an internet connection through a browser interface. Logging in to the service is done by using an authentication service provided by banks and telecommunications operators or by using a password specified by the customer in connection with the registration.

The customer register databases are located within the EU. The controller has an external software supplier with operations outside the EU. Written contracts between the controller and software supplier are in place to ensure that also the persons who have access to Turku Energia data from outside the EU are committed to complying with the agreed-upon practices and the obligations of the EU data protection legislation.

9. Rights of the data subject

The data subject has the right to verify the registered data concerning them.

Any person wishing to verify their information must submit a request to Turku Energia Customer Service in accordance with the instructions provided in the EnergiaOnline service or by contacting the customer service point either personally or by e-mail. Reports compiled from customer data are only disclosed to the reliably identified customer.

The data subject has the right to demand the rectification, erasure, or restriction of processing of any incorrect data in the register.
The data subject has the right to prohibit the controller from using their data for the purposes of direct marketing or market and opinion polls.

If the data subject considers their statutory rights to have been infringed, they may contact the data protection authority. The contact details for the data protection authority can be found at

The description of file is available at the Turku Energia customer service point and on the website.