Privacy | Kpa Unicon

KPA Unicon Group Oy and its group member-companies respect your privacy.
KPA Unicon Group Oy and Privacy Statement

KPA Unicon Group Oy and its group member-companies respect your privacy. This Privacy Statement sets out your rights to privacy and our commitment to protecting your personal data.

KPA Unicon Group Oy is an international company whose legal entities, business processes, administrative organisations and technical systems cross national borders. KPA Unicon Oy provides clean and renewable energy solutions and services to public and private businesses (Customers) around the world.

KPA Unicon Group Oy is headquartered in Finland, and KPA Unicon Group is subject to EU privacy legislation, including the General Data Protection Regulation (GDPR).

This Privacy Statement is available at and via the link at the bottom of each website.

Scope and authorisation

This privacy statement applies to all KPA Unicon Group Oy’s business processes and to all websites, domain names and cloud services. Any service-specific additions can be found in the terms of service, data processing agreements or other similar service-related information.

The privacy statement provides information on the data processing performed by KPA Unicon Group Oy, in the situations where KPA Unicon Group Oy acts as the controller.

Personal data is information that can be used to identify a person, such as an e-mail address, street address or phone number, etc.

KPA Unicon Group Oy processes the personal data of jobseekers, contact persons and potential new customers who contact us through the KPA Unicon Group Oy websites or other channels.

KPA Unicon Group Oy’s group company acts as a data controller when it determines the purpose of your personal data and the means to be used. KPA Unicon Group Oy is also a controller when KPA Unicon Group Oy collects your personal data about you as a job seeker, customer or representative of a potential customer or user of the website.

Grounds of the processing

In order to manage customer relationships and comply with our commitments to customers, we need information about you as the customer’s contact person or user of the service. The purpose of the processing of personal data is to

  1. Manage our customer sales and contracts
  2. Prepare quotes for products and services at a customer’s request
  3. Carry out deliveries in accordance with contracts with you or customers
  4. Provide support in relation to our products and services
  5. Improve and develop the quality, functionality and user experience of our products, services and the KPA Unicon Group Oy websites
  6. Detect, mitigate and prevent security threats, as well as to maintain and debug systems
  7. Prevent misuse of our products and services
  8. Manage orders and invoices, process payments and other financial monitoring
  9. Manage service environments for user orientation and to enable interaction between users and KPA Unicon Group Oy

The legal grounds for the processing of personal data in accordance with the above is a legitimate interest, i.e. KPA Unicon Group Oy’s legitimate and business-related interest to process your personal data in a way that, in our opinion, does not conflict with your rights and freedoms to privacy.

Potential customers

KPA Unicon Group Oy processes potential customers at a company level, never at a level of personal data. Our cookie policy is available on a separate information page on our website.


If you are a job seeker, we process your personal data in order to assess your opportunities to work for KPA Unicon Group Oy. The legal grounds for data processing for these purposes are legitimate interests.

Collection of personal data

Usually, KPA Unicon Group Oy collects personal data directly from you or other persons related to our customers. Such person can be a supervisor or colleague, for instance. If the customer you work for buys KPA Unicon Group Oy’s products or services through a KPA Unicon Group Oy’s business partner, we may collect your data from the partnering company.

We use cookies and other monitoring methods on KPA Unicon Group Oy’s websites and in e-mail-related interactions to optimise the user experience of our websites.

In some cases, we may also collect your data from other sources. These sources can be third parties that collect information, KPA Unicon Group Oy’s marketing partners, public sources or third-party social network services. KPA Unicon Group Oy may combine your personal data obtained from one source with that obtained from another. All sources are described on a separate page regarding our cookie policy on our website.

