Privacy Policy & GDPR

This page contains details of our company Privacy Policy, our adherence to the GDPR and our treatment of your personal data here at Atlas Translations.
Atlas Translations Ltd are committed to protecting and respecting your privacy.

We take our duty to process your personal data very seriously. This privacy policy, our terms of use, and any referenced documents set the basis for processing your personal data. By “personal data”, we refer to any of your personal data collected from you or that you provide.

Please read the following privacy policy carefully. We want you to understand our views and practices regarding your personal data and how we will treat it.

1.0 Policy

1.1 Policy Statement

We are committed to safeguarding the privacy of all visitors to our website, all service users, clients, and customers, as well as service providers/suppliers and employees. We take our duties to GDPR and privacy very seriously.

1.2 Purpose of Policy

This policy sets out our approach to the collection and processing of personal data. It explains what personal data we might collect and how this data will be processed and stored by us. The policy also covers personal data that you provide to us.

1.3 Scope of Policy

This policy applies where Atlas Translations is acting as a data controller concerning personal data. In other words, it applies where Atlas Translations determines the purposes and means of the processing of that personal data.

2.0 Website

2.1 Our Website

This section will set out the ways in which personal data might be gathered and processed in the context of our Website.

2.2 Cookies on Our Website

Please visit this link to read about our Cookie Policy.

2.3 LiveChat

We also make use of a LiveChat service on our website which allows us to respond to enquiries in  real time. Further information on this service and its Privacy Policy can be found here.

2.4 Call Back Service

In addition to this, we use a Call Back service, which enables clients or prospective customers to request that we phone them to respond to inquiries. The system we use is ResponseiQ. Further details about their Privacy Policy can be found here.

3.0 Other Personal Data

We may also collect other types of Personal Data from you. Section 3 outlines the type of data that might be collected, the reason for its collection and how this data is processed. This section also explains how and where this data is stored.

The following Personal Data may be collected:

3.1 Contact Data

We may process data enabling us to get in touch with you. This contact data may include your name, email address, telephone number, postal address, and/or social media account identifiers. The source of the contact data is you and/or your employer. If you log into our website using a social media account, we will obtain elements of the contact data from the relevant social media account provider. This information may come directly by filling in forms on our site www.atlas-translations.co.uk. This includes information provided and entered by prospective suppliers, with an interest in working with us. It also includes any information provided at the time of subscribing to our service, posting material, or requesting further services. We may also ask you for information when you report a problem with our site.

3.2 Account Data

We may process your website user account data. The account data may include your account identifier, name, email address, business name, account creation and modification dates, website settings, and marketing preferences. The primary source of the account data is you and/or your employer, although some elements of the account data may be generated by our website. If you log into our website using a social media account, we will obtain elements of the account data from the relevant social media account provider.

3.3 Transaction Data

We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website. It might also include Supplier Accounts Information so that we can process invoices and also for Tax and Accounting Processes. The transaction data may include your name, contact details, payment details, and transaction details. The source of the transaction data is you and/or our payment services provider.

3.4 Communication Data

We may process information contained in or relating to any communication that you send to us or that we send to you. If you contact us we may keep a record of that correspondence. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made through our website contact forms. We may also ask you to complete surveys that we use for research and customer feedback purposes.

3.5 Usage Data

We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is our analytics tracking system.

4.0 Data Security, Storage and Payment

This section sets out the security features within the Project Management System and Payment Systems that we use.

4.1 Introduction

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

4.2 PEDRO

“Pedro” refers to our bespoke project management program on which information is stored.

Pedro is written in ASP.net v4.5 and is hosted on a Windows-based VPS (Virtual Private Server) which is controlled by us and situated in the UK. Other uploaded documents are stored by us on another VPS which is also controlled by us but located in the USA. This is done following guidance issued by the Information Commissioner’s Office (ICO).

Pedro is secured by SSL Encryption at the front and back ends.

User passwords are stored in a hash format such that we have no access to them. No other data encryption is used in the database.

Pedro communicates via web API with a third-party application – QuickBooks Online – sending and receiving personal and other financial data. You can find further details about their Terms of Service and their EU Privacy Statement on their website. Backups of the Pedro Database and File Structure (including documents) are taken daily via an automatic process and are then uploaded to our secure cloud storage facility. We also stored work for 6 years on 2 separate hard drives (one held by the Director, the other by a Project Manager) off-site.

4.3 Payment

Atlas Translations takes payment via PayNow for Stripe. Details of this payment system can be found here.

This system has the highest level of security possible, and Atlas Translations never takes or stores sensitive card data. The app uses Stripe’s mobile API to encrypt and pass data to the Stripe server where it is securely processed as a CNP transaction. Stripe is certified to the highest level of PCI Compliance. 

