This notice outlines the information I may process and hold on you at various stages of our working relationship — whether you’re a casual browser or a long-term client. It also explains why I gather this information, how it is stored, how long I store it for and what you can do if you have any questions or concerns. I will update it whenever necessary to make sure it reflects my current practices, so if we work together regularly, please check back from time to time.
Thank you for visiting the Tinta Viva Translation website! I hope you have found everything you need. Tinta Viva Translation (that’s me) places great value on your trust, and is committed to keeping any personal data collected from you as private and secure as possible. (In fact, I believe that we should all be free to browse the internet and make use of the services we require in a straightforward and honest way, without being tracked, spammed or profiled — and I want my little corner of the internet to reflect that.)
So, here’s what you need to know…
I, Ruth Grant (trading as Tinta Viva Translation) will be the ‘controller’ of any personal data you provide to me, or any information gathered through this website. Please take a moment to read through the sections below. If you think I’ve missed anything, please let me know and I will happily add it in. You can also read my full Privacy and Data Security Policy here.
You can contact me by email at email@example.com or by phone on +44(0)1367 560 732.
This notice is effective as of 25 May 2018. It will be updated as necessary to reflect my business practices and developments in data protection law.
When you visit this website
As with almost all websites, when you visit Tintavivatranslation.com your IP address and other browser data will be automatically collected and shared with my hosting company, which is based in the UK and fully GDPR compliant. This data may include your MAC address, device manufacturer, model and operating system version, internet service provider, browser type and language, country and time zone and device metadata.
Logging this information is essential for security purposes and to monitor the general health of my website — collecting it helps protect the site from attack and unauthorised interference and ensures that it is able to function correctly. It is not used for any other purpose and no attempts are made to identify you as an individual through your IP address. This data is held securely on servers located in the UK for a maximum of 35 days.
This website also has a number of measures in place to protect it against malware and other malicious activity. This includes a firewall which monitors site traffic and activity on a daily basis, routes EU-based traffic through servers located within the EU and scans the site for security problems. It also includes a security plugin that protects it from attacks. The companies that provide these services may collect and temporarily store your IP address and other data transmitted by your browser as needed for these measures to operate effectively. This may include your device manufacturer, model and operating system version, internet service provider, browser type and language, protocol and version, response code, user agent, country and time zone and device metadata. They may also log the pages you visit while you are exploring the website. Again, this information is used only to keep my website safe and no attempts are made to identify you as an individual. It may be transferred outside of the EEA (European Economic Area), including to the USA, subject to the provisions of the Data Processing Agreements in place between myself and these companies. Under these agreements, they are bound to use your data only for the stated purposes and to implement rigorous measures to keep it safe, providing a level of protection equivalent to that assured in the EU. This data will be deleted within a maximum of 90 days, provided that it is not associated with an ongoing attack.
Under the GDPR, this data is collected on the grounds of ‘legitimate interest’; it keeps my website safe and working properly, which is essential to my ability to run my business and protect visitors to my site.
Please bear in mind that if you follow any links from Tintavivatranslation.com to other websites, the data-gathering practices and privacy policies of those sites will apply. You are advised to check those policies for yourself before accepting cookies from, or providing personal data to, a third-party site.
This website currently uses two cookies, both of which are ‘session cookies’ (they are deleted as soon as you close your browser). The first cookie is called ‘DYNSERV’. DYNSERV is a load-balancing cookie. It identifies you as a unique user for access and security purposes and tracks which web server is serving the site at the time. This helps manage traffic demand on my host server and keep the site functioning smoothly. This cookie is ‘strictly necessary’; the site cannot function correctly without it. It is set by my host server and does not collect any personal data. The second cookie is called ‘euCookie’. This cookie records whether or not you have clicked ‘OK’ to dismiss the cookie notice, so it won’t show on every page you visit. Again, this cookie is ‘strictly necessary’ as it is needed in order to comply with the laws governing cookies. It is set by me and does not collect any personal data.
When you contact me
When you contact me, I collect basic contact details (name, email address, telephone number and in some cases postal address) so that I can respond to your query and, potentially, work with you on a project. If your enquiry does not lead to us working together, I will keep your information for up to one year from our last contact, after which time it will be securely deleted.
I will collect only the information necessary to run my business and manage my working relationship with you, so I can:
a) provide you with the information you ask me for;
b) undertake and deliver translation, editing, proofreading or other language services as agreed with you;
c) ask for or provide additional relevant information;
d) keep you informed about my terms and conditions; and
e) provide you with other important updates about my business that might affect you (e.g. changes in my availability or pricing).
