Privacy Policy

Updated: April 23, 2024

Controller: Rouhia Oy
Business ID: 2722150-8
Address: Kimalaispolku 7, 04410 Järvenpää, Finland
Phone: 040 5370375
Contact Person for Register Matters: Kari Savolainen
Postal Address: Emalitehtaankatu 2, 04410 Järvenpää, Finland
Phone Number: 040 5370375
Email: info@reactored.com

1. What types of data do we collect and why?

Purpose:
To provide our services and fulfill the contract made with you, the purpose of maintaining the register is to process personal data related to the use of the Reactored service (“Service”) by the user (“User”) under a contract, including any activities included in the Service at any time. The Service functions as a web-based tool for teachers and students to develop and teach language skills. Personal data provided by the User in the Service can be used for the following purposes:

Registering the User to the Service and maintaining the User’s profile within the Service
Fulfilling the contract, producing, offering, developing, improving, and protecting the service
Personalizing the Service for the User
Analysis and statistics related to the Service
Electronic direct marketing in accordance with personal data law and electronic communication data protection law (only with registered separate consent)
Prevention and investigation of misuse
Protecting the rights and/or property related to the Service

*Compulsory information required at registration includes username, email address, and password.

To enable a personalized learning experience, the Service may automatically collect certain information about the learner’s activities in the form of statistics, such as time spent studying, learning sessions, learning outcomes, and emphasis on learning style.

Legitimate Grounds for Processing:
Reactored processes your personal data to fulfill contractual obligations towards you and the Customer, and to comply with legal obligations. Additionally, we process your personal data to promote our legitimate interests in maintaining and developing our business.

2. How long do we store your data?

We store your personal data only as long as necessary for the purposes defined in this privacy policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or other statutory requirements). No purpose of this policy requires that we keep your personal data longer than the period during which the user account is active.

If we no longer have a legitimate business need to process your personal data, we will delete them or make them technically unrecognizable if deletion is not possible (for example, if personal data are stored in backup archives), we will securely store them and isolate them from further processing until deletion is possible. Backups are automatically deleted from our information systems in a 30-day cycle from the date of the backup.

3. Content of the Register

The register may contain the following information:

Contact details, such as name and/or email address
Registration details, such as username, password, or other possible unique identifier
User’s nickname or pseudonym
Feedback from and given by the user on the learning materials

4. Sources of Personal Data

We primarily collect personal data directly from the registrant when they register to the Service. Data can be obtained during the use of the Service through cookies or similar technologies. If the User uses an external third-party service to register or log into the Service, personal data may be collected according to the terms and privacy settings of that external service (such as username and email address).

4.1 Cookies

We use cookies to ensure the basic functionalities of our services, including user sign-in and Single Sign-On (SSO) functionalities with Microsoft and Google accounts. These cookies are essential for maintaining your session and facilitating the authentication process, which helps enhance security and user convenience.

In addition to authentication cookies, our site utilizes Google’s reCAPTCHA to protect against automated abuse and spam and includes the capability to share YouTube videos. Embedding YouTube videos can result in additional cookies being loaded by Google to track user behavior and preferences, enhance user experience, and manage ad displays. The use of YouTube on our site is subject to Google’s Privacy Policy and Terms of Use.

Please be aware that by interacting with YouTube videos on our site, you may be consenting to the processing of your data by Google, as detailed in their privacy policies. This could include the collection of your IP address, details about your device, and your interactions with the video content.

Reactored’s learning environment does not use third-party cookies for tracking, performance monitoring, targeted marketing, or for storing user-specific preferences such as language settings.

You can configure your browser settings to reject cookies or to alert you when cookies are being used. However, disabling cookies might impact the functionality of the sign-in processes, SSO, reCAPTCHA, and the YouTube video features, potentially preventing you from fully utilizing our services.

For more information on how to manage cookies, you can visit the National Cyber Security Centre’s website www.allaboutcookies.org.

5. Routine Disclosure or Transfer of Personal Data

Data provided by the User in the Service may be transferred to the following parties:

Other users of the Service within the limits of usage rights, e.g., the school’s teacher, the institution’s IT management.
Service providers involved in the implementation of the Service
Authorities in the case that the law or the interests of the controller or a third party require it
Subsidiaries and affiliates of the controller, or the new owner or part-owner or operator of the Service and their advisors in the context of a corporate acquisition or arrangement.
Data may also be transferred to third parties in a form that does not allow individual Users to be identified, in which case it is not a transfer of personal data.

