STB Ltd (‘Surrey Translation Bureau’, ‘STB’, ‘we’ or ‘us’) prides itself on its commitment to privacy and all data received is assumed confidential, unless in the public domain. This Privacy Notice outlines the information we collect about you, how we use, disclose and otherwise manage this information and the choices you have to restrict our usage of this information under GDPR and the UK Data Protection Act 2018. This Privacy Notice is subject to review and updates.
For the purposes of Data Protection legislation:
• Where we process any personal data in our own capacity, meaning that it has been provided to us in circumstances where we determine the purposes and means of processing (for example, you give us your personal contact details), we will be the Data Controller.
• Where we process personal data on behalf of yourself or your organisation as part of a contract we perform for you (for example if we process personal data relating to you and your employees, your customers and other data subjects), we will be the Data Processor.
You may interact with us in several different ways including via our website, our business representatives or our newsletters. You may be an individual customer, retail customer or enterprise customer (business, charity or local authority for example). Or you may be one of our employees, a prospective member of staff or a member of our subcontractor community (including freelance translators and supplier agencies). This document covers the different categories of personal information we collect through your different interactions with us and the services we provide.
Please scroll down to learn more about the topic that is of interest to you:
• Information collected about our customers
• Information collected about job applicants, current and former employees
• Information collected about subcontractors including freelance translators and supplier agencies
• Who we share your personal information with
• Security of your personal information
• Transfer of business
• Changes to the Privacy Notice
• How to contact us about your personal information
• Your rights
What can be classified as personal data?
Personal data is anything that can make a living individual identifiable. In the case of STB this includes information such as, but not limited to, names, job titles, contact details, photographs, CVs and online identifiers (such as IPs and email addresses). You may also provide us with other personal information as part of the work you ask us to undertake.
We collect and store other non-personal information with the same level of confidentiality, for example business and financial details.
Information collected via our website
You can visit our site (https://www.surreytranslation.co.uk) without telling us who you are or providing us with any personal information. However, we may collect the IP (internet protocol) addresses of all our website visitors and other related information to help us improve our website.
We use a third-party service, Google Analytics, on our website to collect standard internet log information and details of visitor behaviour patterns. This helps us collect information such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
When you visit our website, you are presented with the option to “opt-in” to accept cookies, which we only use with your consent.
Making contact via our website
You may choose to consent to being contacted by us via the contact forms provided on our website in order for us to provide you with more information about our services, either via telephone or email. In this case we will collect and store your email address, plus name, phone number and any other information, if supplied. As an alternative method of contact you may click on one of the email addresses on our website. In this case the link will open your own email application and you will not need to enter your information on our website.
Retention of personal information
We will keep personal details on our databases for customers, translators and other subcontractors for a maximum of 5 years from the date of last contact with that person, unless there is a request to delete the information.
Personal information included in accounting records will be kept for a minimum of 7 years.
Information collected about our customers
Why do we collect your personal information?
We collect information to help manage your interactions with us and to provide a quality service:
• To perform the services that you have ordered from us;
• To manage the services that we provide to you;
• To invoice you for the services you have ordered from us;
• To answer questions you may have now and in the future about the services we have provided to you;
• To tell you about our services; and
• To help us run and grow our business.
We are also required to keep some information about you for legal reasons.
We will not collect any personal information from you that we do not need, and we do not sell your information to third parties.
Information collected about our customers where we are the Data Controller
When you order a service from us, we will collect the personal information required to perform the service. This information may include your name, billing and email addresses, phone number and payment method.
You may also provide us with additional personal information through the documents you ask us to work on, such as marriage or birth certificates. In addition, your documents may provide us with sensitive personal information such as about your health or criminal record. When providing this information to us we may need to confirm the legal basis for processing this information with you. Where you provide personal information to us about another person (such as when requesting the translation of a marriage certificate) you will need to obtain the consent of the other person.
Our lawful basis for processing this personal information is ‘Contract’ – the agreement in place between us or your acceptance of our terms and conditions of business.
We may retain some of your personal information to assist you in the future on the legal basis of ‘Legitimate Interest’. Many customers encourage us to keep records of their previous transactions and personal information in order for us to provide an easier and improved service on subsequent visits. If we have no record of your order history with us, we are also unable to offer discounts on future transactions. If you do not wish us to retain your personal information, please let us know at the time of ordering.
Information collected about our customers where we are the Data Processor
When we are retained to provide services as part of an ongoing arrangement we will be acting as a Data Processor in terms of the Data Protection regulations. In these cases, our processing of personal data will be subject to a Data Processing Agreement between ourselves and our customer.
Retention of customer personal information
We only keep your personal information for as long as specified in the Data Processing Agreement, or as otherwise required by law.
Information collected for our client newsletter
We publish a quarterly informative newsletter for our clients and other people that are interested in our services and in translation trends and developments.
We have two methods by which you may subscribe to our newsletter:
• Anyone may choose to subscribe from our website. If you do subscribe, we use a ‘double opt-in’ method to verify you are who you say you are. In order to send you the newsletter, we will collect your name, email address and preferences. We process this personal information with your consent.
• We also add all new clients to our client newsletter database. Our lawful basis for doing this is ‘Legitimate Interest’.
We gather statistics around email opening and clicks using industry standard technologies.
You may withdraw your consent at any time by clicking the ‘unsubscribe’ link contained in each newsletter. We will then delete your information from the newsletter database.
Information collected about job applicants, current and former employees
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application on the legal basis of Contract. We will not share any of the information you provide during the recruitment process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to contact you in order to progress your application. We will also ask you about your previous experience, education and referees, and for answers to questions relevant to the role you have applied for. We will use the information you provide to assess your suitability for the role you have applied for.
