Privacy Policy

Find out how we use your data, or how you can contact us regarding any questions or requests.
Contact Us

This privacy policy takes effect from 24th February, 2022 and replaces any previously published versions.

Prepared by: Sonia Sala, Operations Director
Approved by: Sue Orchard, Director

Introduction

This Privacy Policy sets out how Comms Multilingual Ltd (CML), a company registered in England and Wales with company number 04663878 and with registered office c/o Tudor John Accountants, Nightingale House, 46-48 East Street, Epsom, Surrey, KT17 1HQ, United Kingdom, trading as Comms Multilingual (“we”, “us”, “our”) uses and protects any information that a user of its website or services (“you”, “your”) provides or which it collects when its website is used or services are requested.

CML takes your privacy very seriously and we respect, and are committed to protecting, the privacy of every individual who interacts with us. Please read this policy carefully.

Information we collect

CML is the data controller for the information you provide to us. We collect and process the following information about you:

  1. Information that you voluntarily provide to us through an online or offline interaction with us;
  2. Information with regard to your visits to our website, Plunet or your calls to us, including technical data regarding the internet protocol (IP) address used to connect your computer or device to the internet, your login information to our site or Plunet, browser details, operating system and platform, the Uniform Resource Locator (URL) details of pages you viewed or services you searched for, page response times, download errors, lengths of visits to certain pages, page interaction information, browsing methods and any phone number used to call us;
  3. Information we may receive from other sources if you use our other websites, social media platforms or other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with the sources of data mentioned above. We work closely with business partners (including, for example subcontractors providing technical and delivery services, analytics providers, and referencing agencies) and we may receive information about you from them;
  4. Information we may have been provided by a vendor or employee about you as a third party when we asked for details of a next of kin or referee.

Some information we collect is statistical data about our users’ browsing actions and patterns, and does not identify you personally.

We do not request any sensitive data from you. Sensitive data means data that includes details about your race or ethnicity, information about your health, genetic and biometric data, sex life, sexual orientation, political opinions, religious or philosophical beliefs, and trade union membership. We do not collect any information about criminal convictions. However, we recognise that you may provide us with content for translation that contains sensitive data and/or information about criminal convictions and offences.

In addition to the above personal information, we may collect and process the following information, depending on our relationship with you:

Customers and Potential Customers

  1. Information that you give us when you contact us via our website or portal, Plunet, e-mail, telephone or at an in-person event, including your name, job title, address, organisation details (if any) and contactinformation such as your telephone number, e-mail and postal address, as well as any payment details (bank account, PayPal, etc.).
  2. Information about you that has been provided to us by a colleague or acquaintance (for example, if you have been copied into an e-mail we are also sent, or your contact details are provided to us by a mutual third party).

Vendors and Suppliers

  1. Information that you give us when you contact us or apply to work with us via our website or portal, Plunet, e-mail or telephone, including your name, job title, address, company details (if any) and contact information such as your telephone number, e-mail, Skype, Teams or postal address.
  2. Information that you provide to us if we choose to progress your application to work with us. This may include copies of your diplomas and certificates, ID documents, as well as any payment details (bank account, PayPal, etc.).
  3. Information about you that is provided by a colleague or acquaintance (for example, if you are copied into an e-mail we are sent, or your contact details are provided to us by a mutual third party). This may also include personal details about you provided to us by referees named in your application to work whom we contact for further details.

Current, Former and Potential Employees

  1. Information contained in your application, CV, covering letter and references.
  2. Your contract of employment, other agreements and documentation, and any amendments to them.
  3. Correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary.
  4. Information needed for payroll, benefits and expenses purposes.
  5. Contact and emergency contact details.
  6. Records of holiday, sickness and other absence.
  7. Information relating to your health, which could include vaccination information, reasons for absence and GP reports and notes.
  8. Information needed for the equal opportunities monitoring policy.
  9. Records relating to your career history, such as training records, appraisals, training sessions, other performance measures and, where appropriate, disciplinary and grievance records.
  10. Your personal details as referenced in many company documents, Plunet and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company.

Third parties

  1. Your contact information and details of any relationship with an applicant for either a job or freelance work with us. This information will generally have been provided by the applicant directly.

Why we collect and process your information

We use information held or received about you in a number of ways, as detailed below. At no stage do we use your personal data for automated profiling or decision-making.

Customers and Potential Customers

  1. To provide you with information about prices, products or services that you request from us with a view to entering into a contractual relationship.
  2. To carry out our obligations arising from any contracts entered into between you and us (for example to provide translation or other linguistic services).
  3. To provide you with information which we feel may interest you where you have explicitly asked or consented to be contacted for such purposes (for example to receive our blog updates, or relevant whitepapers).
  4. For our own legitimate business interests, to follow up with you in order to find out if you have any new needs which we may be able to meet.
  5. For our own legitimate interests in protecting ourselves against any claims following work we complete for you.
  6. For our own legitimate interests, we use your IP address and browsing data related to your visit to our websites to improve our products, services and website, and ensure that content from our website is presented in the most effective manner through the analysis of users’ journeys.

