DATA PROTECTION POLICY & PRIVACY NOTICE
Section One – Data Protection Policy
Universal Language Solutions Ltd, Registered Company 09002776
Provident House, Burrell Row, Beckenham. BR3 1AT.
ULS provide language translation services by matching their professional translators to projects in a bespoke service tailored to requirements.
For any queries regarding the content of this Policy Document and Privacy Notice, or any requests to access data held, please contact Colin Allinson, Head of Operations on 0208 249 6464, or firstname.lastname@example.org
ULS is registered with the Information Commissioner’s Office, reference ZA394954
The person responsible for Data Protection and Information Security is the Managing Director, Manitu Szerman.
UNDERSTANDING OUR OBLIGATIONS
ULS have assessed and documented all processing activities conducted regularly, those exposing data to a high-risk and any sensitive personal data. These activities have been justified using the Legal Bases and Special Conditions provided in the Regulations and written into a Privacy Notice, please see Section Two of this document. The Privacy Notice is available to all Interested Parties on our website, universallanguagesolutions.co.uk
DATA SUBJECT ACCESS RIGHTS
Individuals have the right to request details of any personal information that ULS may hold on you, and you have increased rights regarding our use of that information, including;
- The right to request rectification of information that is inaccurate or out of date
- The right to erasure of your information (also known as “the right to be forgotten”)
- The right to restrict the way in which we are dealing with and using your information
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”)
ULS acknowledges that any person may ask if any information is held containing their personal data. ULS will respond to written requests as soon as possible, not taking any longer than 30 days to provide copies of any data held. The company shall correct any errors if requested, and agrees to delete records where this is permitted under the Legal Basis.
REVIEW OF DATA PROTECTION POLICY AND PRIVACY NOTICE
Data Protection is a standing agenda item at the ULS Management Review Meeting and the Trustees Board Meeting; this includes a review of the Data Protection Impact Assessment and Privacy Notice for relevance and accuracy. The documents, and this policy document, shall be reviewed in full at least annually.
Every effort is made to manage the personal information held by ULS in a responsible and secure manner. To this end, all networked equipment is encrypted and password protected, stored on encrypted Cloud servers. This is backed up by our IT provider, Resonate Cloud Services. Two Factor Authentication is used on all mobile devices.
Cloud based Google Drive used for Project File Management enables restricted access to assigned Project Managers only.
Staff using mobile phones to access business information, including emails, are asked to add PIN or Fingerprint security, and ensure that the operating system updates are downloaded when available.
Hard copy personnel files are kept in a locked cabinet in a locked office with limited key-holders. Access to the building is managed by a manned reception.
In the event of a breach, such as a break-in, loss or theft of a laptop or phone, all staff and current clients will be made aware. If there is a serious risk of personal data being misused, then all contacts will be informed and the incident reported to the Information Commissioner’s Office within three days of the breach being discovered; ULS will then take guidance on further action from the ICO.
Section Two – Privacy Notice
All documents remain the property and intellectual property of the client.
PROCESSING ACTIVITY STATEMENTS
Purpose/justification – Legal Basis / Special Condition
Receipt and return of translation file documents, preferred method is using Cloud based Google Drive, though some clients prefer an email exchange and this is used where requested – Contract
Review and assessment of translation required to appoint suitable linguist – Contract
Where required, translation documents are converted to an alternative format before sending to Linguist – Contract
INSIGHTLY CRM SOFTWARE
Retention of previous translation services to optimise future customer service – Legitimate Interests
Retention of basic contact details for the provision of services – Contract
DATABASE OF CONTACT INFORMATION FOR BUSINESSES
Business contacts from networking and referrals for the promotion of ULS – Legitimate Interests
Cookies are text files generated by the website and stored on the user’s computer partly for marketing purposes and Lead Generation – Legitimate Interests
Mailchimp, an online marketing platform and an email marketing company, is used to send emails on behalf of ULS for marketing purposes – Legitimate Interests
Evidence of ULS activities and responsible persons are provided in the application and audit process for certification to ISO 9001, Institute of Translation & Interpreting and Chartered Institute of Linguists – Legitimate Interests
ABSENCE MONITORING AND APPRAISALS
To monitor performance, sickness and holiday absences – Legitimate Interests
HR ISSUES, CONSULTANT
The occasional referral to QBH Solutions for the purposes of consultation on HR Documents such as Contracts of Employment, and for assistance with resolution on disciplinary and grievance issues – Legitimate Interests
THIRD PARTY PAYROLL
Payroll is managed by a third party, Aims Accountancy, as the resource for this isn’t yet available internally – Legitimate Interests / Special Condition B Legal Compliance
Retention of application form and contract, copies of identification and qualifications where applicable – Legal Obligation / Special Condition B Legal Compliance
Retention of copies of identification, CV and qualifications, contact information and country of residence where applicable – Legal Obligation / Special Condition B Legal Compliance
Retention of workplace accident records – Legal Obligation / Special Condition B Legal Compliance
SHARED DATA / DATA CONTROL
Data will only be shared with the supplier(s) directly involved with the project (i.e. translators / linguists). All suppliers are bound to full confidentiality as stipulated in the terms of our Supplier Agreement.
The ‘Data Controller’ is the customer. ULS acts as the data processor and does not claim control over the data supplied by customers. Customers may reserve the right to have ULS delete or return any data as they wish.
*For some translation projects, the client requests the identity of the Linguist, this is shared via the secure Cloud-based system.
Control of Records
|Quotes||Google Drive Email / Server||2 years||Permanent Deletion|
Email / Server
|Guidance from code||Permanent Deletion|
|Translation Files||Hard copy||Locked drawer||1 Year||Shredded|
Email / server
|2 Years||Deleted upon clients' request|
|Outlook Address Book||Online||Secure Account||Indefinite|
|Employee Records||Hard copy files & Scanned||Server / Office||3 years||Permanent Deletion / Shredded|
|Accident Book||Book||Office||7 years||Shredded|
|Invoices||Raised electronically & Printed||Server / Office||7 years||Permanent Deletion / Shredded|