ELF Translations Ltd
Edinburgh Legal and Financial Translations
Valid from 19 April 2018
ELF Translations Ltd
5A Wester Coates Gardens
Edinburgh EH12 5LT
This Privacy Statement explains how we treat your data, what to do if you have any queries relating to data processing, and how to exercise any data protection rights.
NB: Your data may be transferred outside the European Union, although this will only occur strictly in accordance with Article 49(1)(b), (c) and (f) GDPR
Data Controller and Data Processors
The Data Controller is ELF Translations. The Data Processors are the Company officials of the Data Controller, or its appointed sub-contractors who may process data in accordance with the instructions of the Data Controller and in accordance with the duty of confidentiality applicable to them.
If you would like any further information concerning the specific Data Processors who have or will be handling your data, please contact the Data Protection Officer.
You may exercise any of the rights provided for under the EU General Data Protection Regulation (GDPR), irrespective of whether that Regulation is applicable to you. In addition, if the law of the country that is applicable to you provides for more exacting standards of data protection or enhanced rights compared to the GDPR, the Company will recognise these rights.
You have the right to access your data held by the Company in order inter alia to rectify any inaccuracies. You have the right to require the cancellation of any data, unless and insofar as the retention of that data is mandatory under the law applicable to the Company.
Should you wish to change translation supplier, you have the right to receive any data processed during the course of our business relationship with you that has not yet been deleted or anonymised. No charge will be levied for this service.
You have the right to ask us what data we hold in relation to you. You have the right to receive a prompt response to any access request and will not be charged for any such request. If any such request is refused, you will be informed of the reasons and have the right to complain to a supervisory authority.
We will not disclose your data to anybody other than for the purpose of providing our services to you, and will not even confirm or deny the existence of a business relationship with you, unless you consent or unless we are required to do so by law or by law enforcement authorities.
We shall provide you with any data we hold concerning you in the manner requested by you, provided that the request is reasonable.
If you are a contractor language services agency we do not consent to the storage or usage of our data for the purposes of soliciting us to outsource work to you.
If you are a freelancer you may retain and use any publicly accessible data to contact us for the purpose of presenting your services.
If you are a customer language services agency or a person interested in acquiring language services from us, you may retain and use any publicly accessible data or any data provided to you by us in order to contact us to request our services.
The Company is unable to provide services without receiving your personal data. We will therefore process your data in order to fulfil our contractual obligations towards you, or as part of any pre-contractual acts carried out with a view to entering into a business relationship.
As the processing of personal data is an inherent aspect of the Company’s services, the act of transmitting to the Company any data will be construed as consent to the processing of that data in the manner customary within the translation industry and in accordance with this Privacy Statement. This will involve processing on the Company premises by Company officials, although may also entail its transmission to potential external contractors. Such external contractors are subject to a duty of confidentiality regarding any such data provided to them and are obliged to report to the Company any breaches of data security or integrity.
If you do not wish your data to be processed by an external contractor of the Company you must let us know when submitting your data to us.
Any person under the age of 16 must ask a parent or guardian to submit data on their behalf.
All data will be treated in the strictest confidence and will not be disclosed to third parties other than to other language service professionals for the purpose of providing the service commissioned from the Company, or as part of pre-contractual controls or negotiations. Your data may be transferred outside the European Union, although this will only occur strictly in accordance with Article 49(1)(b), (c) and (f) GDPR.
Your data will not under any circumstances be used for marketing purposes. We will not contact you by newsletter or circular email. We will not under any circumstances sell, transfer or otherwise make available your data to any external organisation other than for the purposes of providing the services commissioned by you.
Financial data concerning the business relationship between us may be disclosed to the Company’s accountants for strictly accounting purposes and, if required by law, to the tax authorities.
You have the right to withdraw your consent to data processing at any time. If you do so, you may obtain the deletion of all data concerning you held by the Company, subject to the payment of any services you have already commissioned from the Company.
What types of data we collect
We collect only data that is necessary in order to establish, manage and conclude an actual or potential contractual relationship between us. As a matter of principle, we shall retain and use only data that are expressly provided to us by you (such as your email address, telephone number, website, postal address).
If we require any additional data we shall ask you for it or attempt to obtain it from publicly available sources, such as for instance your website.
Any data submitted through our online contact form will be retained for a reasonable period of time, until it is clear that you do not intend to acquire services from us (in which case the data will be deleted), or until deletion in the ordinary manner following the establishment of a business relationship.
Your data may be used in order to carry out basic checks into the solvency, good standing and financial health of your business. If you are a private individual, we shall not use your data to carry out any credit checks.
If you default on payment of an invoice, your data may be passed to a third party to the extent and insofar as necessary in order to secure the enforcement of your contractual obligations.
We shall retain your data for a reasonable period after the service has been completed, which will allow us to offer more competitive prices in the event that you request a service at a later stage with similar content. We are also required to retain basic information relating to the transaction between us for tax purposes (e.g. bank statements, invoices etc.) for the statutory retention periods.
If you would like your data to be deleted, whether in full or in part, please let us know. Unless we are under a statutory obligation to retain any of your personal data, your request will be acted upon as quickly as possible, and we shall provide confirmation once it has been done.
