Privacy Policy
This policy statement is provided to comply with the General Data Protection Regulation (GDPR), effective from 25 May 2018.
This policy statement is intended is to inform you about the following:
- what personal information I collect and hold about you;
- the reasons why this information is collected and held;
- how this information is stored securely;
- and the rights you have with respect to the personal information I hold about you.
Any questions regarding this policy and my privacy practices should be sent to: info@holmestranslation.com.
I may update this policy from time to time, so please check this page occasionally to ensure that you understand and are happy with any changes.
How do I collect information from you?
Clients
I might obtain your information from you in person, e.g. at a networking function, trade show, or client site visit. Alternatively, I may obtain your information if you contact me directly to place an order and thus disclose personal data (e.g. your name and contact details). Email, the website contact forms, telephone and post are the most common means of contacting me and providing your personal data.
Suppliers
Ordinarily, I could obtain your information (notably name and contact details) from third-party websites (such as Linkedin, proz.com, iti.uk.org, etc.) or your personal or company website(s), and/or via direct communication channels (email, telephone etc.) if there has already been prior communication between us.
How is your information used/processed?
I collect, store and use your personal data for the following purposes:
- to issue quotes,
- to meet contractual obligations entered into by you and me (e.g. to provide a translation or editing service as requested by you or me),
- to request services from you (e.g. translation, editing, copywriting etc.),
- for accounting purposes (in issuing invoices to you or transacting billing information for carrying out payments to you),
- or to comply with legal requirements (holding accounts up to 5 years for tax compliance (with HMRC) and up to 6 years for addressing potential litigation).
I do not use your personal data for marketing purposes, nor do I disclose it to unauthorised third parties.
What kind of personal information is collected and stored?
Personal data collected may include your name, postal address, email address, telephone number, Skype name, VAT number, banking details and CV data which you have sent me. Unless reasonably required for the purpose of carrying out an order (i.e. for contractual performance), no personal data other than contact data is likely to be recorded.
Other instances where other personal information may be handled are where personal documents are provided to me for translation, such as birth certificates, marriage certificates etc. In such cases, explicit consent will likely be requested in the form of a written customer agreement.
How is your data stored?
Your personal data will be recorded electronically and separately as a client/supplier record as well as in relation to a specific order, in which your name, address (if a natural person), email address, telephone number, VAT number and banking details will be recorded against a specific order and have an associated order number (purchase order number) and order date.
As regard security, your data will typically be stored offline on external hard drives and accessed through password-protected computers.
Paper documents containing personal data (e.g. letters, business cards etc.) which you send me will be stored in a locked filing cabinet or case in publicly inaccessible premises. Only I will have access to paper documents containing your personal data.
Otherwise, data is ordinarily held electronically.
Basis for processing your data
As mentioned above under How is your information used/processed? your data is used for the performance of contract, i.e. so that I or you can provide translation or editing services. This means enabling communication between us so that necessary information can be provided for carrying out the service (by you as my supplier or by me as your supplier).
Your invoice/billing details are processed for compliance with legal obligations (holding of accounts up to 5 years for tax purposes, and order data (incl. your contact details) for up to 6 years for addressing any potential claims brought against me).
Sharing your personal data
I will only share your personal information with a third-party company when it is deemed necessary to complete duties and/or orders for you or your company (e.g. outsourcing services) and will only do so if you provide explicit consent.
In such cases I will make sure that the third party in question is also GDPR-compliant and ask them to process your documents accordingly.
I do not use your personal data for marketing purposes, nor do I disclose it to unauthorised third parties.
How long do I keep your personal data?
I will keep such personal data that is relevant for accounting and litigation purposes for a minimum 6 years to meet legal obligations. Beyond this 6-year period, I cannot be held responsible for queries or claims relating to the content, as I will have no way of verifying the accuracy of the original content.
Your obligations
Limitation of personal data
To limit the amount of personal data that I am given and hold, I recommend that personal data, whether it relate to you or other individuals, be anonymised. This is your duty as a data controller.
For example, documents provided for translation may occasionally contain personal data (whether in relation to you or another individual). In such instances, you are requested to remove identifying information by means of anonymisation. Documents containing personal data could be changed prior to the documents being provided to me for processing. For example, names and contact details can be changed.
Please note that this is very important where the personal data fall under one of the special categories of personal data, such as: racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership, genetic/biometric data to uniquely identify a natural person, or information regarding health, sex life or sexual orientation.
Under normal circumstances, I ask not to be sent such sensitive information (under the special categories of personal data). Such data will be immediately deleted.
Where sensitive personal data is discovered in the course of contracted work (e.g. while translating a document) then you will be notified of a possible breach of your data protection obligations. To avoid such surprises, please ensure that you are familiar with the documents you contract to me for processing (translation, editing etc.) and familiar with your data protection obligations as regards any personal data contained in said documents (relating to yourself or third parties).
Accuracy
Please regularly update your personal details with me if they change – notably contact details. Such data will need to be maintained up-to-date for a rolling 6-year period from the date of the last completed order for legal compliance.
Your rights
Right to be informed
You have the right to be informed of the fair processing information with a view to transparency of data. This statement is intended to fulfil that right.
Right to access
You have the right to access the information I hold. You should make such a request in writing to our me at info@holmestranslation.com or other provided contact details. I shall provide the data within 1 month. In exceptional cases, I may extend this to 3 months. You will be notified within 1 month when I believe this to be an exceptional case requiring a longer period of compliance. Where a request is manifestly unfounded or excessive I may charge a reasonable fee or refuse the request. In the event of a fee or refusal, you will be advised of this and your further rights relating to the fee or refusal.
Right to rectification
You have the right to request the information I hold is rectified if it is inaccurate or incomplete. You should contact me at info@holmestranslation.com and provide me with the details of any inaccurate or incomplete data. I will then ensure that this is amended within one month.
Right to erasure
You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing. I have the right to refuse to erase data where this is necessary for the performance of contract and/or comply with legal obligations.
Right to restrict
You have the right to restrict my processing of your data, in which case your data will only be stored, but not used.
You may request restriction of your personal data in the following circumstances:
- you do not agree with the accuracy of the personal data I hold, while I seek to verify its accuracy;
- you believe the data has been unlawfully processed, but you oppose erasure and request that your data be restricted instead;
- I no longer need the personal data, but you need me to keep it in order to establish, exercise or defend a legal claim; or
- you have objected to me processing your data under Article 21(1) of the GDPR, and I am considering whether my legitimate grounds for processing your data override your non-absolute right(s).
Right to withdraw consent
You have the right to withdraw your consent at any time. However, my right to process your data for performance of contract and meet legal obligations may override your right to withdraw consent in some cases.
Right to complain
You have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office. I advise that you seek to resolve any complaints with me directly in the first instance prior to referring a complaint to any supervisory, regulatory or accrediting body.