1. Introduction and Scope
This Personal Data Protection Policy (“Policy”) describes the privacy practices of Eriksen Translations’ website, web applications, and portals. This Policy sets out important information to provide you with a clear understanding of the Personal Data we collect from you, why we collect it, how it is used and shared, and your choices regarding the use of this data.
As a data controller in accordance with the 2016/379/EC (GDPR) regulation of the European Commission, Eriksen Translations values your privacy and cares about the way in which your personal data is treated.
We are committed to:
- Ensuring that we comply with the eight data protection principles, as listed below
- Meeting our legal obligations as laid down by the Data Protection Act 1998
- Ensuring that data is collected and used fairly and lawfully
- Processing personal data only in order to meet our operational needs
- Taking steps to ensure that personal data is up to date and accurate
- Establishing appropriate retention periods for personal data
- Ensuring that data subjects’ rights can be appropriately exercised
- Providing adequate security measures to protect personal data
- Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
- Providing adequate training and ensuring all staff responsible for personal data are aware of good practices in data protection
- Ensuring that everyone handling personal data knows where to find further guidance
- Ensuring that queries about data protection, internal and external to the organization, are dealt with effectively and promptly
- Regularly reviewing data protection procedures and guidelines within the organization.
Data protection principles:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.
- Appropriate technical and organizational measures shall be taken against unauthorized and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
By using our services and technology solutions, and by seeking work or employment from us, you consent to the privacy practices described in this Policy. If you do not agree with any part of this Policy, please do not provide your Personal Data to us.
You can withdraw consent to the use of your personal data at any time by clicking the unsubscribe link in the footer of any marketing emails you receive from us, or by contacting us at firstname.lastname@example.org.
3. What is Personal Data?
3.1. Personal Data
Personal Data is data which contains any information relating to:
- an identified or identifiable living person – an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name; or
- an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We will only control and/or process Personal Data where the collection of Personal Data is necessary for us to manage our business relationship with you or your organization, whether in connection with the provision or procurement of services or as your client, employer or former employer, including processing payments, accounting, auditing, billing and collection and related support services.
3.2. Special Categories of Personal Data
Our Services do not require us to collect ‘Special Categories’ of Personal Data from you.
A Special Category of Personal Data is information which is of a ‘sensitive nature’ such as information relating to:
- Race or ethnic origin;
- Health information including biometric or genetic information;
- Information relating to children;
- Philosophical, political or religious beliefs;
- Sexual preferences or practices; or
- Criminal convictions and records.
4. What type of Personal Data do we collect?
We may collect the following types of Personal Data from you:
4.1. Basic information, such as:
- Your name (or title);
- Contact information such as your residential/mailing address, telephone or mobile number and email address;
- Business and industry information such as your business name, the industry your business is in and the size of your business;
- Employment history and education for potential, current and former employees;
- Industry experience and education for suppliers;
- Financial billing information that we require to process payment for the services that were provided.
5. What Personal Data do we process?
We will always process Personal Data lawfully, fairly and in a transparent manner. Processing means any operation we perform on Personal Data that is considered collection, storage or erasure of the Personal Data.
We will only process Personal Data, where:
- You have provided us with explicit consent to undertake the processing;
- The action of processing is a result of your direct instruction;
- The processing is necessary to provide our Services to you; or
- The processing is necessary for us to comply with any legal obligations.
6. How do we use your Personal Data?
6.1. Primary Purposes
The primary purpose for which we control and process your Personal Data is to manage our business relationship with you or your organization, whether in connection with the provision or procurement of services or as your client.
This includes using your Personal Data for the following purposes:
- Preparing a quote or estimate for you;
- Providing training on our technology as a client or a vendor;
- Establishing your account to provide you with the Services you have elected to purchase or receive from us;
- Notifying you of new Services;
- Alerting you to update any outdated data we had collected from you in the past;
- Processing payment for the Services, including internal accounting or administration;
- Providing your Personal Data to our related entities for the purposes of administration, storage, advisory or technical services; and
- Any other purposes as authorized or required by law.
6.2. Secondary Purposes
We may also use your Personal Data for secondary purposes, such as:
- Evaluating your satisfaction and seeking feedback on our Services and/or performance; or
- Sending you targeted marketing materials in relation to events, industry trends, etc.
On occasion, we use clients’ names and testimonials on our websites and/or our social media. Your consent will always be obtained prior to posting a testimonial.