Unless you specify otherwise, your data will be retained for as long as is legally necessary or in accordance with the purpose for which they were processed, after which they will either be deleted or anonymised. If there is no evident service-related reason to retain your data, your data will be cancelled or anonymised once their retention is no longer necessary for the purposes for which the personal data were processed. The Company will carry out periodical checks in order to ensure that this principle is complied with. The Company will also carry out periodical assessments of the arrangements in place to protect against data loss, and its planning will ensure the ability to restore all data even in the event of large-scale data corruption.
Data are stored offline on computers and backup devices in secure locations to which access is controlled. In the event that any physical data carrier containing such data leaves a secure location, it will be carried on the person of a Company official. The Company does not use cloud computing or any other external data storage services in order to store its data. Physical data storage devices are protected by industry-standard anti-virus software.
Please be aware that any data transferred by email will also be stored on the servers of the relevant email provider, and may continue to be stored there even after the email in question has been deleted.
We shall send data to you using the same means employed to send it to us. Within the translation industry this means of transfer is ordinarily email.
If you would like to transfer data by encrypted communication, secure file transfer or otherwise, please notify us in advance. Also in such cases we shall return the data to you in the same manner in which it was transmitted to us.
You may also submit data to us as hard copies by ordinary post or in person, in which case we shall return the data by the same means, unless you tell us to do otherwise.
You will be informed as soon as possible in the event that the Company suffers a data breach that is liable to result in loss or harm to you of any type, or in the loss of confidentiality. This will include information that is as precise as possible concerning the data that has actually or potentially been compromised. Any breaches will also be reported to the data protection authority with jurisdiction over the Company.
The Company website uses basic cookies in order to facilitate your usage of the website, and to ensure that it works as it is supposed to. Cookies are small text files which are saved on your device when you access the website.
Cookies will not under any circumstances be used to collect any personally identifiable or sensitive information or for the purposes of advertising. Any data associated with cookies will not be disclosed by us to any third party for advertising or commercial purposes. We do not use any third party cookies.
If you wish to deactivate cookies by adjusting your browser settings accordingly, this may potentially affect the proper functioning of the Company’s website.
Data Protection Officer
The Data Protection Officer is responsible for ensuring compliance with the law, monitoring and ensuring data security and reporting any data breaches. The Data Protection Officer of the Company is Thomas Roberts. Please submit any queries in writing to the registered office, by email to firstname.lastname@example.org, or by calling +44 7733 556840.
Representative within the European Union
For the purposes of Article 27 GDPR, the representative in the European Union shall be the Data Protection Officer (hereafter, the Initial Representative in the European Union) for the duration of the United Kingdom’s membership of the European Union, and thereafter as specified in paragraph three below.
Should the Initial Representative in the European Union no longer be eligible to serve as the representative in the European Union owing to the departure of the United Kingdom from the European Union, the representative in the European Union shall be Chiara Cigognini, email@example.com, Brückenkopfstraße 6a, 69120 Heidelberg, Germany, +49 176 96251080 (hereafter, the Interim Representative in the European Union).
In the event that the United Kingdom, or any different sovereign state within the territory of which the registered office of the Company is situated, should subsequently rejoin the European Union as a Member State or otherwise become a party to arrangements that allow the Initial Representative in the European Union to serve once again as the representative in the European Union, the Interim Representative in the European Union shall no longer serve as the representative in the European Union.
Appropriate safeguards for transfers pursuant to Article 46 GDPR
In the event that
- the United Kingdom, or as the case may be the territory within which the registered office of the Data Controller is situated, is no longer a Member State of the European Union, and
- the United Kingdom, or as the case may be the territory within which the registered office of the Data Controller is situated, has the status of a third country for the purposes of EU law,
- EU law is applicable, and
- the national data protection legislation applicable to the Data Controller is not covered by an adequacy decision pursuant to Article 45 GDPR,
data transfers shall be governed by the instruments referred to in this section, which shall be automatically incorporated into any contract for the provision of translation services concluded between the Data Controller and the Customer, and between the Data Controller and any outsourced service providers.
Data transfers for which the Data Controller has the status of a controller pursuant to Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries shall be governed by the standard contractual clauses of Set II set forth in the Annex thereto. The provisions of that Annex shall be automatically incorporated into the contract for the provision of translation services concluded between the Data Controller and the Customer, under which the Data Controller shall have the status of “data importer” and the Customer the status of “data exporter”, and the Data Controller shall adopt all of the Data Processing Principles referred to in Annex A to the standard contractual clauses.
Data transfers for which the Data Controller has the status of a processor pursuant to Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council shall be governed by the standard contractual clauses (processors) set forth in the Annex thereto, whereby the governing law shall be the law of the Member State in which the data exporter (i.e. the Customer) is established. The provisions of that Annex shall be automatically incorporated into the contract for the provision of translation services concluded between the Data Controller and the Customer.
For the avoidance of doubt, the Data Controller shall comply under all circumstances with the requirements laid down by the GDPR, as interpreted from time to time by the European Court of Justice.