-
General
- The data controller is SIA “Enefit” (hereinafter referred to as the Company), legal entity code 40003824046, registered address at Roberta Hirša iela 1, Riga, LV-1045, Latvia.
- The processing of the Company's customer (hereinafter referred to as the Customer) personal data is based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 96/95/46/EC (General Data Protection Regulation or the GDPR), including the Personal Data Processing Law of the Republic of Latvia, and having regard to good business practices.
- The Company also follows the guidelines and instructions of Data State Inspectorate, the European Union data protection expert group WP29 and the European Data Protection Board.
- These conditions (principles) (hereinafter referred to as the Conditions) are general, conditions, whereas other conditions related to personal data (hereinafter referred to as the Data) protection may also be included in respective agreements, documents, forms and made available on the Company's website www.enefit.lv. These Conditions are an integral part of the general conditions for the provision of Company’s services or sales of goods (hereinafter referred to as the Services). The Company refers to the Conditions when concluding a contract (hereinafter referred to as the Contract) with the Customer, offering a service, goods and/or giving access to online account (hereinafter referred to as the e-environment) to the Customer and enables the Customer to get acquainted with the Conditions.
-
If the Customer finds that his/her Data is not processed in accordance with the applicable rules, he/she has the opportunity to contact the Company’s data protection specialist at [email protected].
This option does not affect the Customer's right to apply to respective data protection supervisory authority or to a court if necessary.
-
Aim of Conditions
- The Conditions of the Company’s customer Data processing apply to the Company and its Customers.
- The Conditions determine how the Company may use the Customer's Data in communication with the Customer and provide information on important issues related to the use of the Data.
- The Conditions do not apply to the services or goods of other companies, even if they are available to the Customer via the SIA “Enefit” e-environment or the Services.
-
Definitions
- The Company uses the terms in the sense defined in the General Data Protection Regulation here.
- A Customer is any natural person who has entered into a Contract with the Company or has provided his or her information and expressed a wish to register as a Customer or to receive an offer from the Company to enter into a Contract, but has not entered into a Contract. The Company also treats as a Customer natural persons who use the Company’s Services or the e-environment.
- The Contract is the contract between the Customer and the Company for the provision of the Service, consisting of the Individual Terms and Conditions of the Contract, the General Terms and Conditions of the Contract, and the documents and/or annexes to which the Individual Terms and Conditions refer.
- Data (personal data) is any data of the Company's customers that can be directly or indirectly identified, distinguished, linked or located. Processing of Customer Data is any operation performed on Customer Data.
- Anonymous data is information that cannot be associated with a specific Customer, as the Customer's identifying information has been removed from the data.
- By ensuring the secure processing of data, we mean the use of up-to-date physical, organizational and IT security measures. These measures include the protection of employees, IT infrastructure as well as office buildings and technical equipment. The purpose of the measures is, in particular, to control the risks and to mitigate the risks posed by both persons and technology. In order to ensure compliance with the measures, the company's and the Enefit group's internal procedures have been established for mandatory compliance. The Company´s employees are subject to Data confidentiality and protection requirements and are responsible for fulfilling these obligations. The Data Processors authorized by the Company are obliged to ensure compliance with the same rules in respect of their employees and they are responsible for compliance with the requirements for the use of Data.
-
Conditions of Data protection of the Company
- The Company uses the Data in the manner specified in the Conditions and only for the purpose for which the Company collected the Data and to the extent necessary to fulfil this purpose. The Company may combine Data collected in connection with different Services if such Data has been collected for the same purpose.
- The Company considers the Customer's privacy and Data protection very important, using secure solutions for data processing.
-
The role of the Customer in ensuring Data security
- The Customer must use the Services and e-environments safely and diligently and ensure that the devices (e.g., computer, smart phone, application, etc.) used by the Customer to use the Company´s Services or e-environment are secure. The Customer is obliged to keep their Password, user IDs and passwords related to the Customer, their device, the Service or the e-environment or other information or information carriers (e.g., ID card or Mobile ID) related to himself/herself secret from other persons.
