Privacy Policy

Data Controller and contact information

Polar Night Energy Oy, business ID: 2910933-3
Polttimonkatu 4, 33210 Tampere, Finland

Email: contact@pne.fi
Website: https://www.polarnightenergy.com

General provisions

This privacy statement describes how Polar Night Energy Oy (‘Data Controller’) collects and processes the personal data of its customers and potential customers or their representatives.

Please contact the Data Controller by email if you have any questions regarding the processing of your personal data.

The personal data we process and origin of the data

The Data Controller may process the following data:

  • First and last name
  • (Work) Contact information, such as e-mail address, phone number and mailing address
  • Organisation and title
  • Organisation address
  • IP address and other data collected with cookies
  • Direct marketing opt-ins and opt-outs

The personal data is mainly collected directly from you, from the organisation you represent or with cookies used on the polarnightenergy.com website. The personal data may also be collected from organisations’ websites, directory services or other public sources.

Reasons for processing personal data

Personal data is processed in order to respond to contact requests, to maintain customer relationships and to develop services and carry out marketing efforts, such as newsletter subscriptions and competitions.

The consent you have provided or the legitimate interest or a legal obligation of the Data Controller is the legal basis for the processing of your personal data. If the Data Controller’s legitimate interest forms the grounds for processing, business activities and business development by the Data Controller shall be regarded as this legitimate interest.

Providing personal data is not mandatory under law or any contractual relationship. However, providing certain personal data is a prerequisite for the Data Controller to fulfil their contractual obligations towards you or the organisation you represent.

Personal data is not used for automated decision-making or profiling.

Disclosure of personal data to third parties

In principle, the Data Controller shall not disclose any personal data it processes to third parties. However, the Data Controller may disclose personal data to external service providers, i.e. data processors, who process the personal data on behalf of the Data Controller and in accordance with guidelines provided by the Data Controller. Such data processors include, for instance, technical service providers employed by the Data Controller. The Data Controller shall require that such data processors comply with data protection legislation and carry out relevant measures in order to protect personal data. The data processors are not entitled to use personal data disclosed by the Data Controller for their own purposes.

Data transfers outside of the EU or the EEA

In principle, the Data Controller shall not transfer personal data outside the European Union or the European Economic Area. However, some data processors employed by the Data Controller may be located outside the EU or the EEA. In this case, the Data Controller shall ensure that your personal data is protected appropriately by, for instance, requiring the data processor to approve the European Commission’s standard contractual clauses as part of the agreement between the Data Controller and the data processor.

Protection of personal data

The Data Controller shall employ appropriate technical and administrative measures to protect personal data.

Personal data shall be processed only by designated persons who need the data to perform their work tasks. Access to personal data is managed with user IDs. The Data Controller’s personnel shall process the personal data confidentially.

The Data Controller shall ensure the level of the technical and physical security of the systems used to process personal data. The Data Controller shall maintain the technical security of the systems with regular updates.

Data retention period

The Data Controller shall retain personal data only for the duration and scope necessary for the Data Controller to fulfil the purposes described above.

In principle, personal data is retained for a period of two (2) years from a contact request. The personal data is processed based on your consent and retained until you withdraw your consent. The data is then removed without undue delay.

In order to fulfil its obligations under the Accounting Act (1336/1997), the Data Controller shall retain personal data contained in accounting documents for ten (10) years following the conclusion of the financial year the accounting documents pertain to.

Cookies

The Data Controller uses cookies on its web pages. Cookies are typically small text files that are sent to the user’s computer or other terminal device. They are stored on the device and used to identify the device. Cookies do not harm any devices or files. The primary purpose of cookies is to improve and customise a visitor’s user experience on a website and to analyse and improve the functionality and content of the site.

Some cookies are necessary for the polarnightenergy.com website to function. For this reason, these cookies cannot be disabled. Data related to statistical and targeted advertising and marketing, collected with cookies you have consented, can be used for targeting communications and marketing and for optimising marketing efforts. A visitor cannot be identified based on cookies alone. However, data collected with cookies may be connected to information received from the visitor in conjunction with another event, such as the completion and submission of a form on our website.

Cookies are used to collect the following data: 

  • visitor’s IP address 
  • time of visit 
  • browsed pages and time spent on pages 
  • visitor’s browser

You may manage the cookies used on the polarnightenergy.com website using the cookie notice displayed on the site. Optional cookies are not used unless you have provided your explicit consent to allow them. If you do not allow all cookies, please note that the Data Controller may not be able provide you with certain services and you may not be able to view certain parts of the website.

You can update or revoke your cookie consent preferences at any time using the cookie notice.

Rights of the data subject and exercising these rights

General provisions

You may exercise your rights described herein by contacting the Data Controller by e-mail.

In principle, the Data Controller shall inform you of the actions taken based on your request within a month of receiving the request. You shall also be notified if the Data Controller shall not, for any reason, carry out your request.

In principle, exercising your rights is free of charge.

Please note that in order to exercise your rights, the Data Controller may have to request additional information for appropriate identification.

Right to review

You may request the Data Controller to confirm whether your personal data is processed or not. You may request the Data Controller to provide information on the processing of your personal data and request access to your data.

Right to rectification 

You may request the Data Controller to rectify or add to your personal data if the data is inaccurate, erroneous or incomplete.

Right to erasure

You may request the Data Controller to erase your personal data if it becomes redundant, for instance.

Please note that the Data Controller may not always be able to erase your personal data if the Data Controller is legally obligated to retain the information or has some other legal basis to do so.

Right to restriction of processing

You may request the processing of your personal data to be restricted under certain circumstances. Such a situation may occur, for instance, when you dispute the accuracy of your personal data. The processing shall then be restricted until the Data Controller is able to confirm the accuracy of the data.

The restriction of processing personal data means that your data may only be processed based on very limited grounds as stipulated in data protection legislation.

Right to object

You may object the processing of your personal data if the processing is based on the Data Controller’s legitimate interest. In such cases, the Data Controller is no longer allowed to process the personal data unless the Data Controller is able to demonstrate that there exists a substantial and justified reason that supersedes your right as a data subject.

You may object the processing of your personal data for direct marketing or revoke your consent at any time.

Right to data portability

Within certain prerequisites stipulated in data protection legislation, you have the right to request the Data Controller to deliver the personal data you have submitted to the Data Controller and transfer the data to another data controller.

Right to lodge a complaint with a supervisory authority

You may lodge a complaint with a national supervisory authority (the Data Protection Ombudsman) if you believe that the Data Controller does not process your personal data appropriately or fulfil your rights sufficiently. The complaint may be filed to the Office of the Data Protection Ombudsman at https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman

Changes to the Privacy Statement

Should the processing of personal data carried out by the Data Controller and/or applicable legislation change, the Data Controller reserves the right to update the Privacy Statement.

We recommend that you regularly read the content of the Privacy Statement. Any significant changes to the processing of your personal data are communicated via e-mail.

This statement was last updated on October 3, 2024.