Data Privacy Framework Notice
Interact Intranet Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Interact Intranet Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Scope
This Privacy Policy applies to personal data received from the European Economic Area (EEA) and the United Kingdom under the applicable DPF Principles, including personal data relating to employees, contractors, business partners and users of our services.
Categories of Personal Data
We may process the following categories of personal data in line with our services:
- Identifiers (name, user ID, account credentials);
- Contact information (email address, phone number);
- Account and service data (user activity, service usage, support interactions);
- Customer communications (queries, requests, correspondence);
- Security and technical data (IP address, device information, system logs);
- Compliance-related data (audit logs, investigation records); and
- Employment-related data (where applicable, including role, department, HR records).
Purpose of Processing
We process non-HR personal data and limited HR personal data for the following purposes:
- Service provision and account management;
- Customer support and communications;
- Security monitoring, fraud prevention, and compliance; and
- Employment and human resources administration (where applicable).
Accountability for Onward Transfers
Interact Intranet Inc. is responsible for the processing of personal data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.
Interact Intranet Inc. remains liable under the DPF Principles if an agent processes such personal data in a manner inconsistent with the DPF principles, unless Interact Intranet Inc. proves that it is not responsible for the event giving rise to the damage.
We may disclose personal data to third parties where necessary for the purposes described in this Privacy Policy, including service providers and processors that support hosting, security, analytics, customer support, communications, professional services, compliance, legal obligations, corporate transactions, and other business operations. These third parties may include cloud hosting providers, IT and security vendors, customer support tools, professional advisers, payment and billing providers, and public authorities where required by law.
Where we transfer personal data to a third party acting as an agent, we require that third party to process the personal data only for specified purposes, provide at least the same level of privacy protection required by the applicable DPF Principles, and notify us if it can no longer meet those obligations.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy.
Individual Rights and Access Requests
Individuals whose personal data is covered by this policy may request access to, correction of, or deletion of their personal data, subject to applicable legal limitations.
Requests may be submitted by contacting:
Privacy Office
Email: security@interactsoftware.com
Address: Interact Intranet Inc. 880 3rd Ave, 5th floor, New York, New York 10022, United States
We will respond to such requests within 45 days in accordance with the DPF principles.
Choice and Limiting Use or Disclosure
Individuals may contact us to request that we limit the use or disclosure of their personal data where required by the applicable DPF Principles. Where personal data is used for a materially different purpose from that for which it was originally collected or subsequently authorised, or where personal data is disclosed to a non-agent third party, we will provide individuals with an appropriate opportunity to opt out. For sensitive personal data, we will obtain affirmative express consent where required by the applicable DPF Principles.
Recourse, Enforcement, and Dispute Resolution
If you have a complaint:
- Contact us at security@interactsoftware.com
- We will respond within 45 days
Unresolved complaints may be referred to JAMS, an independent dispute resolution provider, at no cost to the individual:
https://www.jamsadr.com/DPF-Dispute-Resolution
In compliance with the EU–U.S. DPF and the UK Extension to the EU–U.S. DPF, Interact Intranet Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO), with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU–U.S. DPF and the UK Extension to the EU–U.S. DPF in the context of the employment relationship.
Binding Arbitration
Under certain conditions, individuals may invoke binding arbitration to resolve complaints not resolved by other DPF mechanisms, as described in the DPF principles.
U.S. Regulatory Enforcement
Interact Intranet Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Disclosure for Legal Reasons
Interact Intranet Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Changes to This Policy
This privacy policy may be updated to reflect changes in our data processing practices or legal obligations. Material changes will be communicated appropriately.
Data Privacy Framework List
The full list of organisations certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-US Data Privacy Framework can be accessed here: https://www.dataprivacyframework.gov/list