STB Ltd (‘Surrey Translation Bureau’, ‘STB’, ‘we’ or ‘us’) prides itself on its commitment to privacy and all data received is assumed confidential, unless in the public domain. This Privacy Notice outlines the information we collect about you, how we use, disclose and otherwise manage this information and the choices you have to restrict our usage of this information in the context of GDPR and the UK Data Protection Act 2018. This Privacy Notice is subject to review and updates.
For the purposes of Data Protection Legislation:
- • Where we process any personal data in our own capacity, meaning that it has been provided to us in circumstances where we determine the purposes and means of the processing (for example, you give us your personal contact details), we will be the Data Controller.
- • Where we process personal data on behalf of your organisation as part of a contract we perform for you, we may process a wide variety of types of personal data relating to you and your employees, your customers and other data subjects. Where we do so we will be the Data Processor of that personal data.
You may interact with us in several different ways including via our website, our business representatives or our newsletters. You may be a retail customer or an enterprise customer (business, charity or local authority for example). Or you may be one of our employees, a prospective member of staff, or a member of our subcontractor community (including freelance translators and supplier agencies). This document covers the categories of personal information we collect through each of the ways you interact with us and the type of services you take from us.
What can be classified as personal data?
Personal data is anything that can make a living individual identifiable and in the case of STB this includes pieces of information such as, but not limited to, names, job titles, contact details, photographs, CVs and online identifiers (such as IP and email addresses). You may also provide us with other personal information as part of the work you ask us to undertake.
We collect and keep other non-personal information with the same level of confidentiality, for example business and financial details.
Information collected via our website
You can visit our site (https://www.surreytranslation.co.uk) without telling us who you are or providing us with any personal information. However, we may collect the I.P. (Internet protocol) addresses of all our website visitors and other related information to be used to improve our website.
We use a third-party service, Google Analytics, on our website to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
When you visit our website, you are presented with the option to “opt-in” to accept cookies, which we use with your Consent.
Making contact via our website
You may choose to consent to being contacted by us via the contact forms provided on our website in order for us to provide you with more information about our services, either via telephone or email. In this case we will collect and store your email address, plus name, phone number and any other information, if supplied. As an alternative method of contact you may click on one of the email addresses on our website. In this case the link will open your own email application and you will not need to enter your information on our website.
Information collected for our client newsletter
We publish a quarterly informative newsletter for our clients and other people that are interested in our services and in translation trends and developments.
We have two methods by which you may subscribe to our newsletter:
- • Anyone may choose to subscribe from our website. If you do subscribe, we use a “double opt-in” method to verify you are who you say you are. In order to send you the newsletter, we will collect your name and email address and your preferences. We process this personal information with your Consent.
- • We add all new clients to our client newsletter. Our lawful basis for doing this is Legitimate Interest.
We gather statistics around email opening and clicks using industry standard technologies.
You may withdraw your consent at any time by clicking the “unsubscribe” link contained in each newsletter and we will delete your information from the newsletter database.
Information collected about our customers
Why do we collect your personal information?
We collect information to help manage your interactions with us and to provide a quality service:
- • To perform the services that you have ordered from us;
- • To manage the services that we provide to you;
- • To invoice you for the services you have ordered from us;
- • To be able to answer questions you may have now and in the future about the services we have provided to you;
- • To tell you about our services; and
- • To help us run and grow our business.
We are also required to keep some information about you for legal reasons.
We will not collect any personal information from you we do not need, and we do not sell your information to third parties.
Information collected about our customers where we are the Data Controller
When you order a service from us, we will collect the personal information required to perform the service. This information may include your name, billing and email addresses, phone number and payment method.
You may also provide us with additional personal information through the documents you ask us to work on, such as marriage or birth certificates. You may also provide us with sensitive personal information such as about your health or for criminal record checks. When providing this information to us we may need to confirm the legal basis of processing with you. Where you provide personal information to us about another person (such as when requesting the translation of a marriage certificate) you will need to obtain the consent of the other person.
Our lawful basis for processing this personal information is Contract – the agreement in place between us or your acceptance of our terms and conditions of business.
We may retain some of your personal information to assist you in the future on the legal basis of Legitimate Interest. Many customers encourage us to keep records of their previous transactions and personal information in order for us to provide an easier and improved service on subsequent visits. If we have no record of your order history with us, we are unable to offer discounts on future transactions. If you do not wish us to retain your personal information, please let us know at the time of ordering.
Retention of personal information
We will keep personal details on our databases for customers, translators and other suppliers for a maximum of 5 years from the date of last contact with that person, unless there is a request to delete the information.
Personal information included in accounting records will be kept for a minimum of 7 years.
Information collected about our enterprise clients where we are the Data Processor
When we are retained to provide services on an ongoing arrangement we will be acting as a Data Processor in terms of the Data Protection regulations. In these cases, our processing of personal data will be subject to a Data Processing Agreement between ourselves and our customer.
Retention of personal information
We only keep your personal information as long as specified in the Data Processing Agreement, or as otherwise required by law.
Information collected about job applicants, current and former employees
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application on the legal basis of Contract. We will not share any of the information you provide during the recruitment process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will use the information you provide to assess your suitability for the role you have applied for.
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-contract checks. We need to confirm the identity of our staff, their right to work in the UK and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide proof of your identity and proof of your qualifications. We will contact your referees, using the details you provide in your application, directly to obtain references.
