Some of these cookies are essential to the operation of the site,
while others help to improve your experience by providing insights into how the site is being used.
Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), which entered into force on 25 May 2018, seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of the processing of their personal data.
This notice contains an overview of the data processing practices of Translation By Ioana Costache SRL [the Company] as they relate to its specific business (translation, interpreting, examining/assessing language skills, other linguistic services).
The following terms shall have the meanings defined in Article 4, “Definitions”, of GDPR: “personal data”, “processing”, “restriction of processing”, “pseudonymisation”, “controller”, “processor”, “consent”, “personal data breach”, “genetic data”, “biometric data”, “data concerning health”, “supervisory authority”, “third party”, “cross-border processing”, “special categories”, “sensitive data”, “criminal records data”.
Types and sources of data collected
All of the Company’s clients are legal persons; as such, the Company does not collect personal data directly from natural persons, except in very limited circumstances (such as the name, business e-mail address, business telephone number, possibly photograph of the clients’ contact persons or other employees with whom the Company interacts; these data are provided directly by such persons). The Company acts as data processor (or subprocessor) in relation to its clients. The project assignments received from clients (who may be data controllers or in their turn processors or subprocessors) may contain all types of personal data, including special categories, sensitive data, criminal records data, genetic data, biometric data, data concerning health. In most cases, these data will have been pseudonymised. However, there are instances in which the data cannot be pseudonymised (e.g., non-blinded medical records, legal material, financial information). On occasion, the data may refer to minors; obtaining the consent of the parent/legal guardian is the responsibility of the data controller/client.
Data protection principles
The Company is committed to ensuring the following: that it is legally entitled to process the information under data protection law (“lawful grounds”); that it is transparent about the personal data being process and the reasons for processing (“transparency”); that it does not use personal data for any purpose other than for which it is collected (“purpose limitation”); that it collects the minimum personal data needed for the purpose it is collected (“minimisation”); that it keeps personal data accurate and up to date (“accuracy”); that it respects the data subjects’ rights (“data subject rights”); that it keeps personal data secure both when using internally and when sharing with third parties (“security”); that it only transfers the data outside of the European Economic Area (EEA) (or allow access to it from outside of the EEA) if there are appropriate data transfer arrangements (“data transfers”, “cross-border processing”).
Lawful grounds and purposes of processing personal data
The Company only processes data to comply with a legal obligation or to perform a contract; there may be rare cases in which consent might apply. The Company processes data insofar as they are contained in non-pseudonymised material submitted by the client for translation or other types of linguistic services.
Personal data sharing and security
The Company only shares personal data with the clients, when such data are contained in non-pseudonymised material submitted by the client for translation or other types of linguistic services. This sharing is regulated and protected under the service contracts and confidentiality agreements signed with each client. Other cases when sharing may be possible are to be established according to local data protection laws. All data transfers take place in secure conditions, with physical, technical, and organisational safeguards for the protection of personal data and the prevention of data breaches. When personal data are transferred outside the EEA, additional safeguards apply (the European Commission’s Standard Contractual Clauses, the EU-US Privacy Shield).
Data retention periods
Personal data will be stored only as long as is necessary to carry out the purposes described in this notice or as otherwise required by contractual agreements with clients, legal, tax or accounting requirements. Unless otherwise specified by each client, the data shall be retained and then destroyed securely as provided by the local data protection legislation.
Data subjects’ rights
Depending on the circumstances and the conditions, data subjects who are living natural persons located in EEA have the following data protection rights: to access, correct, update or request deletion of their personal data; to object to the processing of their personal data; to ask for the restriction of processing of their personal data or request portability of their personal data; to withdraw consent; to complain to a data protection authority about the collection and use of their personal data. For more information, please contact the relevant local data protection authority (contact details here). Should the Company receive any such requests from any natural persons, the Company shall respond in the time and manner required by local data protection laws.
Changes to this Notice
This Notice may subject to further change as required by the data protection laws. An updated version will be posted here, and clients will be notified accordingly. For further questions about the Company’s data protection practices, please use the contact methods at the top of the profile page.