RALLA Privacy Policy
Privacy policy and customer register description 31.5.2022
1. INTRODUCTION
We are RALLA learning, expertise, and research, Inc. RALLA’s mission is to create an environment where children can participate and become active agents in their everyday lives. To accomplish this goal, it is essential that our working platforms, ralla.fi, ralla.vuolearning.fi and especially rallachild.com, are safe places for teachers and therapists to learn more about how to promote inclusion and participation for every child and document their observations of children’s skills. It is important to us that parents or guardians and administrators are in control over how information is shared.
This Terms of Service governs your use of our websites located at ralla.fi, the rallachild.com and ralla.vuolearning.fi.
RALLA takes protecting your security and privacy seriously and we've put a number of measures in place to protect the integrity of your information based on The General Data Protection Regulation of EU (GDBR). For more information, see the GDPR, located at https://gdpr.eu/data-protection-impact-assessment-template/. Register description is in accordance with the Personal Data Act (523/99)
In addition data collected by rallachild.com includes child’s data from skill observations of teachers, therapists or parents that are subject to the Family Educational Rights and Privacy Act, “FERPA”, including children’s names, gender and age. To the extent that Student Data includes FERPA Records, you designate RALLA as a "organizations official" (as that term is used in FERPA and its implementing regulations) under the direct control of the school with regard to the use and maintenance of the FERPA Records and RALLA agrees to comply with FERPA.
2. CONTROLLER OF THE DATA
RALLA Oy Säynäsentie 607 44440 Rautalampi tel. +358405689206
3. PERSON DEALING WITH REGISTER MATTERS
Tiina Lautamo, Ralla Ltd. tel. +358405689206
4. NAME OF THE DATA REGISTERS
Ralla Oy's Customer Register in ralla.fi and ralla.vuolearning.fi and RALLA Application Register in rallachild.com
5. PURPOSE OF PROCESSING CUSTOMER DATA
The purpose of the processing is to manage the customer relationship, to implement the rights and obligations of the customer and Ralla Oy, and to process personal data in accordance with the Personal Data Act in Finland for purposes related to the production of the RALLA customer service and in learning platform.
Personal data may be processed for the following purposes:
- Customer advice.
- Organization and implementation of the service.
- Communication related to the service.
- Customer invoicing.
- Collection and processing of customer feedback and customer satisfaction data.
- Development of the controller's business and related customer service development.
- Processing tasks may be outsourced to external service providers in accordance with and within the limits set by data protection legislation.
6. PURPOSE OF PROCESSING CHILD'S DATA
RALLA skill assessment observation tools are located in website in address rallachild.com/eng (English version). The purpose of the application is to provide research based analyzing opportunity for teachers and therapists to document and plan pedagogical measures to support individual child's skill learning and applying information in goal setting. Using RALLA tools in regular assessment professionals can follow the skill learning process of the child and determine specific learning challenges for more accurate interventions.
7. DATA CONTENT OF THE REGISTER
The customer registers contains information about customers according to the following grouping:
- Contact information (name, email, address) of the user customer of the service for contact
- Identification information (user ID)
- Customer relationship start and end information
The RALLA application register contains information about customers according to the following grouping:
- The name, user names, and user IDs of the application user group, organization or school.
- Child's name, gender and date of birth (month and year).
- Content produced by the registered user itself, such as observation data on the child.
8. REGULAR DATA SOURCES IN THE REGISTER
The data source is the data collected from the user customer during the registration of the services as a customer and during the customer relationship. The RALLA application register is created in connection with the use of the RALLA application as data on the child stored by the user customer. The child's observation takes place mainly as part of the normal working practice in early childhood education and care or rehabilitation (taking into account Section 8(1)(1) of the Personal Data Act).
8. REGULAR DISCLOSURES
RALLA application information is confidential. Persons processing the data are subject to confidentiality, which continues after the customer relationship has ended. Personal data is disclosed only to the authorities entitled to it on the basis of a specific request for information. The user customer/company of the RALLA service is responsible for maintaining and archiving the register formed for them. If the disclosure of customer register data outside Ralla Oy becomes topical, customers will be asked for appropriate consent in advance. Customer data will not be disclosed outside the European Union or the European Economic Area.
9. DELETION OF DATA
The data can be deleted from the user customer’s requirement or because the customer relationship has ended. In addition, the data may need to be deleted as a result of supervision if the customer misuses the service or engages in criminal activities, etc. through the service.
If incorrect, unnecessary, incomplete or outdated data is detected in the register, the employee with access will correct it either on his own initiative or at the request of the data subject (Section 29 of the Personal Data Act).
10. PRINCIPLES OF REGISTRY PROTECTION
Personal data is kept confidential. Ralla Oy’s data network and the equipment on which the register is located are protected by a firewall and other technical measures such as cryptic devices.
Digital material can only be accessed with the personal username and password of the employee entitled to it. There are different levels of access, and each user is given a sufficient, but limited, license to complete the task. The data is located in a closed network of the controller or his subcontractor, which is protected by a firewall.
The retention period of the data depends on the duration of the customer relationship with the user customer. at the end of the customer relationship, the user customer is responsible for archiving the customer data that he or she has recorded in the RALLA application register. The outdated data in the RALLA application will be destroyed securely within six months of the end of the customer relationship.
11. RIGHT OF PROHIBITION
The user customer has the right to prohibit the disclosure and processing of his/her data for the purposes of direct advertising, distance selling and other direct marketing.
12. RIGHT TO DEMAND CORRECTION OF DATA
The data subject may request that the data be corrected from the contact person of the register or from the person responsible for the register. If the request is not accepted, the contact person in the register or the person responsible for the register will provide the data subject with a written certificate, indicating also the reasons for not accepting the claim. The data subject may refer the matter to the Data Protection Ombudsman.
13. OTHER RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA
The privacy policy can be found on RALLA Oy's website: www.ralla.fi