- The Customer must be aware of and take into account the fact that the Company cannot guarantee the security of the Data and is not liable if the Data is not protected due to the Customer's breach of the obligation specified in clause 5.1 (incl. because the Customer has not changed the original PIN or other initial settings or the Customer's ID card, Mobile ID or their PIN codes have been used by unauthorized persons). In such case, the Customer is responsible for consequences that may occur to them.
- If the Customer allows the user (e.g., the Customer's family members, employees, etc.) to consume the Services or the e-environment on the basis of the Contract concluded between the Customer and the Company, the Customer is responsible for the user reading and agreeing with the Conditions.
-
Data collection and sharing
- The Company offers Customers various Services and e-environments for use. The composition of the Data collected by the Company per Customer depends on which specific Services or e-environments the Customer uses, which Data is necessary to provide them; the extent to which the Customer transmits Data to the Company for this purpose (e.g., when ordering the Service, registering as a User, etc.) and consents the Customer provides the Company for data processing.
-
According to the nature and purposes of the data processing, the data collected is divided into three main categories:
- Basic information depending on the type of the agreement, such as: first and last name, user name, personal identity number, date of birth, address, e-mail address, information about the object for which electricity supply contract is concluded - object number, EIC code, commercial meter number in the object, as well as the information on services ordered or products purchased (e.g. service composition, additional services, parameters, service address, devices used, etc.), as well as related static IP address, domain name or device serial number, billing information (e.g. billing address, reference number, account number, etc.). This category also includes Data collected in e-environments when the Customer uses the services.
- Special categories of personal data are data such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data used for the unique identification of a natural person, health data or data on a person's sexual life and sexual orientation. The purpose of the Company is not to collect your special category personal data. But it may become known to us by chance, for example, through a letter or telephone call received by us as part of a Customer relationship, when you disclose it to us. In accordance with the Conditions of secure Data processing, the processing of such Data shall be in any event restricted (special categories of personal data, if possible, are deleted without delay).
- Non-personalized Data is Data that is not attributable to any particular Customer, but which the Company must also process in order to provide services. Non-personalized Data is, for example, Data collected when using websites, which is collected by non-personalized customers for the Company in the course of using the services.
-
The Company collects Data in the following ways:
- the Company receives Data from the Customer, for example, when ordering the Service, registering as a Customer or making an information request to the Company;
- The Data is generated by the Customer when using the Services (e.g., when using the e-environment) and it is necessary for ensuring the performance of the Contract, such processing of the Data is prescribed by legislation or is based on the Customer's consent;
- The Company receives Data related to the Customer from other sources (e.g., other service providers or public registers, etc.) if it is necessary for ensuring the performance of the Contract, such processing of the Data is prescribed by legislation or is based on the Customer's consent.
- The Company may disclose the Data only on legitimate grounds (e.g., when required by law or contract concluded with you, or we have your individual consent) and in accordance with the applicable legal requirements.
-
The Company may share the Customer’s Data with:
- service providers acting as personal data processors of the Company and providing services to the Company;
- in the cases provided for by law, law enforcement and supervision, as well as other state and municipal authorities, when complying with the requirements of legal acts, including the State Revenue Service;
- for persons providing services related to the performance of the Contract;
- bailiffs, courts, other dispute resolution bodies;
- other business entities in case of the merger of the Company with another legal person or its acquisition, including persons performing respective legal due diligences;
- companies providing company auditing and related services, legal and financial advisory services providers.
