Privacy policy for Wattinen service

Published 17.1.2024. 
Privacy policy in Finnish: Tietosuojaseloste

This privacy policy describes how personal data is processed in Wattinen service.

In the Wattinen service a property’s (housing company, real estate company or another corresponding property) water-circulated radiator heating system is fitted with appropriate remote-controlled thermostats (or radiator thermostats), a telecommunications connection for coupling the thermostats with a remote system for controlling heating, a remote reader of the property’s main water meter and a remote control system connected to it and a heating adjustment software and the installation work related to these.

Wattinen service is provided by DNA Plc, who processes the personal data of the property representatives, property manager and residents as a controller or as a processor, depending on the nature of the processing of personal data. DNA acts as a controller insofar as it processes the personal data of the property representatives and the property manager in order to implement the contract. DNA acts as a controller also for the personal data processed in the Wattinen application brought into use by a resident. The property is considered the controller and DNA as the processor of personal data acting on behalf of the property when DNA processes a resident’s personal data in order to implement the contract and to produce the Wattinen service.

Personal data processed

The following information can be processed in the service

Information relating to the property, its representative, flats and residents:

  • Information relating to the property representative and property manager: name, address, e-mail address, telephone number, information concerning order and offer history
  • Information concerning the property: the number of flats in the property, flat number information, size of a flat
  • Information provided by the resident themselves (name, e-mail address and/or telephone number) contacts made by the property representative and the resident and information on feedback, desired means of contact, call recordings of customer service instances
  • Order, delivery and contract details of the service, dates of deployment, start and end date of the service

Installation information:

  • radiator thermostats installed, room sensors specified by room, connecting equipment and remote reader of the water meter, photos of installation, technical details of the heating elements used, number of rooms, time and duration of the installation.

Information available in the Wattinen system:

The Wattinen system includes information on radiator thermostats installed, room sensors, connection devices, the remote reader of the property’s water meter. The Wattinen system contains the Wattinen software, through which the following information is processed

  • Information on the equipment belonging to the Wattinen system (e.g. radiator thermostat) such as, for example, manufacturer, model, serial number, software version, charging status of the battery and IP and MAC address
  • Information automatically collected from the Wattinen system, for example status, fault and disorder information of the heating thermostat (including among others information on fault alarm and fault repair status information). The heating thermostat collects information on the temperature and air humidity of the room; this helps the Wattinen service to maintain comfort in the flat when the resident is there and to save energy when the resident is away.
  • Limits for heating set by the property (minimum and maximum temperatures) and possible default timings.
  • The target temperature set by the resident, temperature timing information and changes made in relation to the limits of heating temperature set by the property. The resident can time the target temperature (normal temperature, night temperature, temperature during absence). The service regularly checks and collects information relating to definition of timing of temperature.
  • Information on the manual use of the heating thermostat (adjusting the temperature manually).

Information on the use of the application installed by the resident (please read further information in the privacy policy of the application):

  • the ID of the device containing the application, operating system and the version of the operating system
  • The information given by the resident through the application such as registration information (name and telephone number), log-in information in the application, naming of rooms, names of additional users (to whom the resident has given consent to use the application) and the QR codes or serial numbers of the smart thermostats
  • Commands of use of the application made by the resident, flat and room specific timings and target temperatures and status information relating to them
  • Information concerning the use of the application, chosen language, possible alarms, location information
  • Messages, comments and reactions on the message wall
  • Cookies and other information collected by corresponding technologies in connection with the application

Information collected on the basis of consent

  • Information collected in connection with registration for competitions or draws
  • Information relating to direct marketing campaigns, permissions and prohibitions on direct marketing, orders of newsletters, information on targeting direct marketing
  • Other information collected on the basis of consent, information defined in more detail in connection of requesting consent

What are the sources information is collected from

Personal data collected from different sources can be processed in the Wattinen service:

  • The property with which a contract for delivering the Wattinen service is concluded
  • The resident when they register or log in the Wattinen application or use it, contact customer service or order a newsletter or participate in a draw.
  • Observed information which originates in connection of using the Wattinen services      
  • Information derived from personal data such as deductions resulting from analytics

Personal data can be also collected from public sources such as public address registers, installation partners, marketing partners, electricity and insurance companies, company websites, trade register, population registry, Posti, Intellia Oy, Fonecta Oy, the prohibition register kept by Suomen Asiakkuusmarkkinointi-liitto, public registers of authorities (such as company register) and other corresponding third-party registers.

