|
|
<BACK
Privacy Notice
Due to the nature of our work, we are splitting this privacy notice into two sections. Section 1
is about your personal data (contact details, etc.) which you exchange with us in the course of
setting up a business relationship with IT&T.
Section 2 concerns personal data which may be present in the documents you provide to us
for translation.
Section 1: Your personal data
IT&T acts as a data controller, and as such has contractual reasons for
obtaining and keeping personal data you provide to us as a representative of your company.
We only collect basic personal data about you which does not include any special types of
information or location based information. This does, however, include name, company or
personal email address, company or personal address, and one or two phone numbers
(landline and/or mobile).
How we collect your data
IT&T only collects your data directly from you. We do not engage third parties
to provide us with your personal data.
Why we need your data
We need to know this basic personal data in order to provide you with on-going
organisational updates and information in line with our overall contract with you. We will not
collect any personal data from you that we do not need.
What we do with your data
All the personal data we process is processed by our staff in the Netherlands and in Italy however for the purposes
of IT hosting and maintenance this information is located on servers within the European
Union. No third parties have access to your personal data unless the law allows them to do so.
We have an Information Security Policy in place to oversee the effective and secure
processing of your personal data.
How long we keep your data
We are required under Dutch tax law to keep your basic personal data (name, address, contact
details) for seven years, after which time it will be destroyed.
What are your rights
If at any point you believe the information we process on you is incorrect, you can request to
see this information and have it corrected or deleted. If you wish to raise a complaint on how
we have handled your personal data, you can contact us to have the matter investigated.
Please see the Subject Access Request page on our website for more
information: https://www.itandt.net/gdpr/subject-access-request-policy/
If you are not satisfied with our response or believe we are processing your personal data not
in accordance with the law you can raise a complaint to the Dutch Data Protection Authority https://autoriteitpersoonsgegevens.nl/en/
Section 2: Personal data contained within documents for translation
As the primary data controller it is your obligation to ensure that you have consent from the
data subject or otherwise lawful grounds for sending us content containing personal data for
translation.
This is especially true for content containing special categories of personal data.
IT&T acts as both a data processor and a joint controller of personal data
present in documents for translation. This is because in order to fulfil our contracts with you,
we need to engage sub-processors, and therefore have responsibility over how your data
reaches them.
What we do with personal data in content for translation
We do not extract personal data in translation content for processing outside the context of
the translated documents.
For the purposes of IT hosting and maintenance the files are stored on servers within the
European Union.
We have an Information Security Policy in place to oversee the effective and secure
processing of data within documents for translation, including personal data.
Entire documents for translation are shared using secure means with approved and compliant
third party language service suppliers as part of pre-contractual enquiries and then as part of
the contract fulfilment.
Third Country Data Transfers
For the fulfilment of some contracts, we may need to transfer the data to language service
suppliers outside of the EU and EUÕs list of Adequate Countries. This is because most Chinese
translators, for example, are based in China. If we need to send a document outside the
EU/EEA in order to fulfil your contract (in accordance with article 49b of the GDPR regulations),
we will inform you. It is up to you to make sure the data subject is also aware of this and gain
their explicit consent.
Special Categories of Personal Data
If your documents contain special categories of personal data belonging to a third party data
subject, it is your obligation to obtain the relevant consent and establish lawful grounds for the
processing of that data according to articles 6 and 9 of the regulations.
We will make every effort to identify special categories of personal data within documents you
provide to us prior to starting the translation workflow so appropriate measures can be taken.
We might ask you to redact identifiable information in order for us to minimise risk to the data
subject before starting the translation workflow, especially if the contract would necessitate
sending the document to language service suppliers outside of the EU/EEA.
No documents containing special categories of personal data will be stored in a Translation
Memory (TM).
How long we keep your data
We are required under Dutch tax law to keep your basic personal data (name, address, contact
details) for seven years, after which time it will be destroyed.
What are your rights
If at any point you believe the information we process is incorrect you can request to see this
information and have it corrected or deleted. If you wish to raise a complaint on how we have
handled personal data within documents for translation, you can contact us to have the matter
investigated. Please see our Subject Access Request page on our website for more
information: https://www.itandt.net/gdpr/subject-access-request-policy/
If you are not satisfied with our response or believe we are processing your personal data not
in accordance with the law you can raise a complaint to the Dutch Data Protection Authority https://autoriteitpersoonsgegevens.nl/en/
<BACK
|
 |
|
