KotiApp Privacy Statement

Valid as of 19 May 2020

In this privacy statement, we explain how we collect, process, hand over and protect your personal data in connection with the KotiApp service. The term “personal data” refers to any and all information regarding an identified or identifiable natural person, i.e. you. Such data includes your name, address and phone number, for example. We also explain your rights as the data subject.

When processing personal data, Raksystems follows the General Data Protection Regulation and other applicable data protection legislation.

For more information on how we process your personal data, please see below. We have divided the information under subheadings so that you can easily find what you are looking for. If you have any questions that are not answered here, please feel free to contact us.

Who is the data controller?

Raksystems Insinööritoimisto Oy (business ID 0905045-0)

Vetotie 3 A
FI-01610 Vantaa, Finland
Tel. +358 30 670 5500

Contact information in all matters concerning the register

Tel. +358 30 670 5500

Purpose of the processing of personal data

The service includes personal data of registered KotiApp users and data pertaining to buildings or apartments owned or managed by them.

The personal data may be processed for the following purposes:

  • To manage the registered users’ data, such as name, address and contact information, for the management and use of the service.
  • To manage and produce recommendations for the service users.
  • For statistical purposes.
  • To market services and products of the data controller or the data controller’s cooperation partners.
  • To develop the data controller’s business and related customer service.
  • To manage and develop customer relations.
  • To monitor, analyse and profile interests and service-related choices and wishes of the registered users, as well as to develop related customer service.
  • We also process your personal data when carrying out surveys and collecting feedback, as well as when utilising, processing and publishing the obtained information. We may publish or utilise your feedback on our website, in newsletters, marketing, social media, internal training and the development of our operations. When collecting feedback, we will always notify you if your answers will be anonymously processed or the feedback will not be published.

What is the justification for Raksystems to process my personal data?

We process your personal data on the basis of one of the following:

  • Your KotiApp agreement
  • Your consent (e.g. direct marketing in electronic format); in such a case, you have the right to withdraw your consent at any time
  • Our legitimate rights (e.g. statistics and assignment of your personal data within our Group)
  • Statutory obligations we must meet as a company (e.g. retaining your invoicing details for accounting purposes, which is mandatory by law, or fulfilling requests by authorities based on legislation)

To which target groups does the registration apply?

We register personal data for the following target groups:

  • KotiApp service’s users (our customers) and their agents (if any)

Which pieces of personal data does Raksystems process?

We only process your personal data to the extent required.

We may collect the following information about you:

  • Name and contact details (postal address, email, telephone number), date of birth/age and service language
  • User ID, password, invoicing details and user history data
  • Details of an authorised person or agent (if such information has been provided)
  • Site information (information about a building/apartment, such as the number of storeys, year of construction and location) and maintenance history (such as maintenance actions performed)
  • Your consent to electronic direct marketing by email, SMS or another automatic method and the sending of our newsletter, any revoking of these consents and any refusal of direct marketing or telemarketing by the data controller or a third party
  • Data saved from registers maintained by third parties based on your consent
  • Your announced interests and other information
  • Information related to service satisfaction and your comments on the data controller’s services
  • Background information for statistical purposes and for the provision of our services when you fill out a feedback form or questionnaire, such as time of ownership and number of people living in the same household
  • Purchase and cancellation information
  • Contact history
  • Any other information or attachments provided by you, including images; the home folder my contain images uploaded by you, notes and contact details
  • Data from any sensors connected to the service

What are the main data sources used by Raksystems?

As a general rule, we receive information from you, based on your specific consent or from registers of third parties in a way to which you contribute.

In connetion with the KotiApp service, Raksystems’ main data source is your KotiApp order and related information.

What is the Raksystems policy regarding the regular assignment of information and transferring information to outside the EU or the EEA?

We will not hand over or transfer any of your personal data to outside the EU/EEA, unless it is absolutely necessary to perform customer service and meet our statutory obligations, in which case we will follow the Finnish legislation, EU regulations on data transfer and other applicable rules. 

