Privacy notice – Hydro Go

Your privacy in Hydro Go

This supplement gives general information about the mobile app Hydro Go. For further information about privacy at Fortum, please read our main privacy notice.

The main purpose of the Hydro Go app is to increase safety in your work at Fortum’s plants by providing the ability to check-in and check-out at plants automatically. Knowing who is at plants is important in case of emergency situations so our Dispatch Center can inform rescue personnel who are currently located at the plant. Checking in and out of plants is mandatory regardless of if using the app or not based on Fortum’s internal work descriptions. The app will provide convenience and safety by not forgetting to do so.

For added safety purposes including traveling to and from plants, you can also use Rescue Me timer functionality in the Hydro Go app. With Rescue Me a user can create a timer that will alert the Dispatch Center if the user does not turn off the timer before the set time expires. Possible alerts are handled by the Dispatch Center all the way to a rescue search when needed. The use of this functionality is not mandatory but instead provided as an added safety measure to be used by users when they find it needed/necessary.

What information do we collect?

  • Contact details and Security data: Name, phone number, and email as registered in your Fortum AD account is used for knowing who is checked in at the plants
  • Location data: For check-in and check-out purposes, geofencing location data that is a “virtual circle” surrounding the plant area. For Rescue Me functionality, when a Rescue Me timer is active, the last known location of the user is stored every minute for added safety purposes.
  • Time and attendance data: The time and date for check-in and for check-out from the plant. Also times related to activated Rescue Me timers.
  • User added check-in or Rescue Me timer data: an optional note field in the app where the user can add information as free text.
  • Technical data: troubleshooting data and statistical data.

Location data is collected only for the purposes described above.

How do we use that information?

  • Access management: Name, phone number, and email as registered in your Fortum AD account is used for knowing who is checked in at the plants
  • Security and Safety event management: Geofencing data is used for automatically checking you in at a plant, or if you’re not using automatic check-in to notify you not to forget checking in or out when entering or leaving a plant. The exact location for check-in is unknown, only that you are somewhere in the plant area as defined by the geofence. The app will only know the plant name, not the location itself. For Rescue Me functionality, the exact location is stored when a timer has been activated by the user. It is not visible for personnel in the Dispatch Center unless the set timer time has expired giving an alert meaning there can be a real incident to be handled.
  • Time and attendance data: The check-in/check-outs at plants, and all information related to them, are stored for 18 hours after leaving a plant and then deleted. The purpose of the 18 hours is safety-related in case the Dispatch Center needs to contact the people recently been at the plants. Rescue Me timer data is deleted as soon as they are turned off/removed by the user or by the personnel at the Dispatch Center.
  • User added plant visit data: The optional note field for check-ins/check-outs and Rescue Me timers in the app where added information related to the plant visit or timers can be used. This data is also deleted 18 hours after checkout from the plant.
  • Technical data: For troubleshooting and statistical purpose, we collect anonymous information such as the number of check-ins and check-outs on plants, the brand/model/operating system of your mobile device, and aggregated statistics on the usage of different views in the Hydro Go App. For this, we use the Google Analytics Service (FireBase). The anonymous statistical data is used to improve the App and, most of all, improve safety for people at plants by making sure we utilise the check-in/check-out functionality in a good way.

Location data is collected only for the purposes described above.

Who has access to the data?

The information collected as described above is visible for the Dispatch Center’s authorized employees for them to be able to act in case of emergency.

How long is the data stored?

The check-ins/check-outs at plants, and all information related to them, are stored for 14 days after leaving a plant and then deleted, though only visible for the Dispatch Center operator for 18 hours. The purpose of the 18 hours is safety-related in case the Dispatch Center need to get in contact with the people that have recently been at the plants.

For Rescue Me, the timer data is also stored for 14 days after timers are removed by the users. The data will not be visible to users or to the Dispatch Center views directly after the timers have been removed.

The 14 days storage time ensures possible technical troubleshooting for the app functionalities as well as identification of incidents handling improvements.

Your registered Fortum AD account is maintained as long as you are working at Fortum. The account will be deleted when leaving Fortum according to group IT policies.

How do we collect the information?

The information collected in the app is sent to our Amazon Web Services Cloud solution as described above and then removed accordingly.

Do we share that information?

The information is not shared outside of the Dispatch Center’s authorized employees. If we would see from the anonymised data that the usage of the check-in/check-out functionality is not sufficient for maintaining personnel safety at plants that anonymous statistics data can be used to improve the process including instructions for personnel related to safety at plants.

What safeguards are in place?

We employ appropriate organizational and technical security measures to protect your data from loss or misuse. We have a cybersecurity governance model which describes roles and responsibilities on the group level, and our instructions give detailed information on how personal data must be handled within our Group. By conducting awareness programs, we engage our employees in privacy and security considerations. Where we contract with third-party suppliers to provide services that may enable them to access your personal data we require them by contract to have similar security controls in place.

What are your choices?

In the app, you can select not to do automatic check-in/check-out. In this case, you will have to check in and check out manually. You will get a reminder when arriving and leaving a plant.

If you are not using the app at all, you will have to call the Dispatch Center to check in and out. Please note that using calling instead of Hydro Go app might overload the Dispatch Center with phone calls decreasing the overall safety follow-up of your colleagues.

The use of Rescue Me timers is optional, but recommended especially for work at non-office hours for added safety.

Additional information

The data controller of your personal data is the local Fortum company you have an employment relationship with and Fortum Corporation.

You can address any further questions and comments regarding your privacy to our dedicated privacy team at privacy [at] fortum [dot] com (privacy[at]fortum[dot]com.)