What is the Purpose of this Privacy Statement?
This Interactions Privacy Statement refers to our commitment to treat the information of job candidates, employees, clients, contractors, suppliers, research participants, and other interested parties with the utmost care and confidentiality. With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights in accordance with the applicable data protection legislation including the Irish Data Protection Acts and the EU General Data Protection Regulation.
Who does this Privacy Statement refer to?
This policy refers to all parties (job candidates, employees, clients, contractors, suppliers and other interested parties etc.) whose personal data is processed by us.
Who must follow this Privacy Statement?
Employees of Interactions must follow this policy. Contractors, consultants, partners and any other external entity are also required to comply. Generally, this statement applies to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
What data is included?
As part of our services, we need to obtain and process data. This data includes any offline physical data or online data that makes a person identifiable such as names, addresses, usernames and passwords, IP addresses, any online identifier, CCTV, biometrics, digital footprints, photographs, social security numbers, financial data etc. It also may include one or more factors specific to the physical, physiological, genetic, mental, cultural or social identity of that person.
How Interactions collect your data?
Interactions collects this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to Interactions, the following rules apply. Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by us on the basis of a valid contract, consent, legal compliance or legitimate interest
- Protected against any unauthorised or illegal processing by internal or external parties.
Our data will not be:
- Communicated to any unauthorised internal or external parties
- Stored for more than a specified amount of time (which is notified to you via this Statement)
- Transferred to organisations, states or countries outside the European Economic area without adequate safeguards being put in place as required under Data Protection law.
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data. Explicit consent will be required for the processing of any special category of personal data.
Information we provide before processing the data
Prior to processing any data Interactions will always provide, via this Privacy Statement, the following information:
- Which of their data is collected
- How Interactions process their data
- The purpose for Interactions processing their data
- Who has access to their information
- Provisions in cases of lost, corrupted or compromised data
- Information relating to the right to request that we modify, erase, reduce or correct data contained in our systems
- Information relating to data subjects’ rights in relation to their data.
How we protect your data
Interactions’ commitment to protect your data:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in data protection and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.).
What is the legal basis for holding your data?
We collect your data based on the following legal basis
- Consent- where you have explicitly agreed to us processing your information for a specific reason such as marketing or explicit consent for us to process any special category of data about you;
- Contract-where you have entered into a service with us and the processing is necessary to perform this service
- Compliance -the processing is necessary for compliance with a legal obligation we have such as keeping records for revenue or tax purposes or providing information to a public body or law enforcement agency; we may be required to process certain data to carry out our obligations under employment, social security or social protection law; the processing is necessary for the establishment, exercise or defence of legal claims
- Legitimate interest-the processing is necessary for the purposes of a legitimate interest pursued by us to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed or to ensure that complaints are managed effectivity, to prevent fraud, to enhance our service offerings and to keep you and our clients informed about the service we are currently providing to you and our clients.
How long will we hold your personal data?
We will only retain personal data for as long as necessary for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject or to defence any legal actions.
We will retain personal data about job applicant candidates for no more than one year
I.I Right to Erasure
When have I the right to all my personal data being deleted by Interactions?
You have the right to have your personal data deleted without undue delay if:
- The data is no longer necessary in relation to the purpose(s) for which it was collected
- You are withdrawing consent and where there is no other legal ground for the processing
- You object to the processing and there are no overriding legitimate grounds for the processing
- The personal data has been unlawfully processed
- The personal data has to be erased so that we are in compliance with legal obligation
- The personal data has been collected in relation to the offer of information society services with a child.
What happens if Interactions has made my personal data public?
If we have made your personal data public, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform those who are processing your personal data that you have requested the erasure.
What happens if Interactions has disclosed my personal to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them of your request for erasure where possible. We will also confirm to you details of relevant third parties to whom the data has been disclosed where appropriate.
I.II Right to Data Portability
When can I receive my personal data in machine readable format from Interactions?
You will receive your personal data concerning you in a structured, commonly used and machine-readable format if:
- processing is based on consent
- processing is carried out by automated means.
Would Interactions transfer the personal data to another service provider if I requested this?
We can transfer this data to another company selected by you on your written instruction where it is technically feasible taking account of the available technology and the feasible cost of transfer proportionate to the service we provide to you.
Under what circumstances can Interactions refuse?
You will not be able to obtain, or have transferred in machine-readable format, your personal data if we are processing this data in the public interest or in the exercise of official authority vested in us.
Will Interactions provide me with my personal data if the file contains the personal data of others?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person. Contact us at firstname.lastname@example.org
I.III Right for Automated Individual Decision Making including Profiling
What are my rights in respect of Automated Decision making?
Interactions does not have any automated decision-making processes. Where any such processes are introduced, we will provide you with the relevant information required under the “General Data Protection Regulation”.
I.IV Right to Object
Have I already been informed about my right to object?
We have informed you of your right to object prior to us collecting any of your personal data as stated in our privacy notice.
When can I object to Interactions processing my personal data?
You can object on grounds relating to your particular situation.
Interactions will stop processing your personal data unless:
- we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
- the processing is for the establishment, exercise or defence of legal claims.
What are my rights to object for direct marketing purposes?
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, we will no longer process this data for such purposes.
What are my rights to object in the use of information society services?
In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications.
Contact us at email@example.com
I.V Right to Restriction of Processing
When can I restrict processing?
You may have processing of your personal data restricted:
- While we are verifying the accuracy of your personal data which you have contested
- If you choose restricted processing over erasure where processing is unlawful
- If we no longer need the personal data for its original purpose but are required to hold the personal data for defence of legal claims
- Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override.