Service Providers/Suppliers are mostly paid via bank transfer using the Monzo app; details of the app can be found here. Privacy details of the Monzo app can be found here. There are three other payment options available for service providers/suppliers:

  1. Wise.com
  2. American Express
  3. Paypal

Details of their security mechanisms can be found on each of their websites.

5.1 Legitimate Interests

In this Section, we have set out the purposes for which we may process personal data and the legal basis of this processing.

We use information held about you when it is in our Legitimate Interests to do so and when these interests do not override your interests and rights: namely, in the following ways:

5.2 Operations

We may process your data to operate our website, for the processing and fulfilment of contracts, to provide our services, generate invoices, bills, and other payment-related documentation, and credit control and for tax and accounting purposes. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services, and business, and/or the fulfilment of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

5.3 Publications

We may process account data to publish such data on our website and elsewhere through our services under your express instructions. The legal basis for this processing is consent and/or our legitimate interests, namely the publication of content in the ordinary course of our operations and/or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

5.4 Relationships and Communications

We may process contact data, account data, transaction data, and/or communication data to manage our relationships, communicating with you (excluding communicating for direct marketing) by email, text message, post, fax, and/or telephone, providing support services, and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers, and customer personnel, the maintenance of relationships, and the proper administration of our website, services, and business.

5.5 Direct Marketing

We may process contact data, account data, and/or transaction data to create, target, and send direct marketing communications by email, text message, post, and/or fax and make contact by telephone for marketing-related purposes. The legal basis for this processing is consent and/or our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users. We will inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for such purposes.

5.6 Research and Analysis

We may process usage data and/or transaction data to research and analyse the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is consent and/or our legitimate interests, namely monitoring, supporting, improving, and securing our website, services, and business generally. We may also ask you to complete surveys that we use for research and customer feedback purposes, although you do not have to respond to them.

5.7 Record keeping

We may process your personal data to create and maintain our databases, backup copies of our databases, and our business records generally. If you contact us, we may keep a record of that correspondence. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business under this policy.

5.8 Security

We may process your data for security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services, and business, and the protection of others.

5.9 Insurance and Risk Management

We may process your data where necessary for obtaining or maintaining insurance coverage, managing risks, and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

5.10 Legal Claims

We may process your data where necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or administrative or out-of-court procedures. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.

5.11 Legal compliance and vital interests

We may also process your data where such processing is necessary for compliance with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.

5.12 Links to other Websites  

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

5.13 Children

We only deal with clients and suppliers over the age of 18.

The Company recognises the special obligation to protect personally identifiable information obtained from children aged 13 and under. As such, if you are 13 years old or younger, the company requests that you do not submit any personal information to the site or to the company. If the Company discovers that a child aged 13 or younger has signed up on the Site or provided us with personally identifiable information, we will delete that child’s identifiable information from our records.

6.0  Information Disclosure

6.1 Disclosure of Your Information

This section outlines the circumstances in which we will disclose your personal information to third parties.

  • If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets.
  • If our business or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets.
  • We will disclose personal information if we are under a duty to disclose or share your data to comply with any legal obligation, to enforce or apply our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection, criminal investigations, national security, and credit risk reduction.
  • We may disclose personal information when we use other companies to provide services on our behalf. This applies to mailing or delivering orders via third-party companies such as Royal Mail. It also applies to notarisation and legalisation/apostille services, which are completed through a public notary and the Foreign, Commonwealth & Development Office respectively.
  • We may disclose aggregate statistics about our site visitors, supporters, customers, and sales to describe our services and operations to prospective clients, advertisers, and other reputable third parties and for other lawful purposes. These statistics do not include any personally identifying information.

Except under the above circumstances, supplier registration and referee information is not shared with anyone outside the office apart from our accountant and from Glint Media who are responsible for maintaining the platform that hosts Pedro and for providing updates and maintenance.

In the case of a VAT inspection, this information may also be shared with HMRC if requested.

This information is also viewed by Bureau Veritas during QA annual audits.

We will never sell or rent your personal information to other organisations.

7.0 International Transfers of Your Personal Data

7.1 Transfer of Personal Data

In this section, we provide information about the circumstances in which your personal data may be transferred internationally under UK and/or EU data protection law.

7.2 Transfer of data from the EEA to the UK

We may transfer your data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this policy, and may permit our suppliers and subcontractors to do likewise, during any period for which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law.

7.3 Transfer of data from the UK to the EEA

We may also transfer your data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our suppliers and subcontractors to do likewise, during any period for which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

8.0 Retaining and Deleting Personal Data

This section sets out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

8.1 Key Principles

  1. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  2. We retain information securely and as legally required for accounting purposes if we work with you.
  3. Any information we hold on you can be deleted upon request (as per the right to be “forgotten”, detailed in section 9 below).
  4. If you decide not to work with Atlas anymore or request that we have no further contact with you, we will keep some basic information to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.

