Privacy Policy
EU General Data Protection Regulation (GDPR, 2016/679) & Finnish Data Protection Act (1050/2018)
Effective from 18 April 2025
1. Data controller
Kattolaskin.fi
Email:
tietosuoja@kattolaskin.fi
The data controller is responsible for the processing of personal data as described in this policy.
2. Personal data collected
We process the following data:
| Data | Source |
|---|---|
| Property address and postal code | Form |
| Roof material and pitch | Form |
| Estimated roof area | Map analysis |
| First name and surname | Form |
| Phone number | Form |
| Email address | Form |
| Preferred contact time | Form |
| Location coordinates (lat/lng) | Map service (OpenStreetMap / Nominatim) |
| Project status and timestamp | Service system |
| Review (stars and text, optional) | Review form |
We do not collect sensitive personal data (e.g. health information, religion, political beliefs).
3. Purposes and legal basis for processing
a) Delivery of the service
We process data to calculate a price estimate and forward it to the selected contractor to arrange an assessment visit.
Legal basis: Performance of a contract — the data subject has requested the service (GDPR Art. 6(1)(b)).
b) Transfer of data to the contractor
When the data subject selects a contractor and requests a site visit, we transfer name, phone, email, address and roof details to that contractor. The contractor is an independent data controller for the data they receive.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
c) Business development and partner activity
We may use anonymised or pseudonymised data to improve the service, and share aggregated market data with partners. Individual personal data may be shared with roofing and renovation businesses only with the explicit consent of the data subject.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — funding and development of the service. The data subject has the right to object to this processing (see section 8).
d) Service communications
We send project status updates by email and, once the project is completed, a request to leave a review of the contractor.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — ensuring the quality of the service.
4. Retention periods
- Lead data: 3 years from project closure.
- Review data: retained for as long as the contractor is active on the service.
- Cancelled or uncontacted enquiries: 12 months.
After these periods, data is automatically deleted or anonymised.
5. Recipients of personal data
- Selected contractor — receives the data transferred at the time of the site visit request.
- Technical service provider — server and database services (within the EU/EEA).
- Email service provider — for delivery of automated emails (data processing agreement in place).
- Map services — address and building data is retrieved from OpenStreetMap's Nominatim and Overpass APIs. Only address and coordinate data is shared with these services.
Data is not transferred outside the EU/EEA without appropriate safeguards (standard contractual clauses or equivalent).
6. Automated decision-making
The service automatically calculates a price estimate and uses an algorithm to select suitable contractors in the area based on postal code and service area settings. This does not constitute automated individual decision-making within the meaning of GDPR Art. 22 — the data subject always has the option to choose or decline the suggested contractor.
7. Cookies and tracking
The service uses session cookies and a language preference cookie. These are technically necessary for the service to function and cannot be disabled while using the service. We do not use tracking cookies, third-party analytics tools, or advertising networks.
8. Rights of the data subject
You have the right to:
- Access your data — request a copy of the personal data we hold about you.
- Rectify your data — request correction of inaccurate or incomplete data.
- Request erasure — the "right to be forgotten", unless there is another lawful basis for processing.
- Restrict processing — request that processing be restricted in certain circumstances.
- Data portability — receive your data in a machine-readable format.
- Object to processing — in particular for processing based on legitimate interest (sections 3c and 3d).
Submit requests in writing to tietosuoja@kattolaskin.fi . We will respond within 30 days in accordance with the GDPR.
9. Right to lodge a complaint
You have the right to lodge a complaint with the Finnish Data Protection Ombudsman if you believe your personal data has been processed unlawfully.
tietosuoja.fi — tel. 029 566 6700
10. Changes to this privacy policy
We update this policy as necessary. We will notify registered users by email of any significant changes. The current version of this policy is always available on this page.