Data protection

PRIVACY AND DATA PROTECTION POLICY

I. Introduction

Interactio, Ltd (“we” or “us”) is committed to protect the fundamental rights and freedoms of individuals, including their right to privacy with respect to the processing of their personal data. Data protection applies to personal data held in any format (paper, electronic, etc.). Our priority is to ensure that natural persons that we interact with feel confident that we respect and safeguard their privacy. In the same way, we seek to reduce any legal and regulatory risks related to our reputation and brand.

In everyday business operations, we use a variety of data about identifiable individuals, including data about:

  • Current, past, and prospective customers;
  • Current, past, and prospective interpreters;
  • Current, past, and prospective employees;
  • Users of our website;
  • Users of Interactio software;
  • And other stakeholders.

In collecting and using this data, we are subject to a variety of legislations controlling how such activities may be carried out as well as the safeguards which must be put in place to protect it. In this policy, we describe the steps we are taking to ensure our privacy and data protection compliance.

This policy applies to all staff working for, or on behalf of, Interactio and includes employees, associates, and contractors with legitimate access to our data or systems. In addition, we require that our data processors be compliant when working on behalf of Interactio.  

II. Responsibilities

Information users

All staff working for, or on behalf of, Interactio are responsible for complying with all relevant data protection legislation and this policy. All staff must also ensure that any personal data they supply is accurate and up to date.  

Data protection officer

We have appointed a data protection officer (DPO) to carry out the DPO role as defined in the legislation. The DPO is responsible for dealing with day-to-day data protection matters, providing training, and for developing and encouraging good information handling practices.

Developers and IT

Developers are responsible for embedding privacy safeguards into the design of our products, services, and infrastructure from the earliest stage of development, covering the entire life cycle (‘privacy by design’).

III. Our principles  

  • Be transparent and informative about personal data processed.
  • Process personal data only if the processing relies on legitimate processing criteria. Ensure the correct legal ground for processing data for each specific purpose is used in each particular case.
  • If consent is used as a legal ground for the processing of personal data, it shall be unambiguous, informed, and allow customers to withdraw their consent.
  • If legitimate interest is used as legal ground, data subjects shall be sufficiently informed about such purpose and be allowed to object in a user-friendly matter.
  • Collect only personal data that is relevant and not excessive in relation to the purpose for which it is collected and only collect it for explicit and legitimate purposes.
  • Process personal data fairly and lawfully in all operations, including when processing such data outside the country where it has been collected. Process personal data only to the extent necessary for explicit purpose applicable for that processing while always paying attention to the protection of individuals’ privacy and to interests of special user groups such as children.
  • Processing of personal data should be limited to what is needed for operational purposes, employment matters, efficient customer care, and relevant commercial activities, including the processing of anonymous user patterns.
  • Do not retain personal data longer than is legally required or necessary for each explicit and legitimate purpose that the data is processed for.
  • Keep personal data accurate and reasonably up to date.
  • Only provide personal data to authorities to the extent required by law or with the data subject permission and in accordance with predefined approved processes.
  • On a regular basis, assess the privacy risks associated with the processing of personal data and develop appropriate mitigation strategies to address these risks.
  • Require data processors to exercise special care to prevent loss, theft, unauthorized disclosure, or inappropriate use of personal data collected by us.
  • Protect with appropriate technical and organizational measures.
  • Identify and address the impacts of this policy on change, development, and procurement activities.

IV. Rights of the individual

The data subject has rights under the GDPR. These consist of:

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object.

Each of these rights is supported by appropriate procedures within Interactio that allow the required action to be taken within the timescales stated in the GDPR.

Data subjects can exercise their rights by email dpo@interactio.io

V. International transfers of personal data

Transfers of personal data outside the European Union are carefully reviewed prior to the transfer taking place to ensure that they fall within limits imposed by the GDPR. This depends partly on the European Commission’s judgment as to the adequacy of the safeguards for personal data applicable in the receiving country, and this may change over time.

VI. Data protection officer

A defined role of a data protection officer is required under the GDPR. The DPO is independent, an expert in data protection, adequately resourced, and report to the highest management level.

The DPO’s role includes monitoring internal compliance, advising on data protection obligations, providing advice regarding data protection impact assessments (DPIA), and acting as a contact person for data subjects and the State Data Protection Inspectorate of the Republic of Lithuania.

We ensure the DPO is closely involved in all data protection matters in a timely manner, including DPIAs. The DPO has adequate resources and appropriate access to personal data, processing activities, and other services to enable the DPO to carry out this role as defined in the GDPR.

VII. Questions and concerns

If you have questions or concerns regarding this policy, please contact the data protection officer via email dpo@interactio.io or phone +37061806726