Privacy policy, GDPR and the treatment of your personal data at Atlas Translations

This page contains details of our Privacy Policy, the GDPR and our treatment of personal data here at Atlas Translations. Atlas Translations Ltd (“We or Us“) are committed to protecting and respecting your privacy.

We take our duty to process your personal data very seriously. This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Privacy, GDPR, and Treatment of Personal Data Policy

1.1 Policy Statement

We are committed to safeguarding the privacy of all visitors to our website, all service users, clients and customers, as well as service providers/suppliers and employees. We take our duties in relation to GDPR and privacy very seriously.

1.2 Purpose of Policy

This policy sets out our approach to the collection and processing of personal data. It explains what personal data we might collect and how this data will be processed and stored by us. The policy also covers personal data that you provide to us.

1.3 Scope of Policy

This policy applies where Atlas Translations is acting as a data controller with respect to personal data. In other words, it applies where Atlas Translations determines the purposes and means of the processing of that personal data.

2.1 Our Website

          This section will set out the ways in which personal data might be gathered and processed in the context of our Website.

2.2 Cookies on our Website

           We use cookies on our website. We will ask you to consent to our use of cookies when you first visit our website.

2.3 What are Cookies?

           A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookie files are stored on the hard drive of your computer. They collect information and are then sent back to the originating website on each subsequent visit.

           Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored   by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

           Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

2.4 Why do we use Cookies?

Cookies help us to improve our website and to deliver a better and more personalised service.  They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.

2.5 Managing cookies

           Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a)      https://support.google.com/chrome/answer/95647 (Chrome);

(b)      https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);

(c)      https://help.opera.com/en/latest/security-and-privacy/ (Opera);

(d)      https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e)      https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and

(f)      https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).

           Website users should be aware that blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

2.6 The Types and Purposes of Cookies

Cookie NameExpiration TimePurpose/Description
Google Analytics _utma
_utmb
_utmc
_utmz
 These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited.
wordpress_[hash]End of browser sessionOn login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/
wordpress_logged_in_[hash]End of browser sessionAfter login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
wp-settings-{time}-[UID]1 yearWordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customise your view of the admin interface, and possibly also the main site interface.
wp-settings-[UID]1 yearThe number on the end is your individual user ID from the users database table. This is used to customise your view of the admin interface, and possibly also the main site interface.
wordpress_test_cookieEnd of browser sessionWordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
wordpress_logged_in_[hash]End of browser sessionWordPress uses this cookie to indicate when you’re logged in, and who you are, for most interface use.
_ga2 yearsUsed to distinguish users
_gid24 hoursUsed to distinguish users
_gat1 minuteUsed to throttle request rate.
_gac_<property-id>90 daysContains campaign-related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.

      By using our website, you agree we can place these types of cookies on your device.

2.7 LiveChat

We also make use of a LiveChat service on our website which allows us to respond to enquiries in  real time. Further information on this service and its Privacy Policy can be found here.

2.8 Call Back Service

In addition to this, we use a Call Back service, which enables clients or prospective customers to   request that we phone them to respond to inquiries. The systems we use is ResponseiQ. Further details about their Privacy Policy can be found here.

3.1 Other Personal Data

We may also collect other types of Personal Data from you. Section 3 outlines the type of data   that might be collected, the reason for its collection and how this data is processed. This section also explains how and where this data is stored.

The following Personal Data may be collected:

  • Contact Data

We may process data enabling us to get in touch with you. This contact data may include your name, email address, telephone number, postal address and/or social media account identifiers. The source of the contact data is you and/or your employer. If you log into our website using a social media account, we will obtain elements of the contact data from the relevant social media account provider. This information may come directly by filling in forms on our site www.atlas-translations.co.uk. This includes information provided and entered by prospective suppliers, with an interest in working with us. It also includes any information provided at the time of subscribing to our service, posting material, or requesting further services. We may also ask you for information when you report a problem with our site.

  • Account Data

We may process your website user account data. The account data may include your account identifier, name, email address, business name, account creation and modification dates, website settings and marketing preferences. The primary source of the account data is you and/or your employer, although some elements of the account data may be generated by our website. If you log into our website using a social media account, we will obtain elements of the account data from the relevant social media account provider.

  • Transaction Data

We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website. It might also include Supplier Accounts Information so that we are able to process invoices and also for Tax and Accounting Processes. The transaction data may include your name, your contact details, payment details and transaction details. The source of the transaction data is you and/or our payment services provider.

  • Communication Data

We may process information contained in or relating to any communication that you send to us or that we send to you. If you contact us we may keep a record of that correspondence. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made through our website contact forms. We may also ask you to complete surveys that we use for research and customer feedback purposes.

3.6 Usage Data

We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

  • Data Security, Storage and Payment

This section sets out the security features within the Project Management System and Payment Systems that we use.

4.2 Introduction

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

4.3 PEDRO

“Pedro” refers to our bespoke project management program on which information is stored.

Pedro is written in ASP.net v4.5 and is hosted on a Windows-based VPS (Virtual Private Server) which is controlled by us and situated in the UK. Other uploaded documents are stored by us on another VPS which is also controlled by us but located in the USA. This is done in accordance with guidance issued by the Information Commissioner’s Office (ICO).

Pedro is secured by SSL Encryption at the front and back ends.

User passwords are stored in a hash format such that we have no access to them. No other data encryption is used in the database.

Pedro communicates via web API with a third party application – QuickBooks Online – sending and receiving personal and other financial data. You can find further details about their Terms of Service and their EU Privacy Statement on their website.

Backups of the Pedro Database and File Structure (including documents) are taken daily via an automatic process and are then uploaded to our secure cloud storage facility. We also store work for 6 years on 2 separate hard drives (one held by the Director, the other by a Project Manager) off-site.

4.4 Payment

Atlas Translations takes payment via PayNow for Stripe. Details of this payment system can be found here.

This system has the highest level of security possible and no sensitive card data is ever taken or stored by Atlas Translations. The app uses Stripe’s mobile API  to encrypt and pass data to the Stripe server where it is securely processed as a CNP transaction. Stripe is certified to the highest level of PCI Compliance. 

Service Providers/Suppliers are mostly paid via bank transfer using the Barclays app; details of the app can be found here. Security details of the Barclays app can be found here and here. There are three other payment options available for service providers/suppliers:

  1. Wise.com
  2. American Express
  3. Paypal

       Details of their security mechanisms can be found on each of their websites.

5.1 Purposes of Processing this data and the legal bases for doing so.

           In this Section, we have set out the purposes for which we may process personal data and the legal bases of this processing.

           We use information held about you when it is in our Legitimate Interests to do so and when these interests do not override your own interests and rights: namely, in the following ways:

5.2 Operations

           We may process your personal data for the purposes of operating our website, the processing and fulfilment of contracts, providing our services, generating invoices, bills and other payment-related documentation, and credit control and for tax and accounting purposes. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business, and/or the fulfilment of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

5.3 Publications

           We may process account data for the purposes of publishing such data on our website and   elsewhere through our services in accordance with your express instructions. The legal basis for this processing is consent and/or our legitimate interests, namely the publication of content in the ordinary course of our operations and/or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

5.4 Relationships and Communications

We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, text message, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of our website, services and business.

  • Direct Marketing

We may process contact data, account data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, text message, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is consent and/or our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users. We will inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for such purposes.

5.6 Research and Analysis

We may process usage data and/or transaction data for the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is consent and/or our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally. We may also ask you to complete surveys that we use for research and customer feedback purposes, although you do not have to respond to them.

5.7 Record keeping

We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. If you contact us, we may keep a record of that correspondence.The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

  • Security

We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

  • Insurance and Risk Management

We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

5.10 Legal Claims

We may process your personal data where necessary for the establishment, exercise or defence   of legal claims, whether in court proceedings or in an administrative or out-of-court procedures. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

5.11 Legal compliance and vital interests

We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

5.12 Links to other Websites  

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

5.13 Children

        We only deal with clients and suppliers over the age of 18.

The Company recognises the special obligation to protect personally identifiable information obtained from children aged 13 and under. As such, if you are 13 years old or younger, the company requests that you do not submit any personal information to the site or to the company. If the Company discovers that a child aged 13 or younger has signed up on the Site or provided us with personally identifiable information, we will delete that child’s identifiable information from our records.

6.1  Disclosure of your Information

This section outlines the circumstances in which we will disclose your personal information to third parties.

  • In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If our business or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets.
  • We will disclose personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, criminal investigations, national security, and credit risk reduction.
  • We may disclose personal information when we use other companies to provide services on our behalf. This applies to mailing or delivering orders via third-party companies such as Royal Mail. It also applies to notarisation and legalisation/apostille services, which are completed through a public notary and the Foreign, Commonwealth & Development Office respectively.
  • We may disclose aggregate statistics about our site visitors, supporters, customers, and sales to describe our services and operations to prospective clients, advertisers and other reputable third parties and for other lawful purposes. These statistics do not include any personally identifying information.

Except under the above circumstances, supplier registration and referee information is not shared with anyone outside the office apart from our accountant and from Glint Media who are responsible for maintaining the platform which hosts Pedro and for providing updates and maintenance. In case of VAT inspection, this information may also be shared with HMRC if requested. This information is also viewed by Bureau Veritas during QA annual audits.

      We will never sell or rent your personal information to other organisations.

7.1 International Transfers of your Personal Data

In this section, we provide information about the circumstances in which your personal data may be transferred internationally under UK and/or EU data protection law.

7.2 Transfer of data from the EEA to the UK

           We may transfer your personal data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this policy, and may permit our suppliers and subcontractors to do likewise, during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law.

7.3 Transfer of data from the UK to the EEA

           We may also transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our suppliers and subcontractors to do likewise, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

8.1 Retaining and Deleting Personal Data

This section sets out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

8.2 Key Principles

  • Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • We retain information securely and as legally required for accounting purposes if we work with you.
  • Any information we hold on you can be deleted upon request (as per the right to be “forgotten”, detailed in section 9 below).
  • If you decide not to work with Atlas any more or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.

8.3 Retention Details

We will retain your personal data as follows:

(a)      Contact data will be retained for a minimum period of 6 yearsfollowing the date of the most recent contact between you and us, and will delete sooner upon request;

(b)      Account data will be retained for a minimum period of 6 years following the completion of the project or payment;

(c)      Transaction data will be retained for a minimum period of 6 years following the date of the transaction;

(d)      Communication data will be retained for a minimum period of 6 years following the date of the communication in question, and can be deleted earlier upon request;

(e)      Usage data will be retained for 6 yearsfollowing the date of collection;

(f)     In addition, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

9.1 Your Rights

       In this section, we have listed the rights that you have under data protection law.

9.2 Your principal rights under data protection law are:

  1. the right to be informed -The right to transparency over how and why we process your     personal information (the right to be informed), and with whom it is shared.
  2. the right to access – you can ask for copies of your personal data. This information will be provided within one month of the request being received.
  3. the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data; A response to a rectification request shall be provided within one month of the request being received.
  4. the right to erasure/right to be forgotten – you can ask us to erase your personal data; A response to such a request shall be provided within one month of the request being received.
  5. the right to restrict processing – you can ask us to restrict the processing of your personal data; A response to such a request shall be provided within one month of the request being received.
  6. the right to object to processing – you can object to the processing of your personal data.
  7. the right to data portability – you can ask that we transfer your personal data to another organisation or to you.
  8. the right to complain to a supervisory authority – you can complain about our processing of your personal data.
  9. the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
  10. rights in relation to automated decision making and profiling – this means you have the right to not be subject to a decision when it is based on automated processing.

 9.3 Limitations

          These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects here

9.4 Exercising your rights

          You can exercise the above rights at any time by contacting us in writing at: Atlas Translations Ltd, Censeo House, 6 St Peter’s Street, St Albans, AL1 3LF, United Kingdom OR at: clare@atlas-translations.co.uk

10.1 Policy Amendments

         We may update this policy from time to time by publishing a new version on our website. You should check the relevant page occasionally to ensure you are happy with any changes that are made.

11.1 Our Details

        This section sets out our company details

11.2 Our Company Registration

        We are registered in the UK under registration number 04405340.

11.3 Our Website

        This website is owned by Atlas Translations Ltd.

11.4 Our Registered Office

        Our registered office is located at:

Atlas Translations Ltd

Censeo House

6 St Peter’s Street

St Albans

AL1 3LF

11.5 Our Principal Place of Business

        Our principal place of business is:

Atlas Translations Ltd

Censeo House

6 St Peter’s Street

         St Albans

         AL1 3LF

11.6 How to Contact Us

        You can contact us:

(a)      by post, via the postal address given above

(b)      using our website contact forms

(c)      by telephone, on 01727 812725

(d)       by email : team@atlas-translations.co.uk

12.1 Data Control and Questions Relating to this Policy

We are registered as Data Controller, Registration Number Z8678346, in accordance with the current Data Protection Legislation.

Any changes we may make to our privacy policy in the future will be posted on the relevant page of our website.

Questions, comments, and requests regarding this policy are welcomed and should be addressed to:

Atlas Translations Ltd

Censeo House

6 St Peter’s Street

St Albans

AL1 3LF

Or via email: clare@atlas-translations.co.uk

ATC – Full membership of the ATC (Association of Translation Companies). Company of the Year 2020 & 2021.

CIEP – Corporate membership of the CIEP (Chartered Institute of Editing and Proofreading) since 1993.

Corporate membership of the ITI (Institute of Translation and Interpreting) since 1994. Corporate Member of the Year 2021.

ISO 17100 – ISO 17100:2017 for Translation Services (since this standard began, in 2008, externally audited annually).

ISO 9001 – BS EN ISO 9001:2015 (certified since 2003, externally audited annually).

Living wage employer – As a living wage employer, we believe our staff deserve a wage which meets every day needs.

Mindful employer

Mindful employer – We are a mindful employer, working toward achieving better mental health at work.

Logo

Disability confident committed – We are Disability Confident Committed, ensuring our recruitment, communications and support are inclusive and accessible.

4-day week

4-day week employer since 2019

GBC_Accredited_Logo

Good Business Charter Member since 2022

The Slator Language Service Provider Index (LSPI) is a ranking and an index of the world’s largest translation, localization, interpreting, and language technology companies.

PIF

The Patient Information Forum promotes access to trusted and high-quality health information for the public and healthcare professionals.

Federation of Small Businesses and the Self-Employed

Member of the Federation of Small Businesses and the Self-Employed

Prompt Payment Code

Signatory of the Prompt Payment Code since 2023.