6. Transfer of Data Outside the EU or EEA

Personal data are primarily processed and stored within the EU or EEA. However, the servers used for Reactored’s services and the storage of data are located in Switzerland, in the Zurich area on Google’s servers, which is necessary for technical implementation. Switzerland is recognized by the European Commission as a country providing an adequate level of data protection, and therefore the transfer of personal data from the EU to Switzerland is considered secure. In such cases, we ensure before transferring data that data protection is adequately secured and that the data processing complies with the requirements set by the GDPR. Possible data that can be transferred include names, company names, and email addresses. Rouhia Oy may disclose data contained in the register within the limits and obligations permitted by applicable law. Otherwise, the register’s data is not disclosed to third parties without the customer’s consent. Data may be disclosed, for example, to clarify a suspicious online payment transaction with a payment intermediary. We use Google Cloud services for our services, whose data processing and data protection terms comply with the current data protection legislation under the GDPR. For more information: Google Cloud data processing terms and decision on the adequacy of data protection.

7. Register Security & Data Protection

We respect the confidentiality of your personal data. Your personal data are processed in accordance with GDPR requirements. The register is kept in a technically secured information system. Only employees of the controller and the controller’s subcontractor who are absolutely entitled to process personal data due to their work are authorized to handle personal data.

If, despite security measures, data breaches occur that are likely to have negative effects on the privacy of the Service’s users, we will notify the relevant individuals and other stakeholders as well as the relevant authorities promptly, as required by applicable data protection legislation.

8. Rights of the Registered

The User has the right to check their own data, to require correction of incorrect data or supplementation of incomplete data. The request for inspection must be submitted in writing and signed to the person responsible for registry matters mentioned in this register description. The controller responds to the customer within the time specified in the EU General Data Protection Regulation (usually within one month). We may require you to prove your identity to fulfill your information request. A fee based on the price list will be charged for providing the information if less than one year has passed since the User last checked the register data.

Right to request correction of data: you can update your own basic information through settings by logging into the service. If necessary, a correction request can also be conveyed through customer service found on our website. If the correction is made in a way other than directly through our service, the customer must present the necessary basic information so that the customer can be reliably identified. Necessary information includes, for example, name, address, phone, email, and username.

Right to grant or withdraw consent: if we process your personal data based on your consent, you have the right to grant a new consent or withdraw your previously given consent at any time.

Right to be forgotten: you have the right to request us to delete your stored personal data if 1) the data are no longer needed for the original collection purpose 2) you withdraw your consent/contract, and the data processed based on that are deleted 3) your data have been processed unlawfully 4) personal data must be deleted to comply with a statutory obligation applicable to the controller 5) personal data were collected in the context of offering information society services directly to a child.

Right to object to data processing: you may have the opportunity to object to the processing of your personal data when processing is performed for the execution of a task carried out for public interest or for our legitimate interests.

Right to restriction of processing: you may have the opportunity to restrict the processing of your data in accordance with Article 18 of the GDPR.

Right to data portability: you have the right to receive the data you have provided in a structured, commonly used, and machine-readable format and to transfer them to another controller if the data are processed based on consent or contract.

Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR. Contact details can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

9. Changes to Privacy Policy

Rouhia Oy may change privacy practices by updating this document. We will notify users of changes on the www.reactored.com website in the privacy policy/privacy policy section. Please visit the website regularly to obtain information about possible changes.

If changing the terms brings about changes that have a significant adverse effect on the user, Rouhia Oy will notify you when you start using the service the next time. Continuing to use the Service means that the user has accepted the modified terms.

10. Use of AI in Our Services

In Short: We utilize artificial intelligence (AI) technologies, including OpenAI’s API, to enhance our services and provide advanced functionalities such as personalized language learning and interactive conversational practices.

How We Use AI: We incorporate OpenAI’s AI services to dynamically generate educational content and facilitate conversational simulations that are tailored to your usage patterns and learning needs. This involves processing the inputs you provide during sessions to produce relevant and personalized language learning experiences.

Data Handling by AI: While OpenAI processes data to deliver these services, it is crucial to note that no personal information is permanently stored by the AI nor used beyond the immediate learning session. Data processed by AI is primarily used for real-time response generation and is not used for any other purposes without your explicit consent.

Legal Basis for AI Processing: The processing of your data using AI technologies is based on your consent, which we obtain at the time you register for our services or adjust your service settings. This consent can be withdrawn at any time; however, withdrawing consent may impact the functionality of AI-dependent features within our services.

Your Rights Regarding AI: You have specific rights related to automated decisions made by our AI systems, including:

The right to be informed about the AI-driven decisions that impact you, including an explanation of the underlying logic and the significance of these decisions.
The right to request human intervention, to express your point of view, and to contest decisions made by the AI.

Data Management: If you have concerns about the data processed by AI technologies or wish to restrict such processing, you can review or request deletion of your data by contacting us directly. We are committed to ensuring that all data handled by AI can be accessed, reviewed, or removed at your request in compliance with applicable data protection laws.

Updates to AI Use: We regularly update this privacy notice to reflect any changes in how we use AI technologies to improve your service experience. The updated version will be indicated by the revised date and will become effective upon publication. We encourage you to review this notice periodically to stay informed of our data practices.