Identity and contact
This policy is designed to ensure transparency on all processing by EasyTranslate of personal information held on individuals across our organisation. EasyTranslate A/S (Bygmestervej 10, 2400 Copenhagen) is either the Data Controller or the Data Processor (given the context) and are hereby responsible for the processing of data that we collect and store through our website or are otherwise given. We ensure that your data are processed according to applicable law. For any questions regarding this policy or invoking of any of the rights mentioned in this policy, please contact our Data Protection Officer at email@example.com or by using the following phone number: DK +45 70 20 55 50
How do we comply with the GDPR requirements?
At EasyTranslate, we take data security and the privacy of our users and their data very seriously. Our services are secure, and we have implemented sufficient technical and organisational measures to ensure the security of your data during our processing. We train all our employees in data protection and have extensive procedures, guidelines and protocols to ensure that the processing of personal information lives up to the same high standards across our organisation. This policy will outline which types of data we process, why we process them and which rights you have regarding the processing of your data.
Purpose and legal basis
What Data Do You Provide Yourself?
We collect your personal/company data and source files to deliver our services to you:
- Your contact information: name, surname, company name, e-mail, phone number
- Source files (these can contain a variety of personal data)
- Information concerning the services you purchase with us to customise and adjust the services to your specific needs
- Your billing information
The legal basis for this processing is Article 6(1) b meaning our lawful processing is based on performing the agreed services in our contract with you. When we process your source files and your employee data we act as Processor and you are the Controller.
What data do we collect automatically?
We want to improve our digital services and applications. That’s why we collect data automatically in the form of cookies, click-stream, and web analytics.
The legal basis for this processing is Article 6(1) f and in this, we are the Controller. This means that we decide the purposes of the processing. The purpose is described in the above. We make a profile on your behaviour on our site to learn about your preferences and ultimately customise your experience even further.
Your visit to our website usually results in the collection of the following information.
- The visitor’s IP address
- The date and time of the visit
- The referral URL (the site from which the visitor has come)
- The pages visited on our website
- Information about the browser used (browser type and version, operating system, etc.).
You can find instructions on how to manage browser-specific cookie settings here:
Internet Explorer: https://support.microsoft.com/en-us/help/260971/description-of-cookies
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
We use third-party cookies to improve our website and to learn about your preferences. You can find the complete list here.
If you do not want us to place cookies on your device simply reject the cookie-box, but please note that this will have an effect on the functionality of the site. Please remember to clear you cookie history in the given browser you utilise as described in the above.
We use different analytical tools on our website to collect information from your user sessions on our website as we want to improve our services and to give you the best possible experience.
Find the list of 3rd party cookies and web analytic providers here.
How do we use your data?
To deliver the service you ordered
We will use the information we have gathered to get back to you with service propositions based on your quote request. If you choose to accept the quote, we will use your data to deliver the service you ordered with us. This includes making files available for our production team.
To translate your files
When we have agreed on the delivery terms with you, a translator will be given the source file and translate it to the agreed language within the agreed deadline. If it is possible to anonymise the source file, we encourage you to do so before transferring the file to minimise the flow of personal data (Data Minimisation, GDPR (Art.5, 1. (c)). This could e.g. be if a name is in the header of a letter. If it is not possible to anonymise, we have the technical and organisational security measures in place to handle your personal data.
To deliver the best service and experience for you
We will use the information we have gathered about you to customise our services for you and provide the best possible digital experience. This includes optimising our services and websites based on analytical information gathered from you.
To send you newsletters
If you have given your consent to receive direct marketing, e.g. email, SMS, MMS, push messages in apps, contact on social media letters and telephone calls, the legal basis for this processing is Article 6(1) (a). We will personalise the direct marketing based on your profile and behavioral information from the EasyTranslate channels, to give you relevant news and offers. The legal basis for this processing is Article 6(1) (f) where our legitimate interests override your interests or fundamental rights and freedoms.
