INTERACT Technology and GDPR
In 2012, the European Commission began a process to reform Europe’s existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. General Data Protection Regulation (GDPR) was adopted in 2016 and will take effect on 25 May 2018.
The GDPR is a wide-ranging regulation designed to protect the privacy of individuals in the European Union (EU) and give them control over how their personal data is processed, including how it’s collected, stored and used. It affects every company in the world that processes personal data about people in the EU.
Summary of the changes include:
Improved clarity and transparency with redefined terms to clearly described the data we collect and use and explain rights to your data
A review of key third party vendor arrangements to ensure that the services we rely on to operate are also preparing to be GDPR compliance by the deadline
Where does INTERACT store data?
INTERACT uses Amazon Web Services, a top-tier, third-party data hosting provider with servers located in the Australia and the United States to host online and mobile services.For more information about AWS’s approach to compliance with the GDPR, click here.
Will INTERACT store EU customer data in the EU?
INTERACT has no short term plans to store data in the EU, and this is not required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.
INTERACT makes sure that it complies with EU data export restrictions when it exports data outside of the EU, an audit is currently being conducted with regards to thee data export mechanisms in place to ensure they comply, and will continue to comply, with GDPR.
How does INTERACT comply with EU data export restriction?
When personal data is hosted or processed outside of the European Economic Area by INTERACT, GDPR requires that it remains protected by appropriate safeguards in line with EU law. There are a few ways that INTERACT achieves this.
When we process EU customer data in other territories, like Australia and the United States of America, we ensure “appropriate safeguards” are in place that are prescribed by GDPR – i.e. by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
Why hasn’t INTERACT signed up to Privacy Shield?
INTERACT is an Australian headquartered company. The EU- US Privacy Shield is a mechanism for the EU and US to comply with data protection requirements when transferring personal data from the EU to the US.
Instead we rely on a combination of measures to ensure compliance with EU data export rules, including compliance to and use of “Model Clauses” (i.e. prescribed best practice statements) in our Software licence agreements.
What security measures do you have in place to protect data?
Protecting our customers’ data is fundamental to everything we do and we have comprehensive security and privacy safeguards for all that we do. If you would like more information on our security practices please email www.interact.technology">firstname.lastname@example.org
INTERACT as Data Controller or Data Processor?
As the licensed provider, administrator of the contacts within your tenancy and publisher of content on the platform you are the data controller – you decide the “purposes” and “means” of any processing of personal data contained within your tenancy.
Similar to what’s already in place for data protection law today, data controllers will have to adopt compliance measures to cover how data is collected, what it is being used for, how long it is being retained for and ensure that people have a right to access the data held about them.
INTERACT is the data processor for its licensed providers.
As the data processor, INTERACT processes personal data on behalf of our licensed providers. Certain obligations now apply directly to data processors, and controllers must bind them to certain contractual commitments to ensure that data is processed safely and legally. INTERACT has included these contractual commitments in our standard software licence agreement.
INTERACT is the Data Controller of user profile information as well as for all Data that is stored, collected or processed within an INTERACT tenancy.
Complaints and Enquiries
If you have any queries or complaints about this policy or our privacy practices please contact us at:
INTERACT Technology Privacy Officer
We will quickly acknowledge your correspondence and do our best to respond fully within 30 days.
Last updated: 16 August 2022