In addition, KPA Unicon Group Oy and Facebook Ireland are joint controllers of our social networking site. We have agreed on an Controller Addendum with Facebook Ireland ( ) to determine our responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing. We have agreed to provide you with the information stated in this section and agreed that between us and Facebook Ireland, Facebook Ireland is responsible for enabling your rights under Articles 15–20 of the GDPR with regard to the Personal Data stored by Facebook Ireland after the Joint Processing. The contact information for Facebook Ireland and the data protection officer of Facebook Ireland is available on Facebook Ireland’s Data Policy at When you enter our Facebook social networking site through a Facebook link on our website, or visit, like or comment on our Facebook page or Instagram page or follow our Instagram account, we will process your data together in order to collect visitor data. This visitor data is collected for marketing purposes and to improve our Facebook/Instagram pages and services. For more information about how Facebook Ireland processes personal information, including the legal basis to which Facebook Ireland refers and ways to exercise your rights against Facebook Ireland, please read Facebook Ireland’s Privacy Policy at

KPA Unicon Group Oy and LinkedIn Ireland are joint controllers of LinkedIn page. With LinkedIn Ireland, we have agreed on Page Insights Joint Controller Addendum ( to determine our responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing. We have agreed that between us and LinkedIn Ireland, LinkedIn Ireland is obliged to enable you to exercise your rights under the GDPR with respect to your personal data retained by LinkedIn Ireland. The contact information for LinkedIn Ireland and their data protection officer, as well as information on how LinkedIn Ireland processes your personal data, including the means to exercise your rights against LinkedIn Ireland is available on the LinkedIn Ireland Privacy Policy page at When you visit, like or comment our LinkedIn page, we will process your data together to collect visitor information. This visitor data is collected for marketing purposes and to improve our LinkedIn page and services.

Data we process

KPA Unicon Group Oy may process, for example, the following personal data:

  • General contact information, such as, name, address, phone number and e-mail address.
  • Information related to employment relationship, such as, employer, job title, employee status, professional preferences and interests
  • Feedback, comments and questions related to KPA Unicon Group Oy or our products and services
  • Photographs or videos of you that have been recorded in our premises
  • Individual user information, such as, user identifiers, username and password
  • Information related to network traffic provided by your web browser, such as your browser type, device, the language and address of the site from which you entered this site, and other information related to network traffic, such as the IP address that identifies the device connected to the Internet
  • E-mail-related activities, such as, which of the newsletter messages received from KPA Unicon Group Oy you have opened
  • Other personal data related to your profile that you have freely disclosed to third party social networking services such as LinkedIn, etc.

As a controller, KPA Unicon Group Oy does no process sensitive information about you.

Sharing your personal data

Within KPA Unicon Group Oy

KPA Unicon Group Oy consists of several group companies, so it is probable that a customer will cooperate with several companies belonging to the KPA Unicon Group Oy. Providing the best possible customer service and customer experience is important to us.

As a group company, we disclose information to another company in the group in order to stay up-to-date on the relations between our customers and contact persons as well as KPA Unicon Group Oy companies.

Outside the KPA Unicon Group Oy

KPA Unicon Group Oy may also share your personal data with third parties outside the Group in the following situations:

Business partners

KPA Unicon Group Oy may share your personal data with its partners when it is based on a legitimate business interest and complies with data protection laws. This can be the case, for example, when you buy a product or service on behalf of your employer from KPA Unicon Group Oy’s authorised partner. In this case, KPA Unicon Group Oy and its partners can share personal data to be able to provide products or services to the customer.


The police and other authorities may require KPA Unicon Group Oy to disclose personal data. In this case, KPA Unicon Group Oy discloses personal data only on the basis of a court order or other similar basis.

Your rights

Prohibit marketing communications

You can opt out of receiving marketing communications by

  • Following the instructions in the relevant marketing communication on how to stop marketing communications
  • Sending us an e-mail at

Please note that if you opt out of marketing communications, you may still receive KPA Unicon Group Oy’s administrative communications, such as order confirmations and notifications related to the management of your account or the services provided to customers.

Basic rights

You have the right to access your personal data by requesting a summary of the personal data we process about you, and you may also have the right to have the data transmitted provided that the transmission does not adversely affect the rights and freedoms of third parties. You also have the right to request KPA Unicon Group Oy to rectify your personal information.

