Data Privacy Statement

Nepton respects your privacy in all its operations. This Data Privacy Statement defines your rights and our commitment to protecting personal data. Nepton provides software and services to its public and private customers in Europe. The company headquarters are located in Espoo and the company is subject to the data protection legislation of the EU. Important decisions pertaining to data privacy and confidentiality are made on a high level in the company. Data privacy is monitored by the Data Protection Officer of the company. This Data Privacy Statement is available online at

Scope and Acceptance

Nepton’s Data Privacy Statement applies to all processes, domains, mobile applications and cloud services of the company. The service description and individual data processing greements define, when necessary, the details of data privacy and the approaches pertaining to each customer. The Data Privacy Statement describes how Nepton processes personal data when Nepton acts as the data controller and defines the purposes and methods of data processing. The Data Privacy Statement also describes personal data processing performed by Nepton on behalf of and as directed by its customers when the customer is the data controller and Nepton is the processor of personal data. Personal data means information or groups of information which may likely be used to recognise and identify a person. Typically, personal data includes name, address, phone number and email address. Your personal data will be processed when we serve our customers or assess your prospects as a job applicant. Please do not use the website or services of Nepton if you do not agree with the Data Privacy Statement of Nepton and the personal data processing performed by us in scope of it.

Whose personal data we process

Nepton processes personal data of corporate individuals, service users, possible new customers, partners and job applicants who contact us. The statement describing this can be found in the chapter Data Controller. Nepton also processes data about the end users and employees managed by our customers when we are their data controller. The statement describing this can be found in the chapter Personal Data Processor.

Nepton as Data Controller

Nepton will act as the Data Controller when we define the purpose and methods for the processing of your personal data. We also act as the Data Controller when we collect information about you as a customer, job applicant, end user of a service and a possible customer. We process your personal data to for example fulfil contracts and on the basis of legitimate interest.

Your Rights

You have the right to withdraw your consent and unsubscribe from receiving marketing communications. Instructions for withdrawing your consent can be found at the end of our newsletters. Despite what has been stated above, you may still continue to receive communication from Nepton, such as notifications about managing your account and services offered to our customers. You have all the basic rights set forth in the EU data protection legislation. You may, for example, request to receive a summary of your personal data processed by us, request to correct erroneous personal data, oppose the processing of personal data or make a complaint about processing of personal data. Please send your request pertaining to these to

Data Protection and Data Retention

Data protection is very important to us. At a minimum, we comply with the level of the EU data protection in all our activities. Data protection training of all of our staff is systematical and continuous. The description of services by Nepton with its attachments further defines data privacy and the methods of its implementation for our customers who use the service. The most essential targeted instruction standards for our activities are ISO/IEC 27001, KATAKRI, OWASP and VAHTI. Nepton will retain your personal data only when it is necessary for the purposes stated, taking into account the necessity of complying with legislative obligations, answering inquiries and solving problems. We may retain your personal data for a reasonable time also after the interaction between you and Nepton has ended. Any outdated or unnecessary personal data will be removed regularly.

Nepton as the Personal Data Processor

The services of Nepton include personal data processing of the employees of its customers and other individuals. Our customers define the purpose of the processing of personal data when the customer is the data controller of the personal data and Nepton acts as the personal data processor. At the minimum, there will always be a valid agreement on data processing as per the service description between the data controller and Nepton as the personal data processor. The customer defines and is responsible for the legitimate bases for personal data processing. The customer must also comply with the reporting obligation of the data controller, pertaining to the subjects. Nepton always complies with the data protection legislation applicable to data processors.

Contractors and Data Transfer

Nepton may use contractors for personal data processing. In connection with this, Nepton may transfer your or its customers’ data also to countries outside the EU. When using contractors, Nepton enters into a data processing agreement with the contractors. If the contractors are located outside the EU, we will ensure the legal basis for international transfers by using, for example, EU standard contractual clauses. Services by Nepton are subject to more detailed terms and conditions which can be seen in the service description.

Changes to this Data Privacy Statement

Any changes to this Data Privacy Statement will be published on this site together with a new date. Besides here, when necessary, we may notify of changes also, for example, in a newsletter or through social media channels. This Data Privacy Statement was last updated on March 24, 2021.

Contact Information

If you have any questions or comments about this Data Privacy Statement, please contact us by email at You may also write to us at Nepton Oy, Data Protection Officer, Tarvonsalmenkatu 15, 02600 Espoo, Finland. Your requests and complaints will always be handled confidentially and as soon as possible.