This Privacy Policy explains how Martin Henderson (the Business, "we") processes personal data in the course of providing specialised legal financial translation services to corporate and professional clients.
We act as an independent data controller for the personal data that we process in connection with our services.
The personal data we process depends on the specific assignment, but may include:
• Identification and contact details, such as names, postal addresses, email addresses, telephone numbers and professional titles.
• Personal data contained in documents provided for translation or review, which may relate to employees, customers, counterparties or other individuals.
• Administrative and financial information, such as invoice details, bank account identifiers or tax information where required by law.
• Technical data generated by the use of our IT systems, such as IP addresses and security logs.
We process personal data only where we have a lawful basis under the General Data Protection Regulation (GDPR). The main purposes and legal bases are:
• Providing translation services: We process personal data as necessary to enter into and perform contracts with our clients. The legal basis is article 6(1)(b) GDPR (performance of a contract).
• Managing our relationship with clients and suppliers: This includes communication about projects, handling queries and maintaining records. The legal basis is article 6(1)(b) GDPR and, where appropriate, article 6(1)(f) GDPR (legitimate interests).
• Accounting and legal obligations: We process certain personal data to comply with legal obligations, such as tax and accounting laws. The legal basis is article 6(1)(c) GDPR.
• Security and fraud prevention: We may process technical and usage data to maintain the security of our systems and to prevent misuse. The legal basis is article 6(1)(f) GDPR (legitimate interests).
Most personal data is provided directly by clients when they send us documents, reference materials or contact details for the purpose of obtaining translation services.
In some cases, personal data may be contained in documents that our clients have received from third parties and that they provide to us for translation. We do not collect personal data directly from those individuals.
We do not sell or trade personal data. Personal data is shared only where necessary for the purposes described above or where required by law.
We may use carefully selected third party service providers who act as data processors on our behalf. These include, for example, providers of secure email and cloud infrastructure, and providers of terminology or translation management services.
Where we use processors, we ensure that appropriate data processing agreements are in place and that the processors provide sufficient guarantees of security and compliance with the GDPR.
We aim to keep the processing of personal data within the European Economic Area (EEA) by selecting European datacentres and service options wherever possible.
If personal data must be transferred outside the EEA, this will only take place where an adequate level of protection is ensured, for example based on an adequacy decision of the European Commission or standard contractual clauses. Where such transfers occur, this will be described in the relevant service documentation where appropriate.
We retain personal data only for as long as necessary for the purposes for which it was collected, and to comply with legal, accounting or reporting requirements.
In general:
• Client project files are retained only for as long as they are reasonably needed for the performance of the services, handling queries and any applicable limitation periods.
• Administrative and financial records are retained for the periods required by tax and accounting law.
• Security logs are retained for the shortest period compatible with security monitoring needs.
More detailed information on retention periods is available on request.
We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
These measures include, among others, encryption of data at rest and in transit, the use of secure VPN connections, strict access control, pseudonymisation of documents where compatible with the assignment and regular backups. Further information is set out in our Information Security and Data Protection Policy.
Under the GDPR, individuals whose personal data we process have a number of rights, subject to certain conditions and exceptions. These include:
• The right of access to their personal data.
• The right to rectification of inaccurate data.
• The right to erasure of data in certain circumstances.
• The right to restriction of processing in certain circumstances.
• The right to object to certain types of processing, including processing based on legitimate interests.
• The right to data portability, where processing is based on consent or contract and carried out by automated means.
Requests to exercise these rights can be made using the contact details below. We may need to request additional information to verify the identity of the requester. We will respond without undue delay and in any event within the time limits set out in the GDPR.
If you have any questions about this Privacy Policy or about how we process personal data, you can contact Martin Henderson using the contact details provided on our website or in our service documentation.
If you are not satisfied with our response, you also have the right to lodge a complaint with the competent data protection supervisory authority in the EU member state of your habitual residence, place of work or place of the alleged infringement.