If you have an account on the KPA Unicon Customer Hub website, you can usually take the corrective and updating measures described above under the section “Contact Information” on your account.

You also have the right to request your personal to be erased, and to limit or object to the processing of your personal data in accordance with this Privacy Statement or other specified terms. It is not always possible to erase personal data on request.

Send your requests for the measures described above to

You have also the right to lodge a complaint with a supervisory authority.

Data protection and data retention

Ensuring the security of your personal data

KPA Unicon Group Oy takes your and our customers trust very seriously. KPA Unicon Group Oy is committed to preventing the unauthorised use, disclosure and other abnormal processing of your personal data. KPA Unicon Group Oy ensures the confidentiality, integrity and availability of the personal data it processes in accordance with data protection laws.

As part of our commitment, we also use reasonable and appropriate organisational, technical and physical procedures and measures to protect the data we collect and process, while taking into account the types of personal data and the risks to you and our customers in relation to infringements. Because invasion of privacy can also often occur within a company, building a strong corporate culture, with a particular emphasis on staff awareness and respect for privacy, is especially important to ensure the lawful processing and protection of your information. The following measures are particularly important in this regard:

Organisational measures

  •  All employees are trained in data protection regulations and how we operate
  • All KPA Unico Group companies must follow the procedures regarding the processing and risk assessment of registered data.
  • Data processing agreements with subcontractors who process data on behalf of KPA Unico

Technical measures

  • Categorising personal data ensures that adequate security measures are in place in accordance with the risk assessment.
  • Assessing the use of encryption and pseudonymisation as risk management factors.
  • Restricting access to personal data to parties and persons who need to process personal data in accordance with legal or service contract obligations.
  • Managing systems that identify, restore, prevent, and report security breaches.
  • Using data protection self-assessments to analyse whether current technical and organisational measures are sufficient to protect personal data, taking into account the requirements of applicable data protection laws.

Physical measures

  • Access to the premises is controlled by access control systems.

How long will we retain your personal data?

KPA Unicon Group Oy retains your personal data only for as long as it is necessary for the purposes for which the personal data are processed also considering the needs related to answering inquiries and solving problems, as well as compliance with legal obligations.

This means that KPA Unicon Group Oy can retain your personal data for a reasonable period of time even after the interaction between KPA Unicon Group Oy and you and our customer has ended. We will erase the collected personal data when it is no longer needed. We may process the data for statistical purposes, in which case the data will be pseudonymised (separating personal data so that it can no longer be attributed to a specific data subject) or anonymised (depersonalising personal data).

Subcontractors and export of personal data

KPA Unicon Group Oy uses subcontractors to process personal data and may, for this reason, export your or its customers’ data outside the EU. These subcontractors are usually cloud service providers or other IT storage service providers.

Where the subcontractors are located outside the EU, KPA Unicon Group Oy will ensure the legal basis for the corresponding international transmission on behalf of you or our customers in accordance with the destination country in question or the EU model contract clauses.

KPA Unicon Group Oy uses a few third parties to support its business processes and provide cloud services. These third parties include, but are not limited to:

  • LeadFeeder (Finland), web analytics
  • Google analytics (United States), web analytics
  • Pipedrive (Estonia, United States), customer relationship management system
  • Microsoft Azure (United States), provider of our technical platforms SaaS

You can always request a summary or more detailed information about KPA Unicon Group Oy’s subcontractors.

Changes to the statement

We will publish an updated statement on our website.

This privacy statement was last updated on 19 November 2020.


Your opinion matters. If you have any comments or questions regarding our privacy statement, concerns regarding data protection or data use that we have not addressed in sufficient detail, or if you suspect that your privacy has been invaded, please contact us at

You can also send a letter to:
KPA Unicon Grup Oy / Yksityisyydensuoja
Myllykatu 12
FI-76100 Pieksämäki, Finland