Privacy and register description
Privacy and register description 15.4.2020
Register description in accordance with Section 10 of the Personal Data Act (523/99)
RALLA Oy Säynäsentie 607 44440 Rautalampi tel. +358405689206
- PERSON DEALING WITH REGISTER MATTERS
Tiina Lautamo, Ralla Ltd. tel. +358405689206
- NAME OF THE REGISTER
Ralla Oy's Customer Register and RALLA Application Register
- PURPOSE OF PROCESSING PERSONAL DATA
The purpose of the processing is to manage the customer relationship, to implement the rights and obligations of the customer and Ralla Oy, and to process personal data in accordance with the Personal Data Act for purposes related to the production of the RALLA online service.
Personal data may be processed for the following purposes:
- Customer advice.
- Organization and implementation of the service.
- Communication related to the service.
- Customer invoicing.
- Collection and processing of customer feedback and customer satisfaction data.
- Development of the controller's business and related customer service development.
- Processing tasks may be outsourced to external service providers in accordance with and within the limits set by data protection legislation.
- The statistics and analysis of data related to the use of the RALLA application.
- The processing of information deemed sensitive is only carried out with the express consent of the user customer.
- DATA CONTENT OF THE REGISTER
The customer register contains information about customers according to the following grouping:
- Contact information (name, email, address) of the user customer of the service for contact
- Identification information (user ID)
- Customer relationship start and end information
The RALLA application register contains information about customers according to the following grouping:
- The name, user names, and user IDs of the application user company.
- Child's name and date of birth (month and year).
- Content produced by the registered user itself, such as observation data on the child.
- REGULAR DATA SOURCES IN THE REGISTER
The data source is the data collected from the user customer during the registration of the services as a customer and during the customer relationship. The RALLA application register is created in connection with the use of the RALLA application as data on the child stored by the user customer. The child's observation takes place mainly as part of the normal working practice in early childhood education and care or rehabilitation (taking into account Section 8(1)(1) of the Personal Data Act).
- REGULAR DISCLOSURES
RALLA application information is confidential. Persons processing the data are subject to confidentiality, which continues after the customer relationship has ended. Personal data is disclosed only to the authorities entitled to it on the basis of a specific request for information. The user customer/company of the RALLA service is responsible for maintaining and archiving the register formed for them. If the disclosure of customer register data outside Ralla Oy becomes topical, customers will be asked for appropriate consent in advance. Customer data will not be disclosed outside the European Union or the European Economic Area.
- DELETION OF DATA
The data can be deleted from the user customer’s requirement or because the customer relationship has ended. In addition, the data may need to be deleted as a result of supervision if the customer misuses the service or engages in criminal activities, etc. through the service.
If incorrect, unnecessary, incomplete or outdated data is detected in the register, the employee with access will correct it either on his own initiative or at the request of the data subject (Section 29 of the Personal Data Act).
- PRINCIPLES OF REGISTRY PROTECTION
Personal data is kept confidential. Ralla Oy’s data network and the equipment on which the register is located are protected by a firewall and other technical measures such as cryptic devices.
Digital material can only be accessed with the personal username and password of the employee entitled to it. There are different levels of access, and each user is given a sufficient, but limited, license to complete the task. The data is located in a closed network of the controller or his subcontractor, which is protected by a firewall.
The retention period of the data depends on the duration of the customer relationship with the user customer. at the end of the customer relationship, the user customer is responsible for archiving the customer data that he or she has recorded in the RALLA application register. The outdated data in the RALLA application will be destroyed securely within six months of the end of the customer relationship.
- RIGHT OF PROHIBITION
The user customer has the right to prohibit the disclosure and processing of his/her data for the purposes of direct advertising, distance selling and other direct marketing.
- RIGHT TO DEMAND CORRECTION OF DATA
The data subject may request that the data be corrected from the contact person of the register or from the person responsible for the register. If the request is not accepted, the contact person in the register or the person responsible for the register will provide the data subject with a written certificate, indicating also the reasons for not accepting the claim. The data subject may refer the matter to the Data Protection Ombudsman.
12 OTHER RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA