PRIVACY POLICY AND REGISTER DESCRIPTION

18.6.2025

Register Description in Accordance with Section 10 of the Personal Data Act (523/99)

1. DATA CONTROLLER

RALLA Oy
Petäjätie 5
40700 Jyväskylä

+35850 347 2299

2. CONTACT PERSON FOR REGISTER MATTERS

Vilja Laaksonen
Ralla Oy
+35850 347 2299

3. NAME OF THE REGISTER

Ralla Oy’s Customer Register and RALLA Application Register

4. PURPOSE OF PERSONAL DATA PROCESSING

The purpose of processing is to manage the customer relationship, fulfill the rights and obligations of both the customer and Ralla Oy, and process personal data in accordance with the Personal Data Act for purposes related to providing the RALLA online service.

Personal data may be processed for the following purposes:

  • Customer support
  • Service organization and provision
  • Communication related to the service
  • Customer invoicing
  • Collection and processing of customer feedback and customer satisfaction data
  • Development of the data controller’s business and the improvement of related customer service

Processing tasks may be outsourced to external service providers in accordance with data protection legislation and within the limits it sets.

Additionally, statistics and analysis of data related to the use of the RALLA application.

The processing of data considered sensitive occurs only with the explicit consent of the user customer.

5. DATA CONTENT OF THE REGISTER

The customer register includes information about customers categorized as follows:

  • Contact information of the service user customer (name, email, address, billing information) for contact and invoicing purposes
  • Identification data (username)
  • Customer relationship commencement and termination data
  • Name of the observation tool’s user company, names of users, and usernames.

6. REGULAR DATA SOURCES OF THE REGISTER

The data sources include information collected from the user customer during registration for the services and throughout the customer relationship. The RALLA customer register is formed from data self-entered by the user customer during license purchases and when filling out website forms. Child observation is conducted as part of standard early childhood education or rehabilitation work practices (in accordance with Section 8, Subsection 1, Point 1 of the Personal Data Act), and no personal or identification data concerning children is stored in the observation tool.

7. REGULAR DISCLOSURES OF DATA

Customer data is confidential. Persons processing the data are bound by a duty of confidentiality, which continues after the customer relationship ends. Personal data is disclosed only to authorized authorities based on a specific data request. The user customer/company of the RALLA service is responsible for the maintenance and archiving of the register formed for them.

Should the disclosure of customer register data outside Ralla Oy become necessary, appropriate consent will be requested from customers in advance. Customer data will not be disclosed outside the European Union or the European Economic Area.

8. DATA DELETION

Data may be deleted at the user customer’s request or due to the termination of the customer relationship. Furthermore, data may need to be deleted as a result of monitoring if the customer misuses the service or engages in criminal activity through the service, etc.

If incorrect, unnecessary, incomplete, or outdated data is found in the register for processing purposes, an authorized employee will correct it either on their own initiative or at the request of the data subject (Personal Data Act Section 29).

9. PRINCIPLES OF REGISTER PROTECTION

Personal data is kept confidential. Ralla Oy’s data network and the hardware where the register is located are protected by a firewall and other technical measures.

Access to digital material is restricted to authorized employees using their personal usernames and passwords. Access rights are tiered, and each user is granted sufficient but as limited access as possible for performing their duties. The data resides on the data controller’s or their subcontractor’s closed network, which is protected by a firewall. The data retention period is determined by the duration of the user customer’s customer relationship.

10. RIGHT TO OBJECT

The user customer has the right to prohibit the disclosure and processing of their data for direct advertising, distance selling, and other direct marketing purposes.

11. RIGHT TO RECTIFICATION

The data subject may request the correction of data from the register’s contact person or responsible person. If the request is not granted, the register’s contact person or responsible person will provide the data subject with a written certificate stating the reasons why the request was not accepted. The data subject may refer the matter to the Data Protection Ombudsman.

12. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING

The privacy policy is available on RALLA Oy’s website: www.ralla.fi