-
Use of Data for ensuring the performance of the Contract
-
The Company may use the Data without the separate consent of the Customer for the performance of the Contract in the following cases:
- to identify the Customer and their representative;
- to perform activities necessary for the provision of Services or sale of goods to the Customer (incl. for sale and delivery of Services and/or goods and for forwarding information on Services and goods to the Customer);
- Customer service and troubleshooting;
- to provide and develop the e-environment, its services and functionalities and high-quality personal user experience (e.g. recording of language preference, etc.) and to provide the Customer with information related to the possibilities and security of using the e-environment;
- to calculate the service fees related to the Contract, to prepare and send notices and invoices to the Customer;
- to send notices related to the Contract and/or the Service to the Customer by post;
- for documenting business and service activities and exchanging business information (incl. for submission to auditors when auditing the Company);
- to better serve customers, including measuring the quality, usage activity or Customer satisfaction of the e-environment and Services, and to develop the Services and business;
- for the maintenance or repair of other Customer's equipment procured by the Company or on the Customer's order and for other after-sales activities related to the equipment;
- to record and preserve telephone calls between the Company and the Customer, with the purpose of using these call recordings to prove the declarations of intent or transactions made by the Parties and to better serve the Customer;
- to assess and prevent potential business risks or losses related to the provision of the Service;
- to ensure the performance of the Contract (e.g., to establish guarantees, enter into surety contracts);
- for the protection of violated or disputed rights of the Company and debt collection (incl. for the transmission of Data related to breach of the Contract and/or indebtedness to persons providing collection services, lawyers, etc. authorized by the Company for processing the respective Data on the basis of the Contract);
- to assess the Customer's creditworthiness and reliability (payment behavior) (incl. to decide on the provision of credit for Services);
- in case of breach of Contract, for transmitting the Customer's payment default (data related to overdue debt, including debtor's name, surname, personal identification code, information on the amount of debt, time of occurrence of debt and type of debt-related transaction) to credit information companies authorized by the Company.
- to provide customers with the option to monitor their electricity consumption (including individual electrical devices) via the Enefit mobile or web app.
- The overview of the use of the Data for the purpose of performing the Contract and ensuring the performance of the Contract provided in Clause 7.1 is not exhaustive. This means that the Company may, if necessary, use the Data for the performance of the Contract or to ensure the performance of the Contract for some purpose not highlighted in clause 7.1.
- When using the Services or the e-environment, the Customer cannot refuse to use the Data for the purposes specified in clause 7.1, if this would make it impossible to render the Services or using the e-environment for the Customer.
-
The Company may use the following Data for the purposes specified in clause 7.1:
- Basic Customer data;
- Customer relationship information: Information concerning the use of the Company´s Services, details of the Contracts entered into by the Customer, submitted orders and Customer contacts, invoices and related information (e.g. payment data, etc.), information entered by the Customer into the e-environment (incl. data entered during account registration), e-environment, its services and data on the use of functionalities and data collected with the help of cookies (see clause 17) and data related to the Customer's payment discipline/indebtedness, and data required and data needed to perform electricity consumption analysis and to ensure the functionality of Enefit mobile and web application.
- The list of data in Section 7.4 is not exhaustive. This means that, if reasonably necessary and to a reasonable extent, the Company may also process Data not specified in clause 7.4 for the purpose of ensuring the performance of the Contract.
-
The Company may use the Data without the separate consent of the Customer for the performance of the Contract in the following cases:
-
Use of data subject to consent
- In certain cases, the Company also requests separate consent from the Customer for the processing of the Data (hereinafter referred to as the Consent). When asking for consent, the Company explains the purpose of asking for consent and provides information on the planned processing.
- The conditions of use of the Data set out in the Conditions apply to the consent. The Company refers to the Conditions when accepting the Consent from the Customer, and the Customer has the opportunity to get acquainted with the Conditions. The Customer has the right not to give the Consent or to withdraw the Consent later, notifying the Company via the e-environment or in writing or in a form that can be reproduced in writing. The consent is valid until it is revoked.
-
On the basis of the consent, the data will be processed for example as follows:
- to prepare and send personal offers to the Customer electronically (e.g., via e-mail, phone calls, SMS or social media). The preparation of personal offers may include a marketing analysis of the Customer's Services, e-environment, etc. usage preferences, with the aim of finding out the Customer's usage needs and preparing personal offer based on it.
- For the transmission of data to companies belonging to the same group as the Company or to the Company's cooperation partners for the purpose of offering Services to the Customer jointly or reciprocally, also, in order to transfer Data to other partners of the Company who can offer their services and/or goods to the Customer independently;
- to find out the Customer's expectations, preferences and needs and to develop new and better services and possibilities of using the e-environment;
- In the e-environment for delivering personalized content, offers and advertisements to the Customer.