8.2 Retention Details

We will retain your personal data as follows:

  1. Contact data will be retained for a minimum period of 6 years following the date of the most recent contact between you and us, and will be deleted sooner upon request;
  2. Account data will be retained for a minimum period of 6 years following the completion of the project or payment;
  3. Transaction data will be retained for a minimum period of 6 years following the date of the transaction;
  4. Communication data will be retained for a minimum period of 6 years following the date of the communication in question, and can be deleted earlier upon request;
  5. Usage data will be retained for 6 years following the date of collection;
  6. In addition, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.

9.0 Your Rights

In this section, we have listed the rights that you have under data protection law.

9.1 Your principal rights under data protection law are:

  1. The right to be informed -The right to transparency over how and why we process your personal information (the right to be informed) and with whom it is shared.
  2. The right to access – you can ask for copies of your personal data. This information will be provided within one month of the request being received.
  3. The right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data; a response to a rectification request shall be provided within one month of the request being received.
  4. The right to erasure/right to be forgotten – you can ask us to erase your personal data; a response to such a request shall be provided within one month of the request being received.
  5. The right to restrict processing – you can ask us to restrict the processing of your personal data; a response to such a request shall be provided within one month of the request being received.
  6. The right to object to processing – you can object to the processing of your personal data.
  7. The right to data portability – you can ask that we transfer your personal data to another organisation or to you.
  8. The right to complain to a supervisory authority – you can complain about our processing of your personal data.
  9. The right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
  10. Rights concerning automated decision-making and profiling – this means you have the right not to be subject to a decision when it is based on automated processing.

9.2 Limitations

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects here.

9.3 Exercising Your Rights

You can exercise the above rights at any time by contacting us in writing at:

Atlas Translations Ltd, Censeo House, 6 St Peter’s Street, St Albans, AL1 3LF, United Kingdom

OR via email at: clare@atlas-translations.co.uk

10.0 Policy Amendments

We may update this policy from time to time by publishing a new version on our website. You should check the relevant page occasionally to ensure you are happy with any changes that are made.

11.0 Our Details

This section sets out our company details

11.1 Our Company Registration

We are registered in the UK under registration number 04405340.

11.2 Our Website

This website is owned by Atlas Translations Ltd.

11.3 Our Registered Office

Our registered office is located at:

Atlas Translations Ltd, Censeo House, 6 St Peter’s Street, St Albans, AL1 3LF, United Kingdom

11.4 Our Principal Place of Business

Our principal place of business is:

Atlas Translations Ltd, Censeo House, 6 St Peter’s Street, St Albans, AL1 3LF, United Kingdom

11.5 How to Contact Us

You can contact us:

12.0 Data Control and Questions Relating to this Privacy Policy

We are registered as Data Controller, Registration Number Z8678346, in accordance with the current Data Protection Legislation.

Any changes we may make to our privacy policy in the future will be posted on the relevant page of our website.

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to:

Atlas Translations Ltd, Censeo House, 6 St Peter’s Street, St Albans, AL1 3LF, United Kingdom

Or via email: clare@atlas-translations.co.uk

ATC – Full membership of the ATC (Association of Translation Companies).

CIEP – Corporate membership of the CIEP (Chartered Institute of Editing and Proofreading) since 1993.

ISO 17100 – ISO 17100:2017 for Translation Services (since this standard began, in 2008, externally audited annually).

ISO 9001 – BS EN ISO 9001:2015 (certified since 2003, externally audited annually).

Living wage employer – As a living wage employer, we believe our staff deserve a wage which meets every day needs.

Mindful employer

Mindful employer – We are a mindful employer, working toward achieving better mental health at work.

Logo

Disability confident committed – We are Disability Confident Committed, ensuring our recruitment, communications and support are inclusive and accessible.

4-day week

4-day week employer since 2019

GBC_Accredited_Logo

Good Business Charter Member since 2022

The Slator Language Service Provider Index (LSPI) is a ranking and an index of the world’s largest translation, localization, interpreting, and language technology companies.

PIF

The Patient Information Forum promotes access to trusted and high-quality health information for the public and healthcare professionals.

Federation of Small Businesses and the Self-Employed

Member of the Federation of Small Businesses and the Self-Employed

Prompt Payment Code

Signatory of the Prompt Payment Code since 2023.

Accredited with the Fair Tax Foundation since February 2024

https://fairtaxmark.net/

Registered with the ICO since 2004.

Go to https://ico.org.uk/ for more information.

Corporate membership of the ITI (Institute of Translation and Interpreting) since 1994. Corporate Member of the Year 2021.