Business Team Translations

Privacy Policy (GDPR)


Summary

This Privacy Policy outlines how Business Team Translations protects personal data in compliance with the General Data Protection Regulation (GDPR) and relevant national data protection laws. We are committed to handling data responsibly and with care.

Scope

This policy applies to Business Team Translations, its employees, and all personal data processed under GDPR and national laws within EU member states.

1. Procedures and Responsibilities

1.1 General Obligations

Business Team Translations implements robust technical and organizational measures to safeguard personal data against misuse, loss, or damage. We process data in strict accordance with GDPR and national laws. This policy covers the data of business partners, employees, family members, job applicants, clients, and any other individuals whose data we process.

1.2 Principles of Personal Data Protection

We adhere to the core GDPR principles, including:

Lawfulness: We only process data with a legal basis.

Purpose Limitation: Data is used only for specified, legitimate purposes.

Data Minimization: We process the minimum necessary data.

Accuracy and Transparency: We are open and transparent about our data practices.

Integrity and Confidentiality: We maintain strict security measures.

Accuracy: We strive to keep data accurate and up-to-date.

Controlled Change Management: We assess the impact of any changes to our data systems.

1.3 Legal Bases and Processing Purposes

We process personal data based on valid legal grounds, such as consent, contractual necessity, legal obligations, legitimate interests, public interest, or vital interests.

1.4 Data Transfer

We transfer personal data to third parties only under specific conditions, such as data processing agreements or contracts with controllers/joint controllers. Any necessary data corrections, deletions, or processing restrictions will be communicated to relevant third parties unless this is impossible or disproportionate.

1.5 Data Subject Rights

We respect and facilitate the exercise of data subject rights under GDPR, including access, rectification, erasure, restriction, portability, objection, and automated decision-making rights. We aim to respond to data subject requests promptly, usually within 30 days.

1.6 Responsibilities of Data Holders and Employees

All data holders and employees must handle personal data according to internal guidelines, GDPR, and national laws.

1.7 Reporting Data Breaches

Employees are required to report data breaches promptly to the supervisory authority and/or data subjects as legally mandated.

1.8 Data Deletion

We retain personal data only as long as necessary. Data is deleted or anonymized when:

The purpose for processing ends.
The data is no longer needed.
Consent is withdrawn (if applicable), and no other legal basis exists.
The data subject objects, and there are no overriding legitimate grounds.
The data was unlawfully processed.

We ensure proper data protection measures when deleting or anonymizing data.

2. Definitions and Abbreviations

Data Subject: Identified or identifiable natural person.

Controller: Entity that determines the purposes and means of processing personal data.

Processor: Entity that processes personal data on behalf of the controller.

Personal Data: Information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data revealing racial or ethnic origin, political opinions, religious beliefs, etc.

National Data Protection Law: National laws aligned with GDPR.


Processing: Any operation performed on personal data, such as collection, storage, use, etc.

Anonymized Information: Data that cannot identify a natural person.

Third Party: Legal or natural person not employed by the company, excluding data subjects.

Consent: Data subject’s freely given, informed, and explicit agreement to process their personal data.

GDPR: General Data Protection Regulation (EU 2016/679).