-
Unless otherwise described in the specific consent, the Company may use the following Data on the basis of the Consent:
- name, surname, date of birth, personal identification code, language of communication, preferred contact information (e.g., telephone number, e-mail, regular mail) of the Customer and the person or contact person authorized by the Customer, information on the Customer's segmentation;
- information concerning the use of services and the purchase of goods (e.g. type of goods, price class, delivery information, etc.);
- Data related to the Customer's creditworthiness, payment discipline/indebtedness;
- information on the details concerning the consumption of the Company´s Services by the Customer (incl. volume, quantity, method, time, etc. of use of the Services by type of services (e.g. used electricity or gas)) and information on additional services ordered by the Customer, as well as meter) data;
- Data transmitted by the Customer to the Company via the e-environment (incl. data entered upon account registration);
- Data on the use of the e-environment or its services and functionalities by the Customer and information collected by means of cookies;
- Data received from other persons on a lawful basis.
-
Processing of Data on the basis of a legitimate interest
-
In certain cases, the Company also processes the Data in its legitimate interests. For the Company, a legitimate interest is a commercial interest in which the processing of the Data is justified and necessary and which outweighs the possible infringement of the data protection rights of the Customer accompanying such data processing. Within the framework of a legitimate interest, the Company processes Customer data for the following purposes:
- transmission of periodic news and information letters via e-mail, incl. to introduce additional services and offers to customers. The Customer can refuse getting news and information letters at any time without giving a reason;
- improving the user experience by asking customers for feedback on services and processes and using it to compile statistics and surveys. Giving feedback is voluntary for the Customer;
- improvement and further development of the Company's technical systems, self-service environment and IT systems, incl. security incident prevention and resolution;
- analysis of breakdowns, sales, consumption and other statistics required to provide proactive Customer service;
- general Customer group profiling;
- settlement of claims and prevention of fraud.
-
In certain cases, the Company also processes the Data in its legitimate interests. For the Company, a legitimate interest is a commercial interest in which the processing of the Data is justified and necessary and which outweighs the possible infringement of the data protection rights of the Customer accompanying such data processing. Within the framework of a legitimate interest, the Company processes Customer data for the following purposes:
-
Specific cases of Data processing arising from the legislation
-
Pursuant to legislation, the Company processes Customer data for the following purposes, for example:
- the transmission to (and receipt from) the Distribution System Operator of Data relating to the provision of the Electricity Trading Service and the receipt of relevant Data relating to the conclusion or termination of the Customer Contract;
- compliance with obligations arising from laws and regulations governing the keeping of accounts or the payment of taxes.
-
Pursuant to legislation, the Company processes Customer data for the following purposes, for example:
-
Data retention period
- The Company will retain the Data for as long as is necessary to achieve the purpose of using the Data specified in the Conditions or until the term prescribed in the legislation.
-
When storing data, the Company follows the following main deadlines:
- we plan to keep Client’s Data 3 (three) years after the termination of the Contract. In case there is an ongoing debt collection process related to the performance of the Contract, the term of the storage of the respective Data is prolonged until this process is fully completed.
- after 2 (two) years, we will delete the Data of persons who have requested, for example, price offers or information on the existence of a technical possibility, but have not become a Customer of the Company, as well as call recordings of Customer service telephones or other Customer service related recordings for that matter.
- In some cases, the Company may also change the terms described in clause 11.2, if such a need is due to, for example, legislation or the Company’s legitimate interest.
-
Automatic decision making and profiling
-
The Company may also make automatic decisions when processing personal data, for example:
- for background checks on the sale of goods and services on credit terms, in the framework of which we process relevant information about your payment behaviour and background from the Company´s information systems as well as public databases (official notices, information disclosed by bailiffs and other official registers and publications, e.g. commercial register, population register);
- to provide automatic notifications in the framework of debt proceedings and to limit the services provided in accordance with the provisions of the Contracts and the law;
-
the purpose of marketing profiling is to develop different Customer segments, types or profiles that allow us to offer each Customer offers and services that are just right for them. For profiling, we can analyse, for example, Customer demographics (age, gender), service usage data, location, and behavioural patterns using a variety of internationally recognized methods of statistical analysis appropriate to the particular case.
