Legal

GDPR Compliance

How Roof Nexus protects your data rights under the General Data Protection Regulation.

Last updated: January 1, 2026

Our Commitment to GDPR

Roof Nexus is committed to protecting the privacy and security of personal data. We comply with the General Data Protection Regulation (GDPR) and provide robust data protection for all users, regardless of location.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity: Processing necessary to fulfill our service agreements
  • Legitimate interests: Processing for our business operations where it doesn't override your rights
  • Consent: Where you have given explicit consent for specific processing
  • Legal compliance: Processing required to comply with legal obligations

Data Protection Measures

We implement appropriate technical and organizational measures to ensure security of personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • For the duration of our business relationship
  • As required by applicable laws and regulations
  • For the establishment, exercise, or defense of legal claims

Sub-processors

We use carefully selected sub-processors to help deliver our services. All sub-processors are bound by data processing agreements that ensure GDPR compliance. A list of our sub-processors is available upon request.

Data Protection Officer

For questions about our GDPR compliance or to exercise your rights, please contact our Data Protection Officer:

Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. We encourage you to contact us first so we can address your concerns.

Updates to This Policy

We may update this GDPR compliance information from time to time. We will notify you of any material changes by posting the new information on this page and updating the "Last updated" date.