1. Introduction – what are personal data?
”Personal data” are all types of information that can be related directly or indirectly to a living natural person. Vattenfall AB is the personal data controller of the data that you provide or that we retrieved from another
source. Vattenfall AB always processes personal data with the greatest respect for personal integrity. The guidelines applied by Vattenfall AB, methods for managing and storing information and your rights are described below. The guidelines never restrict the rights that apply according to
the Data Protection Regulation or any other legally binding provision. Contact details for the personal data controller and data protection officer can be found under Contacts.2. Collection of personal data
We collect personal data using the following methods:
• You personally enter your data, such as when becoming a customer and other situations. For example, via our website, on physical forms, in contacts with customer services or sales, by e-mail, letter, contact
forms and through login services.
• You personally provide your data to a supplier of price comparison services or an electricity agreement intermediary for the purpose of them entering into an electricity agreement with us on your behalf.
• Information is created based on your purchases, how you use our services, how you consume electricity and/or heat and when you submit a support ticket to us.
• We may also retrieve data about you from other third party sources. We collect the following data from third parties:
- Contact details and demographic data from public sources such as SPAR.
- Data regarding credit ratings from banks or credit institutions.
- Data from other players in the energy industry with the purpose of enabling electricity supplier changes and moves.
- Data from our partners.Personal data when electricity customers are assigned to us from Vattenfall Eldistribution AB. The data are sent to us as a result of the regulation regarding designated agreements stipulated in The Electricity Act. Personal data that are received from the owning grid company on which a customer’s measuring point is located as a result of our obligation to
receive our electricity customers’ microgeneration of electricity and to act
as electricity retailer. The data are sent to us as a result of the regulation regarding designated agreements stipulated in The Electricity Act.2.1 Vattenfall’s websites
Normally, www.goincharge.com can be visited without triggering collection of
personal data. In these cases, we only collect information that is used for statistical purposes and the visitor remains anonymous. Such information may include time of visit, duration of visit and which pages were accessed. In addition, Vattenfall AB uses so-called cookies to enable proper functioning
of certain website functions and services.
When customers visit Vattenfall’s login services, the visit can be connected to the logged in person’s customer number or user name. This allows Vattenfall AB to conduct more relevant and personal communication with individual customers.
2.2 Personal data categories
The following categories of personal data are normally collected:
• Customer information, that is, the requisite information for becoming a customer. For example, name, address, flat number, property designation,
phone number, e-mail address, choice of communications channel.
• Purchase information, that is, purchased products and services, credit rating, payment history, customer number and password.
• Technical information, that is, your electricity and/or heating consumption, electricity and grid supplier, plant number, issues and interruption history and type of connection.
• Service information, that is, specific ticket correspondence, information on purchases and any complaints or claims. Customer survey results and feedback on our products and services. Where applicable, data obtained through competitions.
• Demographic information (from public records), that is, age, gender, housing area, household demographics, etc.
• Website traffic information of login services, that is, purchase and usergenerated
data, password, technical data of the device used, interaction data (duration of visit, response times, access and log out methods,
• Recorded information, recording of power of attorney for change of electricity supplier or move, recording of acceptance of purchase over the phone and recording of conversations for quality assurance and for training of our staff. Special categories of personal data (defined in Article 9(1) of the General Data Protection Regulation) are only processed in exceptional cases. To process personal data in these cases, we must obtain your consent. There are also occasions in which we are legally obligated to collect and process these types of sensitive personal data.