EasyTranslate is allowed to ask you if you want to update your consent regarding communication form and any new services from EasyTranslate. At any time you can withdraw your consent at https://app.easytranslate.com/unsubscribe
Third Party Vendors and transfers to third countries
We treat your data with confidentiality. We do not sell your data to third parties. Your data will only be disclosed if required by law or if the service we provide you demands it.
We do as such use supporting services provided by third parties. This includes maintenance services, analysis services, e-mail messaging services, handling of payment transactions and other relevant services. These third parties will get access to the data they require to provide their services. We take the necessary steps to ensure that these third-party providers protect your data. Please find the complete list of third party vendors here. In the list you will also see what third party providers process your data in third countries. We use asses our third party vendors before any engagement and make sure that the legal basis for a given transfer is in place.
How long do we store the data?
The data that we collect either directly from our users or from any of the services are stored for varying periods of time corresponding to the given function. This includes data that are processed by sub-processors. EasyTranslate has actively decided on the relevant storage duration for each sub processor. Furthermore, the terms for the storage of source files are as follows:
- Web server logs are automatically erased after 30 days;
- Source files delivered by the client, and translations delivered by EasyTranslate can be erased permanently by the client upon conclusion of the order;
- Files on the platform can be automatically erased after a specific number of days according to an agreement between the client and EasyTranslate.
Financial data will be stored for a period of 5 years in accordance with Danish Bookkeeping law.
If you wish to gain access to your data, have them rectified or deleted or make any reservations towards our data processing, we will investigate whether or not this is possible according to any of our legal obligations, and get back to your request as soon as possible and no later than a month after we received your request.
Users can access their data at any time from their account settings, where users can see, download, delete or correct any information they have provided us.
You have the right to be informed, what data we have stored concerning you, where they are collected and what they are being used for. You can be informed about our retention periods, who receive data concerning you, in the extent that we disclose or transfer your data.
You can request to gain access to any data processed regarding your person. Access can be limited in cases where it can compromise other people’s privacy, trade secrets or intangible rights.
You have the right to correct any information that is no longer correct or current. If you become aware that any of the data that we store concerning you are incorrect, you have the right to get such information corrected or deleted.
You also have the right to object to our processing of your data or to our disclosure or transfer of your data for marketing purposes. You have the right to receive any data that we are processing regarding your person, this includes data collected directly from you or from other parties. In the event that you put in such a request, your data will be provided for you on a commonly used digital transportable format.
Any matters relating to EasyTranslate's collection and storage of personal information, your rights under the GDPR or this policy, can be addressed to firstname.lastname@example.org or to the phone number listed in section 1.
If our collection, storage or processing of your data should raise any concerns with you, you have the right to file a complaint with the Danish Data Protection Agency at email@example.com or any other supervising authority in your country.
Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify the Data Protection Officer providing a description of what occurred. Notification of the incident can be made via e-mail firstname.lastname@example.org or by calling us at +45 70 20 55 50
The Data Protection Officer will investigate all reported incidents to confirm whether or not a Personal Data Breach has occurred. If a Personal Data Breach is confirmed, the Data Protection Officer will follow the relevant authorised procedure based on the criticality and quantity of the Personal Data involved, assessed by the completion of a Data Protection Impact Assessment (DPIA).
Security of the Information
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access; in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing and misusing of data.
Our platform is hosted at Amazon Web Services which provides maximum scalability and security. The platform uses https/ssl for secure communication and is backed by a firewall and a load balancer to ensure constant availability. All passwords for clients, translators and EasyTranslate employees are encrypted, and advanced role-based access control (RBAC) can be provided and customised. User logins are logged with timestamp and IP address. Additionally, web servers keep access logs of all requests. Source files and translations are hosted in a secure centralised storage service (S3). The data are stored in the EU (Dublin, Ireland).