Please note, however, that some of our cooperation partners will process your personal data outside the EU (such as Google and Facebook in the United States of America, in which case the assignment of your data is protected by the EU-US Privacy Shield).

We will assign and transfer your information within the Raksystems Group when it is necessary for the processing of your personal data, to perform surveys or assignments, to manage or process your customer relationship or complaints, to enable invoicing, or if the assignment of your data is based on compliance with statutory obligations. Furthermore, we will assign and transfer your data within the Raksystems Group when offering or marketing our services and the services of our cooperation partners, during cooperation and when providing the Raksystems newsletter service.

We will only hand over your data to third parties based on your consent or based on a separate regulation on the assignment of data, in connection with a corporate acquisition or corporate restructuring, or if the assignment of your data is necessary to enable invoicing or debt collection. For example, the Finnish Tax Administration has the right to receive your data under certain circumstances. Your customer information will also be processed by our service providers and cooperation partners based on an assignment from us. Such subcontractors include IT service providers that handle the technical maintenance of systems or process feedback. For example, our cooperation partner will process any necessary data for a Vuotovahti (Leak Detector) service connected to the KotiApp, such as your phone number. Whenever your personal data is being processed on our behalf, the cooperation partner is bound by a confidentiality obligation, and the partner does not have the right to assign your information to any third parties or use the data for any other purpose than the completion of our assignment.

Who in Raksystems will process my personal data?

Your personal data will be processed by our employees and the employees of our cooperation partners whose work duties require the processing of the data. For example, the information and replies you have provided on survey or feedback forms will be processed as necessary by us and our cooperation partner. The persons processing your personal data are bound by a confidentiality obligation.

The KotiApp service may include links to the websites of other companies or services with separate privacy policies. We recommend that you study the privacy policy practices of such third parties.

How long will Raksystems retain my personal data?

Raksystems will delete all of your personal data from the service within a reasonable time after the cancellation of the service. You will be obligated to delete and save elsewhere any images and information other than personal data you have saved in the service, or separately request us to delete this information when cancelling the service. Raksystems has the right to retain after the cancellation of the service information on the structures and systems of your building/apartment and any information about the building/apartment that is publicly available.

What are Raksystems’ register protection principles?

We mostly use electronic registers. Your data is saved in a protected data system of a third party, which is physically located in the EU/EEA. Raksystems uses appropriate protection when processing personal data. Hence, your personal data is protected in case of loss, abuse, assignment, modification and destruction of data. 

The servers used to process your data are located in locked premises protected with access control systems. Unauthorised access is also prevented by means of firewalls, technical protection methods and password protection. Physical access to the data is prevented by means of the access control systems and other security measures. Only people who need your personal data when providing our services and taking care of their work duties have access to your personal data. The users are bound by a confidentiality obligation. Only people whose work duties involve the processing of personal data have the right to modify the register.

What are my rights as the data subject?

You have the following rights:

  • The right to request from us access to and rectification or deletion of your personal data or a restriction of the processing of the data, or to object to the processing of the data, as well as the right to transfer the data to another system.
  • If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. However, such a withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Review your personal data and have any incorrect or erroneous data rectified without undue delay. In such a case, please submit your request to us in writing.
  • The right to have your personal data deleted when the data is no longer needed for the purpose for which it was collected or for which it was being processed.
  • The right to lodge a complaint on the processing of your personal data with a supervisory authority.

You have the right to lodge a complaint with a supervisory authority

If you are of the opinion that we have not processed your personal data in accordance with the data protection regulations, you can lodge a complaint with the supervisory authority in the EU member state in which you have a permanent domicile or place of work, or in which you consider the violation to have taken place. In Finland, the supervisory authority is the Data Protection Ombudsman.

Office of the Data Protection Ombudsman

Street address:
Ratapihantie 9, 6th floor
FI-00520 Helsinki, Finland

Postal address:
PO Box 800
FI-00521 Helsinki, Finland

Telephone (exchange): +358 29 56 66700
Fax: +358 9 56 66735
Email: tietosuoja@om.fi