For which purposes personal data is processed?

Personal data relating to Wattinen service is processed for purposes defined in advance on the basis of executing a contract concluded with a property, legitimate interest, consent or statutory duty.

The Wattinen service monitors the temperatures in the flats and weather forecasts and directs heating of the building anticipating changes in temperature. The service learns how the building behaves at different times and circumstances. It anticipates the heating of the property and energy consumption and directs heating as required and keeps the temperatures in the flats constant. In this way the property can avoid overheating and even out consumption spikes.

Personal data relating to regulation and measuring of temperature are processed in order to deliver, produce, secure the functioning of and maintaining the Wattinen service and to produce agreed reports. The data is used for developing, testing and quality control and control of the Wattinen service and the processes and systems in it. The data is also processed for customer service, problem solving, detecting and fixing fault and disorders relating to the service.

We also process data in order to better understand the needs of those using the service, we can analyze, compile statistics and categorize data for example on the basis of user groups and amounts and examine, for example, which way different user groups use the service. In addition, we can combine and in other ways process personal data is such a way that it no longer can be connected to a person. In all afore mentioned cases we only process personal data necessary for the purpose of the data processing and take into account protection of privacy.

We process personal data for marketing, sales, order processing, delivering the service, customer service and for payments, contracts and management of customer contacts. We save information resulting from customer contacts such as calls to customer service or contacts to other of our interactive service channels. Recorded or otherwise saved communications and call recordings can be used for verifying business and customer service occurrence as well as investigating complaints and unclear situations. In addition, recordings are used for training of customer service and other customer interfaces, for service and operations development and for quality monitoring in targeting and personalization of marketing. Recordings can also be used for investigating possible malpractices and for ensuring security. Recordings are destroyed when they are no longer required for the above-mentioned purposes.

Part of personal data is processed on the basis of consent, for example, electronic direct marketing or the Wattinen application can send push notifications if there is a fault in heating. When we process data based on consent, it is possible to revoke a consent at any time.

In addition, we process personal data in relation to our statutory responsibilities such as bookkeeping and in relation to preventing malpractice and to guarantee continuation of the service (for example, by saving backup copies and auditing logs).

How do we protect personal data?    

The privacy of all data subjects is vitally important to us. DNA offers services in a business sector where information systems are at the core of business and data protection is an essential part of our operations. That is why we ensure that our information security is always at a high level. We protect personal data with appropriate organizational and technical protective measures such as appropriate access control, managed granting of user rights and monitoring their use and careful selection of subcontractors. Personal data is only processed by named employees who are bound by professional secrecy. Data is always processed as confidential.

Who processes data, is personal data disclosed or transferred?    

We can transfer or disclose personal data to the following parties in appropriate situations

  • Data is processed only by those employees in our group of companies for whom it is necessary to do so because of their duties. Personal data can be transferred between the group companies for purposes described in this policy and, for example, for reporting purposes, in order for us to use centralized information systems. Data can also be processed for marketing the products and services of the group companies.
  • We use subcontractors and partners in the processing of data, in the production and offering of services. Because of the technical or operative execution of data processing, part of the data can be located with DNA’s subcontractors and partners, or the data can be otherwise processed via a technical interface. Subcontractors and partners have access to the data and they process it on our behalf in accordance with this privacy policy. These third parties are not allowed to use personal data for any other purposes than producing a service agreed with us. Our subcontractors include, among others, providers of installation services, marketing and sales partners, payment and invoicing partners, providers of support and analytics services and providers of IT software and services.
  • We process data primarily inside the European Union (EU) and the European Economic Area (EEA). When using subcontractors and partners we ensure through contracts and in appropriate ways sufficient levels of data protection and careful and proper processing of data in accordance with legislation. Data can also be transferred to outside EU and EEA. In these cases, we use transfer mechanisms approved by the European Commission, for example model contract clauses approved by the European Commission and additional appropriate technical and organizational protective measures.
  • Data can be transferred to named cooperation partners carrying out marketing for targeting advertising and for performing polling and marketing surveys. Media, advertising networks and network services can target our advertising on the basis of behavioural information collected from Wattinen pages such as the page uploads made by the customer and on interest profile information connected to the browser.
  • We can also disclose data for a third party for appraisal of legal demands, for protecting or defending DNA or it’s employees’ interests or investigation of crimes, collecting debts and scrutiny of possible offences. We may also disclose information if we were a party in a corporate or business reorganization, to the parties of the reorganization and their advisers.
  • Collated data can be disclosed to the property (housing company or real estate company) and its representatives for reporting purposes.
  • The property manager, the technical property manager, the maintenance company used by the property, representative of the property, the party owning the property (for example representative of an investment property or that of rental property) have through the control panel connected to the Wattinen services a screen view allocated to the user group on the property’s heating status as follows:
    • User group: representative of the property, a party owning the property. The average heating information of the flats, possible alert and anomaly information.
    • User group: property manager, technical property manager, maintenance company. Status information on the flat, up-to-date actual temperature and air humidity in the flat and room-specific information on temperature, adjustments of smart thermostat, functionality of radiator valve, alarm, anomaly and fault occurrences on the heating element level.