2.3 Data collection information
When we collect personal data, the data subject providing the data will receive the following information:
• which Vattenfall company is responsible for processing the personal data,
• the purpose for and legal grounds on which the personal data is collected,
• contact details for the personal data controller and data protection officer,
• your rights,
• how long the data will be stored.Should you find this information to be unclear or incomplete, we ask that you contact Vattenfall AB to obtain complete information.2.4 Purpose and legal ground for processing
We only collect personal data for purposes that are supported in the current General Data Protection Regulation. Most commonly, data are collected for processing to support the legal ground for fulfilling the agreement.Examples of purposes:
• to enter into an agreement with us/become a customer
• to receive a quote for a promotional offer
• to purchase a product/service
• to manage customer service queries.With our legitimate interest as grounds, we process data for several purposes, such as:
• for marketing and profiling, that is, to communicate relevant offers to our clients
• for sales of our own and partner offers
• to send newsletters
• to develop and improve our products and services
• for statistics and analyses.Other purposes for processing personal data may have their legal ground in legal requirements, i.e. when we must fulfil a legal obligation. Examples of such purposes are processing personal data for invoicing in accordance with accounting legislation or when we inform of changed agreement
terms.You can also give consent for processing in certain cases when none of the above applies. The provision of consent is an affirmative action on your part and can be withdrawn. We will then discontinue processing your personal data for that purpose.We do not process personal data for purposes that are inconsistent with the original purpose. More information on the purpose for which personal data are used can also be provided when the data is collected, for example, in connection with e-mail forms or in agreement terms.3. Transfer of personal data
Because the Vattenfall Group shares some functions, your personal data may be passed on to other companies in the Group. These companies may also process your data with the purpose of providing offers and marketing of products and services that may interest you.Under certain circumstances, we may also pass on personal data to personal data processors, partners or another third party.The parties that may process collected personal data are:
• IT suppliers
• Customer support suppliers
• Sales partners/other partners
• Installers (e.g. of solar panels or heat pumps)
• Technical service contractors
• Telemarketing companies
• Printing and digital communications partners
• Media and advertising agenciesIn the case of transfer, Vattenfall AB takes due consideration of the laws and regulations that regulate the unbundling of electricity retail companies and grid operators (so-called ”unbundling rules”). This entails that personal
data cannot always be transferred to another Vattenfall company, even at the request of the data subject. In certain cases, we may be obligated by law or authority decision to pass on personal data to e.g. the police, for crime prevention and criminal investigation.Personal data is not normally provided to companies in countries outside the EU or EEA. In certain situations, the data may be passed on to and processed in countries outside the EU/EEA by companies within the Vattenfall Group or by another supplier or subcontractor. In such cases, a particular investigation is conducted to ensure that the legal conditions are fulfilled and that technical and organisational measures have been taken to ensure that personal data are processed securely and with an adequate
level of protection that is comparable to the level of security offered in the
4. Personal data retrieved from other parties
Credit checks are normally performed for new agreements. A search and identification of a person and their address are performed by sending the person’s social security number to SPAR (The Swedish address register) and then to a credit institute.
For the sales of electricity agreements, products and services, we obtain personal data from Bisnode and other public sources with the purpose of discovering target groups for our offers. We do this to enable us to provide offers that are suitable to the recipient and to avoid, as far as possible, sending irrelevant offers. We also use demographic data provided by Bisnode for analyses and statistics. We may also purchase personal data from other sources, primarily to discover target groups for our offers. This processing is based on the individual having requested an offer or entered into an agreement with us through the source or, that the individual has given the source his/her consent to transfer data to us.Partners may send information about you that you have provided to the partner, thereby giving consent to transferring the information to Vattenfall AB as a result of your interest in becoming our customer or to obtain an offer from us.We receive your personal data from Kivra if you receive digital mail from them or make invoice payments through them.5. Access to personal data
Only those who need access to personal data to perform the agreed service will be given authorisation to access and process the data. Several of our subcontractors process personal data to different degrees, but all have the same requirements for processing as specified in Vattenfall AB’s
We do not keep personal data for longer than necessary. When your electricity contract is terminated and you are no longer our customer, we retain your data for 36 months. The same applies to data regarding representatives of our corporate customers.However, certain data may be retained for longer in order to fulfil other legal requirements, such as accounting legislation that dictates that information must be retained for 7 years. There is also reason to save data for a longer period of time in the case of an ongoing investigation or dispute, even if the customer relationship has ceased, or in the case that you bought a product that requires us to save information in order to fulfil our warranty.7. Security
We take special physical, technical and organisational measures to protect the personal data that are processed to ensure that the data are not lost, destroyed, manipulated or subjected to unauthorised access. The measures aim to achieve a suitable security level with respect to available technology. Changes to personal data are continuously registered to
ensure traceability of all changes made to the information. Personal data breaches are always managed in accordance with internal processes, reported to The Swedish Data Inspection Authority, where applicable, and to the individual in accordance with the General Data Protection Regulations. If you suspect a personal data breach – please contact Vattenfall’s Customer Service (see contact details below).8. Your rights
8.1 Right of access
Each individual is entitled to receive information on the extent to which his/
her personal data are processed by Vattenfall AB. If such personal data are kept by Vattenfall AB, the person concerned may request information on the categories of personal data that are processed, from where
they were obtained, for what purpose they are processed, what the legal grounds are for processing and with whom data has been shared. Vattenfall AB will send a transcript to the address registered with Vattenfall AB
within 1 month from receiving the request.8.2 Right to rectification
Each individual has the right to request rectification of their own customer
information if it is incorrect or processed contrary to applicable law.8.3 Right to erasure
Vattenfall AB deletes personal data when legal grounds for keeping the data no longer exist. Our customers are entitled to immediate deletion of their personal data if any of the following apply:
• processing is based only on your consent, and you have revoked that
• the data are no longer necessary for the purposes they were processed
• the processing is for the purpose of direct marketing and you object to your data being used for this purpose
• the information has not been processed in accordance with the regulations
• you object to processing after your interest is deemed to override the legitimate interest of the controller
• deletion is required to meet a legal obligation.8.4 Right to object to automated decision-making
Vattenfall does not use automated decision-making in any area regarding the individual.