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-contract checks. We need to confirm the identity of our staff and their right to work in the UK, and also seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide proof of your identity and proof of your qualifications. We will contact your referees directly, using the details you provide in your application, in order to obtain references. If we employ you, we will also ask you for the following:
• Bank details – to process salary payments
• Information necessary for payroll and online filing with HMRC, including your National Insurance number, P45 and P46 details
• Emergency contact details – so we know who to contact in case you have an emergency at work
During your employment with us we will collect and store information in your personnel file such as performance reviews and leave records. Our legal bases for processing your personal information are:
• Contract – for information such as personal details, performance and education
• Legal Obligation – for information we are required to provide to statutory bodies such as HMRC and our pensions provider
Retention of employee personal information
If you become an employee, the information you provide during the application process will be retained by us as part of your personnel file for the duration of your employment plus six years following the end of your engagement with us.
If you are unsuccessful at any stage of the recruitment process, the information you have provided until that point, and our notes (e.g. interview notes or linguistic assessments) will be retained for two years from your application on the legal basis of Legitimate Interest.]
Who we share our employee personal information with
We share our employee personal information with HMRC, other Government departments with whom we are legally obligated to provide information, and with our pensions provider, Aegon.
Information collected about subcontractors including freelance translators and supplier agencies
All of the information you provide during the freelance registration process will only be used for the purpose of progressing your application, on the legal basis of ‘Contract’. We will not share any of the information you provide during the registration process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to contact you in order to progress your application. We will also ask you about your previous experience, education and referees, and for answers to questions relevant to the work you have applied for. We will use the information you provide to assess your suitability for the work you have applied for.
Once our pre-contractual checks are complete, subcontractors will be required to sign a Freelancer Agreement with us. During your engagement with us we will collect and store information in electronic format on our database such as personal data, rates, qualifications and service offerings on the legal basis of ‘Contract’.
Your agreement with us will include terms requiring you to act as a Data Sub-Processor and to adopt appropriate technical and operational measures to protect the personal information you receive from us.
Information collected for our freelancer newsletter
On signing our Freelancer Agreement, subcontractors will be subscribed to our quarterly freelancer newsletter – which contains information on our company and services – using the personal information provided. We gather statistics around email opening and clicks using industry standard technologies.
Our legal basis for processing personal information for the newsletter is ‘Contract’. You may unsubscribe from the newsletter at any time by clicking the ‘unsubscribe’ link contained in each newsletter.
Retention of subcontractor personal information
If you become a subcontractor the information you provide during the application process will be retained by us as part of your database entry for the duration of your engagement with us, plus a further two years on the legal basis of ‘Contract’.
If you are unsuccessful at any stage of the registration process, the information you have provided until that point and our notes (e.g. linguistic assessments) will be retained for two years from your application on the legal basis of ‘Legitimate Interest’.
Who we share our subcontractor personal information with
We share our subcontractor personal information with prospective clients, only if granted consent and if necessary, with the view to increasing business for both parties.
Who we share your personal information with
We use a number of service providers to enable us to deliver services to you and we share necessary portions of your personal information with them:
• Our email provider is Microsoft with whom we have a Data Processing Agreement.
• Backups of our data are held with Autotask with whom we have a Data Processing Agreement.
• Our IT services provider, PAAC IT Ltd, has access to our email and data. We have a Data Processing Agreement with them.
• A back-up server is located at a data centre (RapidSwitch) in the UK.
• Our website is hosted by AR Hosting in a UK data centre that complies with the EU’s data privacy regulations.
• Our email newsletter provider, MailChimp, holds the personal information you provide that enables us to send you the newsletter. The information is only used for email newsletter subscriptions and no other purpose. MailChimp hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations.
• Our translation management system, Plunet, is a web-accessed portal that holds company records and contact records for our current clients. Plunet hosts your information within the EU, but is an organisation that complies with the EU’s data privacy regulations.
• Our HR system, BreatheHR, holds your personal information including contact details, performance and holiday records. The provider hosts your data in a UK data centre that complies with the EU’s data privacy regulations.
All of our service providers are required to maintain the confidentiality and security of your personal information and to use it only in compliance with applicable privacy laws. These companies are not authorised to use your information in any manner, other than to help us provide you with products and services or as otherwise required by applicable law.
We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.
Security of your personal information
We maintain reasonable administrative, technical and physical safeguards in an effort to protect against the loss, theft, unauthorised access, use, modification and disclosure of personal information in our custody and control. We only provide access to personal information to staff, contractors and authorised service providers who require such information for the purposes described in this Privacy Notice.
To provide you with an increased level of security, online access to certain personal information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.
Transfer of business
In the event of a merger or transfer of our business to a new owner we may transfer or share information we have about you to a third-party acquirer.
Changes to the Privacy Notice
We may periodically update this Privacy Notice for new, unanticipated uses not previously disclosed. Any changes made will be posted here. We will treat your personal information in accordance with the Privacy Notice in place at the time your information was collected.
This policy was last updated in May 2021.
How to contact us about your personal information
Please do contact us with any questions or concerns about our Privacy Notice.
If you wish to access or update the personal information we have about you, or to correct factual errors in our records, please email us or write to us at the addresses below. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making corrections.
HR and Compliance Officer
Telephone: +44 (0)1252 733 999
You can request a copy of the personal information we hold about you at any time. If you believe that the information we process about you is incorrect you can request to see this information, and have it corrected or deleted. In situations where we are a Data Processor to another organisation who is the Data Controller we may not have the legal right to perform a Subject Access Request for an individual. In these situations, we will pass your request to the relevant Data Controller. We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records. Please make such an access request in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request, we will advise you accordingly.
If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can submit a complaint to the Information Commissioner’s Office at https://ico.org.uk/.