- The Customer has the right to ask for additional explanations and submit objections regarding automatic decisions concerning the Customer at any time by notifying the Company. In any case, automated decision making and profiling does not have any legal effect on you.
-
The Company may also make automatic decisions when processing personal data, for example:
-
Use of data by authorized processors
- Pursuant to the legislation, the Company may also grant the right to use the Data to authorized processors. Authorized processors are the Company’s partners who, for example, deal with the organization of billing, answering Customer questions, marketing services, reselling services, etc. The authorized processor has the right to use the Data only for the performance of specific operations requested by the Company and on the basis of a Contract entered into with the Company containing a confidentiality obligation and other requirements related to the Data processing.
-
Direct marketing
- The Customer’s Data may be processed for direct marketing purposes in case there is a legitimate interest in such processing (when the Company sends proposals for similar services and/or goods to the Customer) or when the Customer gives his explicit consent to such processing.
- Consent to the processing of Data for direct marketing purposes may be given in a number of ways: by opting to subscribe to the Company's newsletters; by expressing a written request; or by consenting (by signing, ticking, or by any other means) in a Contract, on a website or other medium to receive commercial and other offers of the Company's or its affiliate partners' services, products and/or goods, and other related activities, from the Company or its partners.
- Pursuant to the Consent and legislation, the Company may also forward offers addressed to the Customer to a user whom the Company has become aware of, who was enabled by the Customer to use the Customer's services under the Contract between the Customer and the Company and the representative or contact person of the Company´s business Customer. These persons may prohibit from sending offers by electronic means (e.g., by e-mail, SMS or MMS) to them or calling them by phone in the e-environment or by following the instructions provided in the e-mail or message or in any other electronic way offered by the Company. Only the Customer has the right to withdraw the consent.
- In any case, if the Customer expresses its objection, in a manner indicated by the Company, to the processing of data for direct marketing purposes, the Company shall immediately terminate the processing of the Customer’s Data for direct marketing purposes.
-
Customer rights in connection with the use of Data
- Right of access to your data. The Customer can get acquainted with his/her Data that is processed by the Company.
- Right to rectify personal data. The Customer has the right to correct their Data if it is incorrect or incomplete. If the Customer's basic and contact information has changed or the Customer discovers that their data is incorrect, he/she always has the right, and in some cases also the obligation under the Contract, to correct it in self-service or to contact Customer service to correct the data.
- The right to request the deletion of your data. In certain cases, the Customer has the right to have their personal data deleted. This right does not apply in a situation where the Company processes the Customer's personal data in order to fulfil obligations arising from applicable legal acts.
- Right to object. The Customer has the right to object at any time to the processing of personal data concerning him or her, which the Company performs on the basis of a legitimate interest.
- Right to restrict data processing. In certain cases – as an alternative to the right to have their personal data deleted - the Customer has the right to demand a restriction on the processing of their personal data.
- Right to data transfer. The Company's customers have the right to transfer their consumption data (portability).
-
Contacting details of the Company for Data processing related matters
- The Customer can contact the Company for questions related to the Conditions or the processing of the Customer´s Data at the following contacts: by phone at +371 6000 0055 or to the data protection officer by e-mail at [email protected] or by the postal mail addressed to the data protection officer of SIA “Enefit”, Roberta Hirša iela 1, Rīga, LV-1045, Latvia.
-
Use of cookies in e-environment of the Company
- As with most websites, the Company's e-environments use cookie technology. Cookies are small text files that are downloaded to the user's computer via the e-environment server. As a result, the browser can transmit cookie information back to the e-environment each time the e-environment is used, with the aim of allowing the same user to be identified without identification (anonymously) and providing the user with a personal and more convenient e-environment experience (e.g. maintaining user preferences and interests, etc.) and analysing and developing the Services offered in the e-environment and directing offers and advertisements.
- This version of the Conditions is valid for the Company and all Customers from 11.04.2024. The Company has the right to unilaterally amend and update the Conditions as necessary. We keep the up-to-date Conditions available on the Company's website www.enefit.lv. We will notify you of significant changes to the Conditions via our website, e-mail or other reasonable means.