Vendors and Suppliers

  1. To pursue our own legitimate interests in maintaining a database of vendors or suppliers who may be suitable to contact should we have a relevant project. This information may have either been provided by you, or found via publicly-accessible sources such as online directories, social networks or search engines;
  2. To carry out our contractual obligations arising from any agreements entered into between you and us (for example to ensure we can pay you following any work you complete for us);
  3. For our own legitimate interests, should we be required to defend a claim regarding any work that you have completed for us;
  4. To fulfil our legal obligations to keep a record of financial transactions for the minimum period as prescribed by law.

Current, Former and Potential Employees

As your employer or potential employer, CML needs to keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative use only.

We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left.

This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of CML and protect our legal position in the event of legal proceedings. These are the bases on which we hold your data.

Health-related information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.

For former employees, we will only keep the data that is required to fulfill our legal obligations.

If you do not provide this data, we may be unable, in some circumstances, to comply with our obligations and we will tell you about the implications of that decision. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

Third Parties

To contact you in order to request a reference for the person who supplied your details and record the reference you provide against the applicant or vendor who wishes to work with us.

How long we keep your data for

We retain personal information for varying periods, depending on the nature of the data. In some cases, we are required by law to keep information on transactions for up to 7 years. In these cases, we seek to minimise the amount of personal data we retain.

Where we have received your consent to contact you for marketing purposes, we will continue to process your data until your consent is withdrawn or we have reason to believe the information has become outdated (through bounced e-mails, for example).

Otherwise, we keep personal data according to the following criteria:

Customers and Potential Customers

If we have not worked with you previously (i.e., potential customers/prospects), we will keep a copy of the data we hold about you for up to 3 years from the date of last contact. This allows us to refer back to previous discussions we may have had if you come back to us requesting further information on a quote or proposal.

Where we have worked with you previously, we may retain your personal details for up to 7 years from the date of last contact. This allows us to refer back to any projects that we complete on your behalf, and also provides us with a means of auditing the work that was completed, when and for whom, during the period of our legal liability.

Vendors and Suppliers

We retain your details until we receive a request to remove them from our system, or until we have reason to believe that the information we hold is no longer correct. You can access your Plunet profile and update your details when required. We will send a reminder e-mail to provide notification that we are still holding your details, as well as a means to verify their accuracy and amend where necessary.

We may retain a small amount of data for longer than this period, should we feel that it is in the company’s legitimate interest and that it does not overly prejudice your rights and freedoms (for example in cases where we feel it may protect the company from fraud or misrepresentation).

Current, Former and Potential Employees

Your personal data will be stored for a period of 7 years after your employment or internship is terminated in order to comply with our legal requirements.

For potential employees or internship applicants, your data will be stored for 6 months after the application process has been completed or no job offer has been made. This is in case we need to contact you again about a potential job vacancy or to provide justification for a decision.

Third Parties

We retain your personal data for as long as the person whose reference you supplied remains on our records. Should you provide a reference for an employee, this will be 7 years after the termination of their employment, and for vendors, this will be as long as they choose to remain on our database.

Cookies

We may obtain information about your general internet usage of our website by using a cookie file which is stored by your browser. Cookies contain information that is transferred to your computer’s hard drive, which helps us to improve our website and to deliver a better and more personalised service. Some of the cookies we use are essential for our website to operate. For detailed information on the cookies we use and the purposes for which we use them, please see our cookie policy.

Storing and Processing Your Personal Information

Any information you give us will be stored on our systems and may be processed and used by us. It may be transferred to, and stored at, a destination within the European Economic Area (“EEA”) where our servers are located. It may also be transferred to, and stored outside the EEA, and processed by staff, operating outside the EEA, who work for us or for one of our business partners or suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of services.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps, including appropriate technical and organisational measures to ensure that your personal data is treated securely and in accordance with this privacy policy and the applicable laws. Our websites provide an encrypted connection, but please note that sending data by e-mail will not necessarily be secure. Any information shared though Plunet will be transferred securely.

