Data Protection Policy & Privacy Notice
SECTION ONE – DATA PROTECTION POLICY
GTG provide language translation services by matching their professional translators to projects in a bespoke service tailored to requirements.
For any queries regarding the content of this Policy Document and Privacy Notice, or any requests to access data held, please contact Colin Allinson, Head of Operations on info@globaltranslationgroup.com
GTG is registered with the Information Commissioner’s Office, reference ZA394954 The person responsible for Data Protection and Information Security is the Managing Director, Manitu Szerman.
UNDERSTANDING OUR OBLIGATIONS
DATA SUBJECT ACCESS RIGHTS
Individuals have the right to request details of any personal information that GTG may hold on you, and you have increased rights regarding our use of that information, including;
DATA SUBJECT ACCESS RIGHTS
Individuals have the right to request details of any personal information that GTG may hold on you, and you have increased rights regarding our use of that information, including;
- The right to request rectification of information that is inaccurate or out of date
- The right to erasure of your information (also known as “the right to be forgotten”)
- The right to restrict the way in which we are dealing with and using your information
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”)
GTG acknowledges that any person may ask if any information is held containing their personal data. GTG will respond to written requests as soon as possible, not taking any longer than 30 days to provide copies of any data held. The company shall correct any errors if requested, and agrees to delete records where this is permitted under the Legal Basis.
REVIEW OF DATA PROTECTION POLICY AND PRIVACY NOTICE
Data Protection is a standing agenda item at the GTG Management Review Meeting and the Trustees Board Meeting; this includes a review of the Data Protection Impact Assessment and Privacy Notice for relevance and accuracy. The documents, and this policy document, shall be reviewed in full at least annually.
SECURITY DETAILS
Every effort is made to manage the personal information held by GTG in a responsible and secure manner. To this end, all networked equipment is encrypted and password protected, stored on encrypted Cloud servers. This is backed up by our IT provider, Resonate Cloud Services. Two Factor Authentication is used on all mobile devices.
Cloud based Google Drive used for Project File Management enables restricted access to assigned Project Managers only.
Staff using mobile phones to access business information, including emails, are asked to add PIN or Fingerprint security, and ensure that the operating system updates are downloaded when available.
Hard copy personnel files are kept in a locked cabinet in a locked office with limited key-holders. Access to the building is managed by a manned reception.
BREACH RESPONSE
In the event of a breach, such as a break-in, loss or theft of a laptop or phone, all staff and current clients will be made aware. If there is a serious risk of personal data being misused, then all contacts will be informed and the incident reported to the Information Commissioner’s Office within three days of the breach being discovered; GTG will then take guidance on further action from the ICO.
SECTION TWO – PRIVACY NOTICE
ALL DOCUMENTS REMAIN THE PROPERTY AND INTELLECTUAL PROPERTY OF THE CLIENT.
PROCESSING ACTIVITY STATEMENTS
ACTIVITY
TRANSLATION SERVICES
FILE TRANSFER
TRANSLATION SERVICES
FILE TRANSFER
DOCUMENT REVIEW
FILE ENGINEERING
INSIGHTLY CRM SOFTWARE
ORDER HISTORY
CUSTOMER RECORD
GENERAL CONTACTS
DATABASE OF CONTACT INFORMATION FOR BUSINESSES
WEBSITE
EMAIL CAMPAIGNS
Mailchimp, an online marketing platform and an email marketing company, is used to send emails on behalf of GTG for marketing purposes – Legitimate Interests
BUSINESS
ACCREDITATION
STAFF
ABSENCE MONITORING AND APPRAISALS
HR ISSUES, CONSULTANT
THIRD PARTY PAYROLL
EMPLOYMENT RECORDS
PREFERRED LINGUISTS*
ACCIDENT RECORDS
SHARED DATA / DATA CONTROL
Data will only be shared with the supplier(s) directly involved with the project (i.e. translators / linguists). All suppliers are bound to full confidentiality as stipulated in the terms of our Supplier Agreement.
The ‘Data Controller’ is the customer. GTG acts as the data processor and does not claim control over the data supplied by customers. Customers may reserve the right to have GTG delete or return any data as they wish.
*For some translation projects, the client requests the identity of the Linguist, this is shared via the secure Cloud-based system.
CONTROL OF RECORDS
| What | How | Where | How Long | Destruction |
|---|---|---|---|---|
| Quotes | Google Drive Email / Server Google Drive | 2 Years | Permanent Deletion | |
| Email / Server | Guidance from code | Permanent Deletion | ||
| Translation Files | Hard copy Soft Copy | Locked Drawer | 1 Year | Shredded |
| CD's | Locked Drawer | |||
| USB's | Email Server | 2 Years | Deleted upon clients’ request | |
| Outlook Address Book | Online | Secure Account | Indefinite | |
| Employee Records | Hard copy files & Scanned | Server / Office | 3 Years | Permanent Deletion / Shredded |
| Accident Book | Book | Office | 7 years | Shredded |
| Invoices | Raised electronically & Printed | Server / Office | 7 years | Permanent Deletion / Shredded |