In terms of the GDPR, my lawful grounds for collecting, using and storing this data are: a) consent (you have given me this information for these purposes); b) legitimate interest (to run my business, I need to be able to communicate with clients and exchange the information we need to work together or discuss a potential project — and having a record of our communications is essential for accountability); c) (in some cases) performance of a contract (if we agree to work together); and d) (in some cases) legal requirement (if our communications include business records, such as invoices or purchase orders).
I will never sell or swap your data or pass it to any other organisation or individual unless I am legally required to do so.
I do not currently run a mailing list for marketing purposes, and I will not use your information for bulk marketing purposes without your specific and explicit consent (although my current clients may get some kind of festive greeting from me, either by email or post). If I set up a mailing list in the future, and I am still holding your contact details, I will get in touch to ask for your explicit consent to use your data for this purpose. You will, of course, have the right to modify or withdraw that consent at any time.
When we work together
If you commission me to work on a project for you, I am required by law to keep your basic contact details (name, address, telephone number and email address) for six years. After this period, if we have had no further contact, this information will be deleted.
If you send me material to be translated, edited, proofread or transcribed, and this material contains your personal data, I will process it (i.e. securely store it and, if relevant, translate it) in order to carry out the work you have contracted me to do. If the project materials contain personal information belonging to someone else, I will need to be satisfied that you have lawful grounds for passing that information to me under the General Data Protection Regulation (GDPR). I will ask you to confirm this by signing my terms and conditions before I begin work on your documents.
In terms of the GDPR, my lawful grounds for collecting, using and storing this data are: a) performance of a contract; b) legal requirement (by law, I need to keep records of my business activities for six years).
Identifiable personal data will be deleted from the project files and my translation memories one month after the project invoice has been paid, unless:
a) the text is already in the public domain, for example as with references in an academic paper or a blog post; or
b) you have asked for a certified translation for official purposes. In this case, the full text of the document will be retained for six years so that I can respond to any claims or queries arising in relation to my work. This also comes under the category of ‘legitimate interest’ under the GDPR.
All project files will be stored securely in accordance with my data security policy. I never outsource my work, so you can rest assured that your documents will not be passed to anyone else. I never use machine translation services or cloud-based work environments, unless my client asks me to use their own trusted systems.
Keeping your data safe
All of the data you provide is processed by me directly and stored in the UK. Whenever possible, personal data is stored in electronic rather than paper form, and I take rigorous measures to keep it safe and private.
Files containing personal data (and all documents relating to a translation, editing or proofreading project) are encrypted and stored on password-protected drives to which only I have access. To protect your data from accidental loss, theft or unauthorised access, they are backed up to secure, end-to-end encrypted cloud storage which only I can access, located on servers inside the EU.
If personal data must be stored in paper form, it is kept in locked files in my private home office. I never carry paper files about with me, so there is minimal chance of loss or theft.
My emails are all encrypted and stored in secure servers in Switzerland. I keep emails relating to projects I work on for six years (in order to comply with tax laws and in case of any query or claim relating to the work). After this time, they are securely deleted. If you send me an enquiry and you don’t ultimately commission work from me, I will keep this information for one year before deleting it. If I contact you to suggest working together, I will keep our correspondence for three years before deleting it. However, you can ask me to delete this information at any time (please see ‘Your Rights’ below). Under the GDPR, I retain email communication on the lawful grounds of a) legal requirement; and/or b) legitimate interest (a record of recent enquiries helps me communicate with you more effectively in future and stops me from sending the same information twice).
To read more about how I protect your data, please read my full Privacy and Data Security Policy.
You have the right to see any data I hold about you at any time. To do this, just get in touch using the contact details below. After acknowledging receipt of your request, I will provide you with a copy of your data within a maximum of 21 calendar days. If at any point you believe the information I hold on you to be incorrect, you have the right to ask me to amend it. If you would prefer me not to be holding any of your data at all, you can ask me to delete it. Please note that this will not always be possible, as in some cases I need to retain your data to comply with my own legal obligations. Again, I will respond and take the appropriate action within a maximum of 21 calendar days.
If you have asked me to delete all of your personal data, I will need to hold on to your name for the sole purpose of keeping a record of the request.
I will not charge you any fee for providing you with a copy of your data, amending your information or deleting it.
If you have any questions or concerns about how I process, store and use your personal data, please contact me, Ruth Grant, by email at firstname.lastname@example.org or by telephone at +44(0)1367 560 732. If after contacting me you are not satisfied with my response, or if you believe I am processing your information in a way that is not in accordance with the law, you can contact the UK Information Commissioner’s Office (https://ico.org.uk/).