Sharing Your Personal Information (Our Data Processors)

Your personal data will not be disclosed to any third parties except to our business partners who assist us in providing our products and services to you, or as required by law. These third parties include:

  1. The Rocket Science Group, LLC (“Mailchimp”), to help us manage our mailing lists and to ensure that we only send marketing e-mails to those who have opted in or to whom we have a right to send information. Your name, company and e-mail address may be shared with Mailchimp, and aggregated with any IP address from which you open a message sent via their service. Their privacy policy can be viewed online here: https://mailchimp.com/legal/privacy
  2. Google Inc. (“Google Analytics”), to allow us to track and analyse visits to and usage of our website. The only personal data we share with Google Analytics is your IP address, which is never aggregated with any other personal data. Google’s Privacy Policy can be viewed online here: https://policies.google.com/privacy
  3. 1&1 Internet Ltd. (“1&1”), our web hosts. 1&1 provides the servers which power our main website (www.commsmultilingual.com). Any data you share via this website (including your IP address) may be cached or stored on 1&1’s servers within the EEA. We do not otherwise share any personal data with 1&1. Their privacy policy can be viewed online here: https://www.1and1.co.uk/terms-gtc/terms-privacy
  4. SendPulse Inc. (“SendPulse”), to provide us with e-mail and marketing automation. SendPulse may receive your personal contact information, as well as details of any click or interaction data (and therefore your IP address) related to our marketing campaigns. We use SendPulse in order to help us respect your marketing preferences. The data processing agreement for our relationship can be found here: https://sendpulse.com/legal/processing
  5. Tudor John LLP (“Tudor John”), our chosen accounting and payroll company. We share details of financial transactions, including personal information related to employees, vendors and customers. Their privacy policy can be viewed online here: http://tudorjohn.co.uk/privacy-policy
  6. PayPal and HSBC (“Payment partners”), to enable us to make and receive payments from clients and to providers. We share account details as well as names and e-mail addresses with these partners. PayPal’s privacy policy can be viewed online here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev, and HSBC’s policy here: https://www.business.hsbc.uk/-/media/library/business-uk/pdfs/privacy-notice-for-uk- customers.pdf.
  7. Plunet (Translation Management System), which allows us to manage our databases of clients and vendors, our projects, and invoicing information. It also provides a safe platform to transfer files. Their privacy statement can be viewed online here: https://www.plunet.com/en/privacy-statement/.
  8. Applewood (IT Services), provides technical support and IT services. Their privacy policy can be viewed online here: https://apple-wood.co.uk/privacy-policy/.
  9. Croner (HR Services) provides legal advice and documentation on HR matters. They also provide an online platform to store employee information. Their privacy policy can be viewed online here: https://croner.co.uk/privacy-policy/.

However, we may disclose your personal data to other third parties if:

  1. We sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  2. CML or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  3. We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions, or to protect our rights and property, or our safety and that of our customers and third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If we are involved in a merger, acquisition or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access, use or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we collect online. Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective.

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy. This includes training for all staff members on data protection and governance.

Information you provide to us is stored on our internal servers, which are secured by firewalls and various means of authentication. Unfortunately, the transmission of information via the internet is not completely secure.

While we will take reasonable steps to protect your personal information, we cannot guarantee the security of any information transmitted through our website; any transmission is at your own risk. We offer an SSL connection to our website and portal and would recommend that any files are transferred through an encrypted connection where possible, or Plunet rather than via e-mail.

Your rights and control of your information

Under the General Data Protection Regulation (EU and UK GDPR) you have a number of rights with regard to your personal data.

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the right and the ability to:

  1. Access the information we hold about you in accordance with the GDPR.
  2. Ask for your information to be corrected or updated;
  3. Ask us to remove your information from our records;

You also have the right to tell us if you do not want us to use your information for our own direct marketing purposes. We expressly do not pass your personal data on to third parties for direct marketing purposes.

Where we receive notice to restrict the processing of or to erase your information, we will do so where we are not under a legal obligation to retain it. At the end of any legal retention period, we will erase your data as requested.

There are several other rights that you have under European and UK law; please see the ICO website or your national data protection body for further details.

Contacting us about your data

The supply of information under a subject access request is generally free of charge. However, CML reserves the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly where it is a repeat request.

The Data Protection Administrator will always verify the identity of anyone making a subject access request before handing over any information. An initial response to a subject access request, containing all the requested data, must be provided within thirty days.

In the event that you wish to submit a data subject access request, or to complain about how we have handled your personal data, please contact our data protection and governance team at data.protection@commsmultilingual.com or in writing to the following address:

Data Protection
Comms Multilingual Ltd
Renaissance House
32 Upper High Street
Epsom
KT17 4QJ
United Kingdom

Our data protection and governance team will then investigate your request/complaint and work with you. We aim to comply with data protection requests within 30 days.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the UK’s Information Commissioner’s Office (ICO) and file a complaint with them.

Comms Multilingual Ltd
February 2022

ISO-certified Translation Agency - Comms Multilingual - ATC Certification Badge