What if Interactions has provided my personal data to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them about the restriction on the processing, unless it is impossible or involves disproportionate effort to do so.
How will I know if the restriction is lifted by Interactions and/or relevant third parties?
We will inform on an individual basis when a restriction on processing has been lifted.
Contact us at firstname.lastname@example.org
I.VI Right of Rectification Policy
What can I do if Interactions is holding incorrect personal data about me?
Where you suspect that data we hold about you is inaccurate, we will on demand rectify any inaccuracies without undue delay and provide confirmation of same.
What happens if Interactions has disclosed my personal to third parties?
Where we have disclosed inaccurate personal data to third parties, we will inform them and request confirmation that rectification has occurred. We will also provide you with details of the third parties to whom your personal data has been disclosed.
Contact us at email@example.com
I.VII Right to withdraw Consent
Under what circumstances could I withdraw consent?
You can withdraw consent if we are processing your personal data based on your consent.
When can I withdraw consent?
You can withdraw consent at any time.
If I withdraw consent what happens to my current data?
Any processing based on your consent will cease upon the withdrawal of that consent. Your withdrawal will not affect any processing of personal data prior to your withdrawal of consent, or any processing which is not based on your consent.
Contact us at firstname.lastname@example.org
I.VIII Right to lodge a complaint
Can I lodge a complaint with the Data Protection Commission?
You can lodge a complaint with the Data Protection Commission in respect of any processing by or on behalf of Interactions of personal data relating to you.
How do I lodge a complaint?
Making a complaint is simple and free. All you need to do is write to the Data Protection Commission giving details about the matter. You should clearly identify the organisation or individual you are complaining about. You should also outline the steps you have taken to have your concerns dealt with by the organisation, and what sort of response you received from them. Please also provide copies of any letters between you and the organisation, as well as supporting evidence/material.
What happens after I make the complaint?
The Data Protection Commission will then take the matter up with Interactions for you.
I.IX Right of Access Policy
When do I have the right to access my personal data from Interactions?
Where Interactions process any personal data relating to you, you have the right to obtain confirmation of same from us, and to have access to your data.
What information will Interactions provide to me?
If we are processing your personal data you are entitled to access a copy of all such personal data processed by us. We will also provide the following information including your full rights under Data Protection:
- why we are processing your personal data
- the types of personal data concerned
- the third parties or categories of third parties to whom the personal data have been or will be disclosed. We will information you if any of the third parties are outside the European Economic Area (EEA)or international organisations
- how your personal data is safeguarded where we provide your personal data outside the European Economic Area or to an international organisation
- the length of time we will hold your data or, the criteria used to determine that period
- your rights to:
- request any changes to inaccurate personal data held by us
- have your personal data deleted on all our systems
- restriction of processing of personal data concerning you
- to object to such processing
- data portability
- your right to lodge a complaint with the Data Protection Commission; email@example.com
- where we have collected your personal data from a third party, we will provide you with the information as to our source of your personal data
- any automated decision-making, including profiling which includes your personal data. We will provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
How long will it take to receive my personal data from Interactions?
We will provide you with a copy of the personal data we are currently processing within one month of request. In rare situations if we are unable to provide you with the data within one month we will notify you within 10 days of your request explaining the reason for the delay and will commit to delivery within a further two months.
How much will it cost me to receive my personal data?
We will not charge for providing your personal data unless we believe the request is excessive and the cost of providing your data is disproportionate to your services provided.
Can I request additional copies of my personal data?
If you require additional copies we will charge €20 to cover our administrative costs.
Can I receive my personal data electronically?
You can request your personal data by electronic means and we will provide your personal data in a commonly used electronic form if technically feasible.
What will Interactions do if another person’s personal data is shared with my personal data?
We will only provide you with your personal data, ensuring we protect the rights and freedoms of others. Where personal data of another person may be on the same files as yours, we will redact the full details of the other person.
Contact Us at firstname.lastname@example.org
Cookies are very small files stored on your hard drive. They uniquely identify your computer and allow the website to store information about your session on the website, improve web security and help to customise your website experience. A unique user identity is created which ensures that you are not required to re-enter login details, as you move throughout the website if logged in as a customer.
How Cookies are used:
Cookies are used to assist in making a website work more efficiently. They are used to remember your preferences, for example; your IP address and the time you first visited the website. When you leave the site and come back to it, this information can be reloaded form your computer thereby generally improving your user experience.
We may also use Google Analytics which is a tool that records data about all the users who arrive to the website. The cookies that are used by Google Analytics are detailed below.
Google Analytics related cookies:
This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase. This cookie is what’s called a ‘persistent’ cookie, as in, it is not set to automatically expire unless removed by the user.
__utmb and utmc:
The B and C cookies work together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another page view to happen, and if it doesn’t, it expires.
The _utmt cookie is a session cookie used to throttle the request rate. It expires after 10 minutes.
The _utmv cookie is used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
__utmz keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where you were in the world when you accessed a website. It expires in 6 months. This cookie is how Google Analytics knows to whom and to what source/medium/keyword to assign the credit for a Goal Conversion or an E-commerce Transaction.
You may refuse or accept cookies from the Site at any time by activating settings on your browser. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s site via your help screen.
You can delete cookies stored on your computer or change your privacy settings at any time via your browser settings.
For more detailed information on cookies, visit www.allaboutcookies.org
If you have any queries in relation to this privacy statement or wish to view any of our other policies, please contact email@example.com
Queries and Complaints
For any queries, or to make a complaint, please find contact details below for the Interactions Research Data Protection Officer.
DPO (Data Protection Officer)
Claire Rountree, Interactions Research