What is the period of retention of data or the definition criteria for the period of retention?

We keep personal data only as long as it is necessary for carrying out defined purposes of use. We keep data relating to the customer relationship (contract with the property), the use of the services, registration, customer contact history, surveys for the duration of the customer relationship and 6 months after the end of the customer relationship or termination of the registered service or last log-in. Information on technical measurements and installation are kept for 10 years after the end of the customer relationship.

Information on the use of the webpages is kept for at least 14 months. Personal data of those taking part in competitions and draws are kept for the duration of the competitions and draws and until the winner has been contacted. Personal data entered in marketing register and the register for prohibition of marketing are kept until further notice.

The retention period of recordings of customer service and sales calls is 27 months. If a data subject wants to inspect their information relating to call recordings, the request must include, in addition to the personal data of the data subject also a telephone number from which the call to the customer or sales service was made and the time of the call. Because of data protection reasons, a transcript of the call will be primarily provided in writing.

Data processed on the basis of legitimate interest is processed as long as grounds for processing exist. If the data subject can object the processing of data, the information is erased when the data subject’s request relating to the objection has been dealt with and the objection approved.

The processing period of data processed on the basis of consent is determined in accordance with the purpose of the processing. Data processed on the basis of consent will be erased without undue delay if the consent is revoked and there has been no other basis for the processing.

We keep personal data required by bookkeeping or other mandatory legislation also after the user’s data have been otherwise erased. For bookkeeping we keep receipts of orders six years after the end of the year during which the accounting period ends.

Rights of the data subject relating to data processing

In relation to the personal data processed in the Wattinen service, the data subject has the right  

  • The right to check and get confirmation on what personal data is processed.
  • The right to rectification of data if the data is incorrect or it needs to be updated.
  • The right to transmit data from one system to another if the data processed in the Wattinen service has been provided for processing on the basis of consent or for implementing an agreement. We will supply the data in a machine-readable format.
  • The right to request the erasure of data which is no longer necessary in relation to the purposes defined for it if there are no legitimate grounds for the processing or if the data was processed on the basis of consent and the basis for processing no longer exists.
  • The right to give and revoke your consent. If processing is based on a consent given, it is possible to give or revoke the consent at any time.
  • The right to object to the processing of your personal data on the basis of DNA’s legitimate interest. We can refuse the request, if processing is necessary for compelling legitimate grounds and to implementing of legitimate interests. In certain cases the data subject may demand that the controller restricts processing of personal data.

Changes relating to the privacy policy

We improve our services continuously and update this privacy policy without notifying about it in advance. Any changes may relate to changes in legislation. We recommend you read the contents of our data protection practices regularly on our webpages.

Contact details

Controller: DNA Plc, business ID 0592509-6, P.O.Box 10, 01044 DNA (street address Läkkisepäntie 21, 00620 Helsinki)

DNA Plc (on behalf of itself and its subsidiaries) is responsible for the processing of personal data it collects. DNA has also appointed a data protection officer. You can also reach DNA’s data protection officer in the address above. If you have questions on the privacy policy, the processing of your personal data or you wish to exercise the rights based on data protection legislation, you can contact us in writing on the address mentioned above or by e-mail at

The data subject has the right to complain about the processing of personal data to the supervising authority (, if the controller does not fulfill its responsibilities as a controller or does not otherwise comply with applicable data protection legislation.