Privacy and Registry Statement
Register Description in accordance with Section 10 of the Personal Data Act (523/99)
1. THE REGISTRAR
RALLA Oy Säynäsentie 607 44440 Rautalampi tel. +358405689206
2. PERSON RESPONSIBLE FOR REGISTRATION
3. NAME OF THE REGISTER
Ralla Oy's Customer Register and RALLA Application Register
4. PURPOSE OF THE PROCESSING OF PERSONAL DATA
The purpose of the processing is to manage the customer relationship, to implement the rights and obligations of the customer and Ralla Oy, and to process personal data in accordance with the Personal Data Act for purposes related to the provision of the RALLA online service.
Personal data may be processed for the following purposes:
Organization and implementation of the service.
Communication related to the service.
Collection and processing of customer feedback and customer satisfaction data.
Registrar business development and related customer service evolution.
Processing tasks can be outsourced to external service providers in accordance with and within the limits set by data protection law.
In addition, statistics and analysis of data related to the use of the RALLA application.
- The processing of data considered sensitive will only take place with the express consent of the user customer.
5. INFORMATION CONTENT OF THE REGISTER
The customer register contains information on customers according to the following grouping:
- Contact information (name, e-mail, address) of the service user for
- Credentials (username)
- Customer relationship start and end information
The RALLA application register contains information about customers according to the following grouping:
- The application company name, user names, and user IDs of the application.
- Name and date of birth of the child (month and year).
- Content produced by the registered user himself, such as observation data about the child.
6. REGULAR SOURCES OF INFORMATION IN THE REGISTER
The source of information is the information collected from the user customer in connection with the registration of the services as a customer and during the customer relationship. The RALLA application register is created in connection with the use of the RALLA application as information about the child stored by the user customer. The observation of a child takes place mainly as part of normal work practice in early childhood education or rehabilitation (taking into account section 8 (1) (1) of the Personal Data Act).
7. REGULAR DISCLOSURES
The information in the RALLA application is confidential. Persons handling the data are bound by professional secrecy, which continues after the end of the customer relationship. Personal data will only be disclosed to authorized authorities on the basis of an identified request for information. The user customer / company of the RALLA service is responsible for the maintenance and archiving of the register created for them.
If the disclosure of customer register information outside Ralla Oy becomes topical, Customers will be asked for appropriate prior consent. Customer data will not be disclosed outside the European Union or the European Economic Area.
8. DELETING DATA
The data may be deleted at the request of the user customer or due to the termination of the customer relationship. In addition, the data may have to be deleted as a result of supervision if the customer misuses the service or engages in criminal activities, etc. with the help of the service.
If incorrect, unnecessary, incomplete or outdated information is found in the register for processing, the employee with access rights shall correct it either on his or her own initiative or at the request of the data subject (Section 29 of the Personal Data Act).
9. PRINCIPLES OF REGISTER SECURITY
Personal information will be kept confidential. Ralla Oy's information network and the equipment on which the register is located are protected by a firewall and other technical measures such as encryption.
Access to digital material is only possible with the personal username and password of the authorized employee. There are different levels of access and each user is given sufficient access to the task, but as limited as possible. The data is located in a closed network of the controller or his subcontractor, which is protected by a firewall.
The data retention period is determined by the duration of the customer relationship of the user customer. At the end of the customer relationship, the user customer takes care of the archiving of the customer data entered in the RALLA application register. Outdated data in the RALLA application will be destroyed securely within six months of the end of the customer relationship.
10. RIGHT OF PROHIBITION
The user customer has the right to prohibit the disclosure and processing of his data for direct advertising, distance selling and other direct marketing.
11. RIGHT TO REQUEST CORRECTION OF INFORMATION
The data subject may request the correction of the information from the contact person of the register or the person in charge of the register. If the request is not granted, the contact person of the registry or the person in charge of the registry shall provide the data subject with a written certificate stating the reasons why the request has not been accepted. The data subject may refer the matter to the Data Protection Officer.
12 OTHER RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA
The data protection statement is available on RALLA Oy's website: www.ralla.fi and kauppa.ralla.fi.