6.3. Purposes Outside of Our Control
Any Personal Data that you choose to submit or post online on public forums and platforms may be read, collected, or used by others who visit these forums and platforms and may be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in these forums.
7. How do we collect your Personal Data?
7.1. Information collected from you directly
We will only collect Personal Data directly from you with your consent and through:
- Forms you submit online through our website (for example; Web Quote Request, Vendor Portal);
- Other communications we have with you, which may include industry events, meetings, telephone conversations, paper forms and other documents you give us;
7.2. Information collected from you indirectly
8. Do we ever disclose your Personal Data to third parties?
We may disclose your Personal Data to third parties in accordance with this clause, however, any disclosure must be directly related to the primary purpose of providing Services to you in accordance with this Policy. Please note that we do not engage in the sale or trade of Personal Data under any circumstance.
For the purposes of this Policy, “Disclose and Disclosure” means to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal data to another person or entity. Third Party/Parties mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process your Personal Data.
We may disclose your Personal Data to third parties performing services for us for the purposes described in this Policy. These services include processing and storing information on servers that may be located in jurisdictions outside of your country of residence.
Other instances where we might be required to Disclose your Personal Data to a third party:
- To respond to a legal process such as a court order or subpoena or to comply with the requirements of applicable law;
- To protect the safety of any person; or
- To address fraud, security, or technical issues of the same nature;
Your Personal Data may therefore be subject to privacy laws that are different from those in your country of residence. Personal Data collected within the European Union (including the United Kingdom and Switzerland) may be transferred to and processed by third parties, located in a country outside of these areas, where your Personal Data may be subject to reduced rights. All third parties engaged by us must deal with the information we disclose in accordance with our legal obligations (including entering into vendor agreements), privacy, confidentiality and security standards.
Under no circumstances are third parties authorized by us to use or control the Personal Data they receive from us for any other purpose for which we engaged them. If you have concerns about the transfer of your Personal Data to third parties for the purpose of processing, please contact us in accordance with clause 13 below.
9. How do we keep Personal Data safe?
We have an obligation to ensure that your Personal Data is protected from unauthorized processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your Personal Data is protected appropriately. These measures have been implemented and are reviewed regularly to protect your Personal Data from scenarios which may result in the accidental or unauthorized disclosure of your Personal Data as mentioned above.
Security measures, processes and encryption algorithms (including SSL protocols) are also audited by a third party on a monthly basis to ensure that we are adhering to and applying best practices to our implementation, management and use of security protocols.
In the unlikely event there is a data breach, we will (without delay) notify the relevant data protection authority, unless the breach is not likely to present any risk to your rights.
10. For how long do we keep your Personal Data?
We will only keep your Personal Data for as long as necessary to fulfill the purposes for which we are processing your Personal Data unless the law requires us to retain it for longer. For example, under New York State law, we are required to keep billing information and details, and all documents about your business transactions with Eriksen for seven years.
11. What are your rights in relation to the Personal Data we collect?
You have rights with respect to your Personal Data. Specifically, you may exercise your right to:
- Request access to and obtain copies of any Personal Data we have collected from you or from public forums and platform;
- Request that your Personal Data be provided to you in a format that can be easily read;
- Modify or rectify your Personal Data if it is no longer accurate;
- Request the erasure of your Personal Data (more commonly referred to as the “Right to be Forgotten”) if you believe it is no longer necessary for the purposes of which it was originally collected; and/or
- Restrict or object to the collection or processing of the Personal Data we have collected from you. This includes your ability to withdraw consent previously given at any time.
If you wish to exercise any of the above rights, please send your request to email@example.com.
If you are in the European Union, you may also have the right to complain to the Information Commissioner or to your local data protection supervisory authority if you are unhappy with our privacy practices.
12. Contact Us
If you have any questions or complaints in relation to this Policy or our use of your Personal Data, or if wish to inform us of a change or correction to your personal information or would like a copy of the information we collect on you in relation to this Policy or our use of your Personal Data, please email us at firstname.lastname@example.org or write to:
Address: 50 Court Street, Suite 700, Brooklyn, NY 11201
Att.: Vigdis Eriksen, Founder & CEO
13. Changes to this Personal Data Protection Policy
We may amend this Policy from time to time in order to continue ongoing compliance with applicable privacy regulations. If there are significant changes made to this Policy, we will notify you.
This policy was last updated on June 5, 2018.