Categories

This page describes how MigiHub, a SaaS developed and owned by InnuCloud Experts Inc. ("InnuCloud", "we", "us"), aligns with the requirements of the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the "DPF").

Scope

Scope of this Notice

This DPF Notice (once activated upon listing) covers personal data transferred from the European Economic Area (EEA), the United Kingdom (and Gibraltar), and Switzerland to our U.S. affiliate in connection with the provisioning and operation of the MigiHub service, including customer support and related business operations. It applies to both:

• Non‑HR data (e.g., customer/contact information, platform usage, scheduling/assignments, timesheets, communications metadata), and
• HR data transferred in the context of an employment relationship (e.g., employee/contractor data), where applicable.

Principles

Our Commitment to the DPF Principles (effective upon listing)

We commit to the DPF Principles for covered transfers:

1. Notice — We will inform individuals about the categories of personal data collected; purposes of processing; the right to access; choices; the type or identity of third parties to which we disclose personal data; our accountability for onward transfer; how to contact us; the independent dispute resolution body; and the authority with jurisdiction over our compliance.
2. Choice — We will offer individuals the opportunity to opt out of (a) disclosures of personal data to third parties (other than agents) and (b) uses of personal data for materially different purposes from those disclosed initially. For sensitive data, we will obtain opt‑in consent where required.
3. Accountability for Onward Transfer — We will transfer personal data only (a) for limited and specified purposes; (b) pursuant to appropriate contracts requiring recipients to provide at least the same level of protection; and (c) with onward‑transfer safeguards. We remain liable for agent processing that violates the Principles, unless we prove we are not responsible for the event giving rise to the damage.
4. Security — We will take reasonable and appropriate administrative, technical, and physical measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
5. Data Integrity & Purpose Limitation — We will limit personal data to that which is relevant for the purposes of processing, and will take reasonable steps to ensure data is reliable, accurate, complete, and current. We will retain personal data only as long as necessary for the stated purposes or as required by law.
6. Access — Individuals will have access to personal data about them that we hold, and may correct, amend, or delete that information where it is inaccurate or processed in violation of the Principles, subject to lawful limitations.
7. Recourse, Enforcement & Liability — We will provide readily available, independent recourse mechanisms, investigate and resolve complaints, and commit to arbitration for residual claims as described below. Compliance will be subject to periodic verification, with potential enforcement by the appropriate authority.

Data Categories

Categories of Personal Data We Process

Depending on your role and tenant configuration, typical categories include: identification and contact data; account/role data; organization details; booking and assignment data (date/time, location, preferences); interpreter schedules/timesheets; communications metadata (email/SMS/browser notifications); device/log data; optional geolocation (if enabled); attachments/notes uploaded by users; and HR data where applicable.

Purposes

Purposes of Processing

We process personal data to provide, secure, maintain, support, and improve the MigiHub service; to enable integrations configured by customers; to communicate service updates; to comply with legal obligations; and for aggregated, de‑identified analytics that do not identify individuals.

Choices

Individual Choices & Methods to Exercise Them

To exercise access, correction, deletion, or objection/opt‑out rights under the DPF Principles, individuals may contact us using the details below. Where we process data as a processor for our customers, we will refer the request to the applicable customer (controller) and assist as appropriate.

Onward

Onward Transfers to Third Parties

We share personal data with service providers ("agents") and integration partners solely to support the purposes described in this Notice. We require written contracts obligating agents to provide at least the same level of protection required by the DPF, to notify us if they can no longer meet those obligations, and to take remedial action. We remain liable for agent processing that violates the Principles unless we prove we are not responsible for the event giving rise to the damage.

HR Data

HR Data

For HR data transferred in the context of an employment relationship, we commit to cooperate and comply with the advice of competent EU supervisory authorities, the UK Information Commissioner's Office (ICO) (or its successor), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) regarding such data. Individuals wishing to raise HR‑data complaints should first contact us; if unresolved, we will cooperate with the appropriate authority.

Independent Recourse

Independent Dispute Resolution (Free of Charge to You)

We will investigate and attempt to resolve complaints within 45 days. For unresolved non‑HR matters, we commit to an independent recourse mechanism at no cost to you:

• Independent Recourse Mechanism (IRM): [Select one: BBB National Programs – Data Privacy Framework Services / JAMS]
• How to file a complaint: [IRM instructions/URL]

For HR data, we will cooperate with the competent EU/UK/Swiss authority as noted above.

Arbitration

Binding Arbitration (Residual Claims)

If your complaint remains unresolved after exhausting the recourse mechanisms above, you may be able to invoke binding arbitration under the DPF's Annex I conditions. Availability is subject to eligibility criteria and is intended as a last resort.

Enforcement

U.S. Enforcement (Applicable upon U.S. Listing)

Our U.S. affiliate's DPF compliance will be subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) or U.S. Department of Transportation, as applicable.

Verification

Verification & Annual Re‑Certification

We will verify adherence to the DPF Principles through internal self‑assessment and training, management reviews, and periodic audits of our policies and controls. We will re‑certify annually and update this Notice with any material changes.

Disclosure Requests

Lawful Requests & National Security

We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where legally permitted, we will challenge overbroad requests and provide transparency.

Contact

Contact Information

Privacy Office — InnuCloud Experts Inc. (MigiHub)
2020 Trans‑Canada Hwy, Dorval, Quebec H9P 2N4, Canada
Email: [email protected]

DPF Program Listing

Once active, our U.S. affiliate's DPF listing will be available via the Data Privacy Framework Program website. This Notice will then reflect the certified entity's legal name and scope (EU‑U.S., UK Extension, Swiss‑U.S.).

Effective

Effective Date & Updates

This Notice takes effect for DPF purposes when our U.S. affiliate appears on the official DPF List. Until then, we rely on GDPR SCCs (and UK/Swiss equivalents) for relevant transfers and ensure our U.S.-based subprocessors maintain appropriate DPF or equivalent safeguards.