Data Privacy Statement

Introduction

Saarni Nepton respects your privacy and is committed to protecting your personal data. This Data Privacy Statement describes how we process your personal data and how you can exercise your rights. The Data Privacy Statement is available on our nepton.com website.

Company Information

Saarni Nepton offers software and services to public and private customers in Europe. Our head office is in Espoo, and our operations are regulated by EU data protection legislation. Our Data Protection Officer monitors compliance with our data protection policies.

Application of the Privacy Statement

This privacy statement applies to all Saarni Nepton processes, domains, mobile applications and cloud services. The applicable service descriptions, data protection statements and separate data processing agreements specify and, if necessary, limit data protection details and operating methods for each service and customer.

Data Protection and Data Retention

Privacy protection is of utmost importance to us. We comply with at least the requirements of EU data protection legislation in all our activities. Our employees receive regular data protection training. The applicable service descriptions with attachments determine the details and implementation methods of our data protection policies. Our goal is to develop our operations in accordance with CSA CCM, ISO/IEC 27001, KATAKRI, OWASP and VAHTI standards.

We retain your personal data only for as long as necessary for the stated purposes and to fulfil legal obligations. We regularly delete outdated and unnecessary personal data from our records.

Personal Data

Personal data is information that can probably be used to identify and identify a person. Typical personal data are, for example, name, address, phone number and email address.

Saarni Nepton as the Data Controller

We act as a data controller when we determine the purpose and methods of processing your personal data. We are also a data controller when we collect personal data about you as a customer, potential customer, job seeker or end user of the service. We process personal data, among other things, to fulfil contracts or based on legitimate interests.

Processing of Personal Data on Behalf of Customers

Our services include processing the data of customers’ employees and other persons. In this case, the customer determines the purpose of personal data processing and is the controller, while Saarni Nepton acts as the personal data processor. The customer determines and is responsible for the legal basis for the processing of personal data. The customer must also comply with the data controller’s obligation to provide information related to data subjects.

Subprocessors and Data Transfer

We may use sub-processors to process personal data. In this case, we can also transfer personal data outside the EU. When sub-processors are used, Saarni Nepton enters into a data processing agreement with the sub-processors. We ensure the legal basis for international transfers, for example, with the help of EU model contract clauses. More detailed and often more restrictive conditions apply to Saarni Nepton’s services, which can be seen in the applicable service descriptions.

Marketing communication

In terms of marketing communication, we follow the principles and practices defined by Saarni Cloud our parent company. A register is maintained of customers, potential customers, and their contact persons of our group’s various businesses. The content of the register is limited to only those organisations and persons who are estimated to be interested in the services offered by our group or ecosystem partners. Targeted marketing communication can be sent to entities in the register by the group, the group’s various business functions or our ecosystem partners. At the end of each marketing message or newsletter, there are instructions for withdrawing consent to marketing communication.

Your Rights

You have all rights according to EU privacy legislation. For example, you can request a summary of your personal data, request correction of incorrect personal data and object to the processing of personal data.

Acceptance of the Data Privacy Statement

Do not use Saarni Nepton’s pages or services if you do not accept Saarni Nepton’s Data Privacy Statement and our processing of personal data within this framework.

Withdrawal of consent

You have the right to withdraw your consent and opt out of receiving marketing communications. There are instructions for withdrawing consent at the end of the newsletters. Despite the above, you can still receive administrative communications from Saarni Nepton and our trusted service providers, such as notifications related to the administration of your account and the services offered to customers.

Changes to the data protection statement

Changes to the privacy statement will be published on this page with the new date. If necessary, we can also announce the change in a newsletter or social media channels, for example.

Contacts

If you have any questions or comments regarding the Data Privacy Statement, please contact us via email at dpo@nepton.com. You can also write to us at Saarni Nepton Oy, Data Protection Officer, Hatsinanpuisto 8, 02600 Espoo, Finland.

This Data Privacy Statement was last updated on September 16th, 2024.