Data Protection

PRIVACY AND DATA PROTECTION POLICY

I. Introduction

Interactio, Ltd ("we" or "us") is committed to safeguarding the fundamental rights and freedoms of individuals, including their right to privacy concerning the processing of their personal data. Our data protection practices encompass personal data in all formats (paper, electronic, etc.). Our foremost objective is to ensure that individuals with whom we interact feel assured that we respect and protect their privacy. Likewise, we aim to mitigate any legal and regulatory risks that may impact our reputation and brand.

In our day-to-day operations, we handle various data concerning identifiable individuals, including:

  • Current, past, and prospective customers
  • Current, past, and prospective interpreters
  • Current, past, and prospective employees
  • Users of our website
  • Users of the Simultaneous interpreting platform
  • Users of the Conference system 
  • And other stakeholders

We adhere to a range of legislation governing the collection and use of such data, as well as the requisite safeguards to protect it. This policy outlines the measures we are implementing to ensure compliance with privacy and data protection regulations.

This policy applies to all personnel working for, or on behalf of, Interactio, including employees, associates, and contractors with authorized access to our data or systems. Moreover, we mandate that our data processors comply with Interactio's standards when acting on our behalf.  

II. Responsibilities

Information Users:

All personnel working for, or on behalf of, Interactio are obligated to adhere to relevant data protection legislation and this policy. They must also ensure the accuracy and currency of any personal data they provide.

Data Protection Officer (DPO):

We have appointed a Data Protection Officer (DPO) to oversee day-to-day data protection matters, provide training, and promote best practices in information handling.

Developers and IT:

Developers are tasked with incorporating privacy safeguards into the design of our products, services, and infrastructure, ensuring privacy is prioritized from the outset of development (‘privacy by design’).

III. Our principles  

  • Transparency and informativeness about processed personal data;
  • Processing personal data only on legitimate grounds;
  • Obtaining unambiguous and informed consent for processing personal data;
  • Ensuring data subjects are sufficiently informed about the purpose of processing and their right to object;
  • Collecting only relevant and proportionate personal data for explicit and legitimate purposes;
  • Processing personal data fairly and lawfully, regardless of location;
  • Limiting the processing of personal data to operational necessities, employment matters, customer care, and commercial activities;
  • Retaining personal data only for as long as necessary;
  • Maintaining accurate and up-to-date personal data;
  • Disclosing personal data to authorities only as required by law or with the data subject's consent and in accordance with approved procedures;
  • Regularly assessing privacy risks and implementing mitigation strategies;
  • Enforcing stringent measures to prevent loss, theft, unauthorized disclosure, or misuse of personal data;
  • Implementing appropriate technical and organizational measures to protect personal data;
  • Addressing the impacts of policy changes on development, procurement, and other activities.

IV. Rights of the individual

Under the GDPR, data subjects possess several rights, including the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object. Interactio has established procedures to facilitate the exercise of these rights within the timeframes stipulated by the GDPR. Data subjects can exercise their rights by contacting dpo@interactio.io.

V. International transfers of personal data

Transfers of personal data outside the European Union are subject to careful review to ensure compliance with GDPR requirements. This evaluation considers the adequacy of safeguards for personal data in the recipient country, which may evolve over time.

VI. Data protection officer

The GDPR mandates the role of a Data Protection Officer (DPO), who is independent, knowledgeable in data protection, adequately resourced, and reports to senior management. The DPO's responsibilities include monitoring internal compliance, advising on data protection obligations, facilitating data protection impact assessments (DPIAs), and serving as a point of contact for data subjects and regulatory authorities. Interactio ensures the DPO's involvement in all data protection matters, including DPIAs, with adequate resources and access to personal data and processing activities.

VII. Questions and concerns

For inquiries or concerns regarding this policy, please contact the Data Protection Officer via email at dpo@interactio.io or by phone +37061806726.

Document version 2.0

Last Updated: Jun-16, 2024