If we employ you, we will also ask you for the following:
- • Bank details – to process salary payments;
- • Information necessary for payroll and online filing with HMRC, including National Insurance number, P45 and P46 details; and
- • Emergency contact details – so we know who to contact in case you have an emergency at work.
During your employment with us we will collect and store information in your personnel file such as performance reviews and leave records.
Our legal bases for processing your personal information are:
- • (b) Contract – for information such as personal details, performance and education
- • (c) Legal Obligation – for information we are required to provide to statuary bodies such as HMRC and our pensions provider
Retention of employee personal information
If you become an employee, the information you provide during the application process will be retained by us as part of your personnel file for the duration of your employment plus six years following the end of your engagement with us.
If you are unsuccessful at any stage of the hiring process, the information you have provided until that point, and our notes (e.g. interview notes or linguistic assessments) will be retained for two years from your application on the legal basis of Legitimate Interest.
Who we share our employee personal information with
We share our employee’s personal information with HMRC and with our pensions provider, Aegon.
Information collected about subcontractors including freelance translators and supplier agencies
Information collected about subcontractors including freelance translators and supplier agencies
All of the information you provide during the freelance registration process will only be used for the purpose of progressing your application, on the legal basis of Contract. We will not share any of the information you provide during the registration process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the work you have applied for. We will use the information you provide to assess your suitability for the work you have applied for.
Once our pre-contractual checks are complete, freelancers will be required to sign a Freelancer Agreement with us. During your engagement with us we will collect and store information in electronic format on our database such as personal data, rates, qualifications and service offerings on the legal basis of Contract.
Your agreement with us will include terms requiring you act as a Data Sub-Processor and to adopt appropriate technical and operational measures to protect the personal information you receive from us.
Information collected for our freelancer newsletter
On signing our Freelancer Agreement, suppliers will be subscribed to our quarterly freelancer newsletter, which will contain information on our company and services, using the personal information provided. We gather statistics around email opening and clicks using industry standard technologies.
Our legal basis for processing personal information for the newsletter is Contract. You may unsubscribe from the newsletter at any time by clicking the “unsubscribe” link contained in each newsletter.
Retention of freelancer personal information
If you become a freelancer the information you provide during the application process will be retained by us as part of your database entry for the duration of your engagement with us, plus a further two years on the legal basis of Contract.
If you are unsuccessful at any stage of the registration process, the information you have provided until that point, and our notes (e.g. linguistic assessments) will be retained for two years from your application on the legal basis of Legitimate Interest.
Who we share our freelancer personal information with
We share our freelancer personal information with prospective clients, only if granted consent and if necessary, with the view to increasing business for both parties.
Who we share your personal information with
We use a number of service providers to enable us to deliver services to you and we share necessary portions of your personal information with them:
- • Our email provider is Microsoft with whom we have a Data Processing Agreement;
- • Backups of our data are held with Autotask with whom we have a Data Processing Agreement;
- • Our IT Services Provider, PAAC IT Ltd, has access to our email and data. We have a Data Processing Agreement with them;
- • Our website is hosted by AR Hosting in a UK data centre that complies with the EU’s data privacy regulations;
- • Our email newsletter provider, MailChimp, holds the personal information you provide that enables us to send you the newsletter. The information is only used for email newsletter subscriptions and no other purpose. MailChimp hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations;
- • Our CRM system, Maximizer, is a web accessed CRM portal that holds company records and contact records for our current clients. Maximizer hosts your information outside of the EU, but is an organisation that complies with the EU’s data privacy regulations;
- • Our HR system, BreatheHR, holds your personal information including contact details, performance and holiday records. The provider hosts your data in a UK data centre that complies with the EU’s data privacy regulations.
All of our service providers are required to maintain the confidentiality and security of your personal information and to use it only in compliance with applicable privacy laws. These companies are not authorised to use your information in any manner, other than in helping us to provide you with products and services or as otherwise required by applicable law.
We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.
Security of your personal information
We maintain reasonable administrative, technical and physical safeguards in an effort to protect against the loss, theft, unauthorised access, use, modification and disclosure of personal information in our custody and control. We only provide access to personal information to staff, contractors and authorised service providers who require such information for the purposes described in this Privacy Notice.
To provide you with an increased level of security, online access to certain personal information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.
Sale of our business
In the event of a merger or transfer of our business to a new owner we may transfer or share information we have about you to a third-party acquirer.
Privacy Notice changes
We may periodically update this Privacy Notice for new, unanticipated uses not previously disclosed. Any changes made will be posted here. We will treat your personal information in accordance with the Privacy Notice in place at the time your information was collected.
This policy was last updated in October 2018.
How to contact us about your personal information
Please do contact us with any questions or concerns about our Privacy Notice.
If you wish to access or update the personal information we have about you, or to correct factual errors in our records, please email us or write to us at the addresses below. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making corrections.
Senior Compliance Officer
Telephone: +44 (0)1252 733 999
You can request a copy of the personal information we hold about you at any time. If you believe that the information we process about you is incorrect you can request to see this information, and have it corrected or deleted. If we are providing a service to you under contract, then it may not be possible to delete your information. We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records. Please make such an access request in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request, we will advise you accordingly.
If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office at https://ico.org.uk/.