Data protection

PARTICIPANT PRIVACY POLICY

Your privacy is important to us

At Interactio, Ltd ("we") are committed to protecting your privacy. This Privacy notice describes why we collect and use the personal data we receive from you when you participate at Interactio online event.

Why do we collect your data?

The subject matters of the collecting of personal data are: identification of users when they connect to the system, possibility to inspect any problems in real time, identification of the user during the event or user management or communication tasks, stream control, remote stream establishment, local streaming, chat, and remote broadcaster control and troubleshooting audio problems.

What personal data do we collect?

The types of personal data to be collected include name, surname, audio (voice) recordings, unique ID issued by Interactio, technical information from the data subject device, technical information related to months streaming quality, event information (time, date, topic, duration) and other data of data subjects that may be contained within the content that event participants submit to Interactio to process using services.

Data processing table

Who can access your personal data?

List of Interactio units who might have access to event participant’s data:

Interactio unit

Types of data accessed

The purpose for the data access

Location

PURPOSE

FURTHER INFORMATION

Customer Success unit

Event data, email of datasubjects (AV managers, interpreters, participants)

To set up an event or to help set up an event

European Union

Customer Tech Success unit

Event data, participants information, connection to the event

To cover AV manager role at the event, to troubleshoot issues related to event performance or functionality

European Union

Compliance team

IP address, User ID, Event ID, action type, action time

To detect and analyze suspicious activities illegal actions

European Union

Interactio unit: Customer success unit

Types of data accessed: Event data, email of data subjects (AV managers,
interpreters, participants)

The purpose for the data access: To set up an event or to help set up an event

Location: European Union

Interactio unit: Customer tech success unit

Types of data accessed: Event data, participants information, connection to the event

The purpose for the data access: To cover AV manager role at the event, to troubleshoot issues related to event performance or functionality

Location: European Union

Interactio unit: Compliance team

Types of data accessed: IP address, User ID, Event ID, action type, action time

The purpose for the data access: To detect and analyze suspicious activities illegal actions

Location: European Union

Who else can access your personal data?

The list of data processors is shown below:

Processor

Types of data accessed

The purpose for the data access

Data location

PURPOSE

FURTHER INFORMATION

Digital Ocean, LLC

Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

To provide media streaming functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Frankfurt, Germany, European Union

OVH Hosting Ltd.

Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

To provide media streaming functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Paris, France, European Union

Amazon Web Services EMEA SARL

Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

To provide service functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Frankfurt, Germany, European Union

Processor: Digital Ocean, LLC

Types of data accessed: Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

The purpose for the data access: To provide media streaming functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Location: Frankfurt, Germany, European Union

Processor: OVH Hosting Ltd.

Types of data accessed: Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

The purpose for the data access: To provide media streaming functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Location: Paris, France, European Union

Processor: Amazon Web Services EMEA SARL

Types of data accessed: Personal data contained in communications customers send or receive remote simultaneous interpretation (RSI) platform “Interactio”

The purpose for the data access: To provide service functionality in remote simultaneous interpretation (RSI) platform “Interactio”

Location: Frankfurt, Germany, European Union

In the case of any addition of processor engagement, Interactio will inform Event participants prior in written form, thereby giving them the opportunity to object to such changes.
Interactio will remain fully liable for all obligations contracted to and all acts and omissions of the processors. All engagements of processors will be compliant with GDPR.

Technical and organizational measures

Interactio commits that the persons entitled to use any data processing system about the personal data are only able to access the personal data within the scope and to the extent covered by the respective access permission (authorization).
This shall, in particular, be accomplished by:

Establishing access authorizations for employees and third parties, including the respective documentation;
Identification of the persons having access authority;
Securing any and all data processing equipment and personal computers;
Regulations for user authorization;
Obligation to comply with data secrecy;
Differentiated access regulations (e. g. partial blocking);
Regulations for the organization of files;
Controlled destruction of personal data, when relevant;
Work instructions for templates for the registration of personal data;
Checking, adjustment, and controlling systems.

‍

Data “at rest” and “on transit” control and security. Interactio shall maintain controls data “at rest” and “on transit”.
This shall be accomplished by:

User to service and service to user encryption;
Data (at rest) encryption;
Data (on transit) encryption;
SSL certificates;
Application-level monitoring;
Databases level monitoring;
Data backups.

‍

Organization control. Interactio shall maintain its internal organization in a manner that meets the requirements of this privacy notice.
This shall be accomplished by:

Internal data processing policies and procedures, guidelines, work instructions, process descriptions, and regulations for programming, testing, and release, insofar as they relate to the personal data transferred by the data controller;
Industry standards (ISO) and programs examination;
Formulation of an emergency plan (backup contingency plan);
Binding policies and procedures (Data access, appropriate data usage, etc.) for the controlers’ employees;
Regular penetration testing;
Security by design and by default policy;
Privacy by design and by default policy;
Regular security training for data controllers employees.

‍

Your rights to your data

You have the right to access your data, the right to rectify, or erase the data, the right to restrict processes concerning you or to object to processing, and the right to data portability. If you have any questions regarding your data processing, please contact Interactio's data protection officer via email at dpo@interactio.io.