Business ID: 0150703-0
Tel. 03 375 9111
Name of the database
Katepal Oy’s offer request database.
Purpose of handling personal data
Katepal Oy saves and handles their client’s personal data according to the EU’s General Data Protection Regulation (GDPR 2016/679) and the current Finnish Personal Data Act (523/1999).
The database description and policy is about the handling of personal data from individuals who have given their contact information to the data controller through Katepal’s “Request an offer” form so they can be contacted. You can leave an offer request concerning a roof renovation or roof materials with the form.
The data controller will handle the client’s personal data for the following purposes: contacting the client to offer services and to handle and improve the client relationship.
When handling and planning how we handle the personal data, we use proper data privacy policies, such as minimisation, pseudonymisation and anonymisation of data if at all possible.
The data contained in the database
The data that is gathered from clients and saved includes the following: location address, locality, site name, attachment, name, phone number and email address.
We retain your personal data only for the time needed to complete the uses described in this data protection policy.
Sources of data
The customer sends us their data with the “Request an offer” form and is thus responsible for the validity of their data.
Regular disclosure of data
The offer request will be kept for further handling and the data the request contains can be disclosed to a third party (contractors and retailers chosen by Katepal) in order to offer the services requested with the form. All partners abide by the requirements of the EU General Data Protection Regulation (GDPR) and other legislation.
Transferral of data in the database outside the EU or EEA
The data in the database is not transferred outside the EU or EEA.
Principles of protection for the database
Katepal Oy stores its client data in Finland. The data security of the data hall and the systems, as well as the processes, is high-class. Servers are protected against intrusion attacks and denial-of-service attacks.
The data can only be accessed by the data controller and people who are specifically appointed for it. Only people who have been appointed have the right to handle and maintain the database. The data is backed up safely and can be restored if needed. The data security of the database and the confidentiality of the personal data are ensured using the proper technical and administrative procedures.
Rights of the data subject
The data subject can ask to see their personal data and to request the correction, deletion or partial handling of the data. They also have the right to object to the handling of the data and transfer of the data into another system. The request must be made to the data controller in writing and it must be signed. The data subject’s identity must be identifiable. The data controller will deliver the data to the data subject in writing within 30 days of receiving the review request.
The data subject has the right to be forgotten on request (this means the data will be deleted). The right to be forgotten cannot be applied to the data when the customer relationship is active or during a contract. In practise, this means a period of seven years from the last interaction.
The data subject can ask for the data saved into the system by contacting our customer service: firstname.lastname@example.org.