Privacy Policy

Updated: November 23, 2024

Controller: Rouhia Oy
Business ID: 2722150-8
Address: Kimalaispolku 7, 04410 Järvenpää, Finland
Phone: 040 5370375
Contact Person for Register Matters: Kari Savolainen
Postal Address: Emalitehtaankatu 2, 04410 Järvenpää, Finland
Phone Number: 040 5370375
Email: info@reactored.com

1. What types of data do we collect and why?

Purpose:
To provide our services and fulfill the contract made with you, the purpose of maintaining the register is to process personal data related to the use of the Reactored service (“Service”) by the user (“User”) under a contract, including any activities included in the Service at any time. The Service functions as a web-based tool for teachers and students to develop and teach language skills. Personal data provided by the User in the Service can be used for the following purposes:

Registering the User to the Service and maintaining the User’s profile within the Service
Fulfilling the contract, producing, offering, developing, improving, and protecting the service
Personalizing the Service for the User
Analysis and statistics related to the Service
Electronic direct marketing in accordance with personal data law and electronic communication data protection law (only with registered separate consent)
Prevention and investigation of misuse
Protecting the rights and/or property related to the Service

*Compulsory information required at registration includes username, email address, and password.

To enable a personalized learning experience, the Service may automatically collect certain information about the learner’s activities in the form of statistics, such as time spent studying, learning sessions, learning outcomes, and emphasis on learning style.

Legitimate Grounds for Processing:
Reactored processes your personal data to fulfill contractual obligations towards you and the Customer, and to comply with legal obligations. Additionally, we process your personal data to promote our legitimate interests in maintaining and developing our business.

2. How long do we store your data?

We store your personal data only as long as necessary for the purposes defined in this privacy policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or other statutory requirements). No purpose of this policy requires that we keep your personal data longer than the period during which the user account is active.

If we no longer have a legitimate business need to process your personal data, we will delete them or make them technically unrecognizable if deletion is not possible (for example, if personal data are stored in backup archives), we will securely store them and isolate them from further processing until deletion is possible. Backups are automatically deleted from our information systems in a 30-day cycle from the date of the backup.

3. Content of the Register

The register may contain the following information:

Contact details, such as name and/or email address
Registration details, such as username, password, or other possible unique identifier
User’s nickname or pseudonym
Feedback from and given by the user on the learning materials

4. Sources of Personal Data

We primarily collect personal data directly from the registrant when they register to the Service. Data can be obtained during the use of the Service through cookies or similar technologies. If the User uses an external third-party service to register or log into the Service, personal data may be collected according to the terms and privacy settings of that external service (such as username and email address).

4.1 Cookies

We use cookies to ensure the basic functionalities of our services, including user sign-in and Single Sign-On (SSO) functionalities with Microsoft and Google accounts. These cookies are essential for maintaining your session and facilitating the authentication process, which helps enhance security and user convenience.

In addition to authentication cookies, our site utilizes Google’s reCAPTCHA to protect against automated abuse and spam and includes the capability to share YouTube videos. Embedding YouTube videos can result in additional cookies being loaded by Google to track user behavior and preferences, enhance user experience, and manage ad displays. The use of YouTube on our site is subject to Google’s Privacy Policy and Terms of Use.

Please be aware that by interacting with YouTube videos on our site, you may be consenting to the processing of your data by Google, as detailed in their privacy policies. This could include the collection of your IP address, details about your device, and your interactions with the video content.

Reactored’s learning environment does not use third-party cookies for tracking, performance monitoring, targeted marketing, or for storing user-specific preferences such as language settings.

You can configure your browser settings to reject cookies or to alert you when cookies are being used. However, disabling cookies might impact the functionality of the sign-in processes, SSO, reCAPTCHA, and the YouTube video features, potentially preventing you from fully utilizing our services.

For more information on how to manage cookies, you can visit the National Cyber Security Centre’s website www.allaboutcookies.org.

5. Routine Disclosure or Transfer of Personal Data

Data provided by the User in the Service may be transferred to the following parties:

Other users of the Service within the limits of usage rights, e.g., the school’s teacher, the institution’s IT management.
Service providers involved in the implementation of the Service
Authorities in the case that the law or the interests of the controller or a third party require it
Subsidiaries and affiliates of the controller, or the new owner or part-owner or operator of the Service and their advisors in the context of a corporate acquisition or arrangement.
Data may also be transferred to third parties in a form that does not allow individual Users to be identified, in which case it is not a transfer of personal data.