8.5 Right to data portability
Each individual who has personal data registered with Vattenfall has the right to receive their personal data in a commonly used and machinereadable format for e.g. transfer to another party. Usage history is provided via the export to Excel function under the My Profile pages.8.6 Right to restriction of processing
In certain cases, you have the right to demand that the processing of your personal data be restricted For example, this applies when you have determined that your personal data is incorrect and you have demanded correction. While the investigation is ongoing, you can demand that the processing of your personal data is restricted.8.7 Right to object
If Vattenfall AB processes your personal data with legitimate interest as ground, you can make objections to the processing. In order to do so, you must specify what type of processing you object to. For us to be able
to continue processing this way, we must be able to show that there are legitimate reasons for processing your personal data that override your interests.
8.7.1 Marketing, newsletters and profiling
When personal data are to be processed for the purpose of direct marketing or newsletters, it is indicated when the personal data are collected. You can, at any time, unsubscribe from receiving marketing material from us by contacting our customer service. You can also limit the channel(s) by
which you wish to receive marketing material (e-mail, text message, letter). All of our e-mails and text messages contain a link through which you can unsubscribe to that particular channel.Personal data can also be processed as a part of customer relations management,
e.g. through selection and segmentation, we can communicate target group-adapted, relevant and personal offers or to enable better, directed service. As part of this, profiling may take place based on the
personal data we received when the customer entered into an electricity contract with us, directly or indirectly (contracts entered into via price comparison services or through designation from Vattenfall Eldistribution AB) as well as based on data we obtained from public records. Profiling is done to better target offers and information that to your preferences, purchasing behaviours, needs and lifestyle. You can, at any time, notify us that you do not wish to receive this type of offers.
8.8 Right to compensation
You may have a right to compensation in certain cases, such as if our processing of your personal data has led to damages for you. Claims can be made directly to Vattenfall AB.8.9 Linking
Should Vattenfall AB make changes to the policy for managing personal data, a notification will be posted on this website. The policy may change, for example, if the legislation or application changes. If the processing of personal data has been settled in an agreement with the customer, the
terms will continue to apply until they are changed as long as they do not contradict your rights according to the above or are inconsistent with law or other legally binding regulation.8.11 Contacts
The controller is Vattenfall AB, corporate identity number 556036-2138.
The data protection officer for Vattenfall AB can be reached via e-mail at email@example.com or by phone at +46 (0)8-739 50 00. Questions concerning the Vattenfall Group’s personal data processing can be put to our data protection officer or via the general contact form on the website.
Send requests for register entries to:
Vattenfall Kundservice AB
PO Box 13
880 30 Näsåker
or by e-mail to firstname.lastname@example.org
Telephone: +46 (0)20-82 00 00We obtain personal data from SPAR (www.statenspersonadressregister.
se/), UC (www.uc.se/) and Bisnode (www.bisnode.se). For information on
their data controller and data protection officer, refer to their websites.Appeals
Should you be dissatisfied with a decision following an appeal to Vattenfall,
you can turn to the Vattenfall Customer Ombudsman by phone on +46 (0)8-739 70 31 or at email@example.com.
Contact with the supervisory authority via www.datainspektionen.se or following a name change to www.integritetsskyddsmyndigheten.se.