Data security - our security measures in brevity
Here at EasyTranslate we have worked dedicated and thoroughly for a long time to keep our security level and data protection high and meet the requirements of GDPR. We continuously evaluate our processes and our corporations to make sure that you can entrust us with your data. This is for you to have peace in mind, for us to run a sustainable and healthy business and to protect the end users.
How do you make sure to keep your security level high?
We are using state of the art technology which both allow us to build securely and to protect our environment from malicious intrusion. We make sure to separate our different environments and we monitor and secure that only the right people have access to the right data/environments and we PEN-test selected critical services.
Can I access, edit, move, and/or delete my data, whenever I like?
Your Account Settings page gives you full control over your data. Simply go to “My Account” and you can edit, export, and delete your data, at the touch of a button.
How secure is your office network?
Our networks are secured by VPN. This allows us to be flexible and secure at the same time as we can work remotely on EasyTranslate’s network if needed giving you a 24/7 service. Our networks are segmented and protected with passwords.
What do you do with my data?
We only collect information which will allow us to perform a relevant task, in the most efficient manner possible. Which is why we collect your personal, professional, and financial data for the purposes of creating an account, optimising our website and platform, translating your work, and invoicing you.
Will my data be processed in third countries?
Given that we have many different clients with varying setups this answer is not a 1:1. We use different sub suppliers, some in third countries, some in EEA. Due to the different needs our list of sub processors is not necessarily applicable to your specific setting, but some systems are critical for us to perform our services. Please click here for the complete overview. This being said we have valid DPA’s available with all of our sub processors, we have the legal basis available for the transfer to third countries and we monitor the compliance by only using recognised sub processors who have the capacity to abide to the GDPR and undergo audits and certifications. IF any sub processor deviates from our general security standard we will list this in the DPA. Note that you can always object to a given sub processor being used to process your data, but this might have the consequences, that we cannot provide you our services.
To make sure that everyone in the organisation is ready to implement the highest degree of security and data protection we have procedures and guidelines available for our employees and they go through awareness training every half year. All employees have a valid NDA and upon exit they sign an Exit-NDA confirming their confidentiality.
We have a contingency team available 24/7 if we experience any abnormalities in our platform. This team has simulations every half year to always be prepared to discover, identify and stop any threat to the security.
Furthermore, EasyTranslate has obliged itself to always having a DPO monitoring and guiding the organisation on data protection matters. The DPO refers to upper management and if relevant to the board.
Physical security measures
Our facilities are secured by a digital code card and the facilities cannot be entered by guests unless they are led in by the reception. Guests are not allowed to walk around on their own, but will be seated until the relevant host shows them to the meeting room. Departments are separated physically by function and the printer is segmented to these departments. An alarm system is turned on 24/7.
Who do I contact if I have important questions or concerns regarding EasyTranslate & the GDPR?
You may contact our Data Protection Officer (DPO) by email: email@example.com
Our DPA (Data Processing Agreement)
If we process personal identifiable information (PII) on your behalf we ought to enter a DPA. Personal data can be a lot of things - a name, an address, health information, a CV and most likely some personal information will be processed by us on your behalf. When you evaluate whether or not we need to enter the DPA you must take into consideration:
- the quantity of the personal data
- the character of the personal data
- the risks of the end user
- if the processing is continuous
If e.g. you would like us to translate your website please consider if there are any personal data in the material e.g. descriptions of your employees. If there isn’t, but solely is company information we do not need to form a DPA.
If you continuously have translations made of e.g. passports of employees traveling the character of the data is both ‘sensitive’ and continuous and we need to form a DPA.
If you order an interpreter once to interpret e.g. a business meeting we do not need to form a DPA as data will not be processed further, this would simply be covered by the NDA in place.
If you do though have continuous use of our services and we continuously process personal data we do need to form an official agreement.
Please note that this list is not complete - you must evaluate yourself if we need to enter an agreement.
Please find our DPA below, download it, sign it and return it to our DPO at firstname.lastname@example.org