6. Transfer of Data Outside the EU or EEA

Personal data are primarily processed and stored within the EU or EEA. However, the servers used for Reactored’s services and the storage of data are located in Switzerland, in the Zurich area on Google’s servers, which is necessary for technical implementation. Switzerland is recognized by the European Commission as a country providing an adequate level of data protection, and therefore the transfer of personal data from the EU to Switzerland is considered secure. In such cases, we ensure before transferring data that data protection is adequately secured and that the data processing complies with the requirements set by the GDPR. Possible data that can be transferred include names, company names, and email addresses. Rouhia Oy may disclose data contained in the register within the limits and obligations permitted by applicable law. Otherwise, the register’s data is not disclosed to third parties without the customer’s consent. Data may be disclosed, for example, to clarify a suspicious online payment transaction with a payment intermediary. We use Google Cloud services for our services, whose data processing and data protection terms comply with the current data protection legislation under the GDPR. For more information: Google Cloud data processing terms and decision on the adequacy of data protection.

7. Register Security & Data Protection

We respect the confidentiality of your personal data. Your personal data are processed in accordance with GDPR requirements. The register is kept in a technically secured information system. Only employees of the controller and the controller’s subcontractor who are absolutely entitled to process personal data due to their work are authorized to handle personal data.

If, despite security measures, data breaches occur that are likely to have negative effects on the privacy of the Service’s users, we will notify the relevant individuals and other stakeholders as well as the relevant authorities promptly, as required by applicable data protection legislation.

8. Rights of the Registered

The User has the right to check their own data, to require correction of incorrect data or supplementation of incomplete data. The request for inspection must be submitted in writing and signed to the person responsible for registry matters mentioned in this register description. The controller responds to the customer within the time specified in the EU General Data Protection Regulation (usually within one month). We may require you to prove your identity to fulfill your information request. A fee based on the price list will be charged for providing the information if less than one year has passed since the User last checked the register data.

Right to request correction of data: you can update your own basic information through settings by logging into the service. If necessary, a correction request can also be conveyed through customer service found on our website. If the correction is made in a way other than directly through our service, the customer must present the necessary basic information so that the customer can be reliably identified. Necessary information includes, for example, name, address, phone, email, and username.

Right to grant or withdraw consent: if we process your personal data based on your consent, you have the right to grant a new consent or withdraw your previously given consent at any time.

Right to be forgotten: you have the right to request us to delete your stored personal data if 1) the data are no longer needed for the original collection purpose 2) you withdraw your consent/contract, and the data processed based on that are deleted 3) your data have been processed unlawfully 4) personal data must be deleted to comply with a statutory obligation applicable to the controller 5) personal data were collected in the context of offering information society services directly to a child.

Right to object to data processing: you may have the opportunity to object to the processing of your personal data when processing is performed for the execution of a task carried out for public interest or for our legitimate interests.

Right to restriction of processing: you may have the opportunity to restrict the processing of your data in accordance with Article 18 of the GDPR.

Right to data portability: you have the right to receive the data you have provided in a structured, commonly used, and machine-readable format and to transfer them to another controller if the data are processed based on consent or contract.

Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR. Contact details can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

9. Changes to Privacy Policy

Rouhia Oy may change privacy practices by updating this document. We will notify users of changes on the www.reactored.com website in the privacy policy/privacy policy section. Please visit the website regularly to obtain information about possible changes.

If changing the terms brings about changes that have a significant adverse effect on the user, Rouhia Oy will notify you when you start using the service the next time. Continuing to use the Service means that the user has accepted the modified terms.

10. Use of AI in Our Services

In Short: We use OpenAI’s API to enhance our services and provide advanced functionalities such as tailored language learning experiences and interactive conversational practices.

Use of AI: OpenAI’s technology is dynamically used to generate educational content and support conversational simulations that are tailored based on user activity. The AI processes responses received during conversational tasks in real-time to form contextually appropriate follow-up responses.

Data Processing: OpenAI does not store or use personal data. All processed data are anonymous and are used only for maintaining the immediate conversation and are not permanently stored.

Legal Basis: User consent, which is given at the time of service activation and can be withdrawn at any time.

User Rights: Users have the right to be informed about the decisions made by the AI, to request human intervention, to express their views, and to contest the decisions made by the AI.

Data Management: If you have concerns about the data processed, you can contact us for reviewing, restricting, or deleting your data. We are committed to ensuring that data are accessible and can be deleted in compliance with GDPR.

Updates to AI Use: We regularly update practices related to the use of AI and notify changes in the service’s privacy notice.