Our website address is: http://www.holgerthomastranslation.com.

Holger Thomas Translation is an online B2B translation service that offers a variety of translation, revision and consulting services, primarily for the language pairs English into German and German into English. Based on native German and near-native English language command, as well as on the technical background of an electronics engineer and industrial experience, Holger Thomas Translation is striving to provide a reliable, high-quality language service within the mentioned scope. The business is best suited for small to medium companies in various industrial fields, as in more detail line out in the specialist area section of the website. 

This Privacy Policy covers how we collect, process and store Personal Data where we are defined as the Data Controllers as outlined in the General Data Protection Regulation 2016/679 (“GDPR”) and the Irish Data Protection Act 2018. It ensures that we:

• are open and transparent in relation to how we collect, store and process an individuals’ Personal Data,
• are compliant with the relevant data protection legislation and follow what is considered good practice in protecting the Personal Data collected, stored, and processed,
• protect the rights of our staff, partners, sub-contractors, visitors to our website or any other parties whose data we process, and
• implement appropriate technical and organisational measures to protect the Personal Data
  we process and to keep it secure.

The key definitions are set out in the Data Protection Act 2018 and the GDPR and are summarised below.

The term “Personal Data” is information related to a living individual who is or who can be identified:

1. from the data, or
2. from the data and other information, which is in the possession of, or is likely to come into the possession of, the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual.

The term “special categories of Personal Data” means Personal Data revealing:

• racial or ethnic origin,
• political opinions,
• religious  or philosophical beliefs,
• trade union membership,
• genetic data,
• biometric data for the purposes of uniquely identifying a natural person,
• any form of health information, and
• a natural person’s sex life or sexual orientation.

Data “processing” includes obtaining, recording, or holding information and carrying out any operation on the information such as organising, altering, using, disclosing, erasing or destroying it.

A “data subject” is an individual who is the subject of Personal Data. This includes partnerships and groups of individuals, but not limited companies.

A “Data Controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the way in which any Personal Data are, or are to be, processed.

A “Data Processor” means any person (other than an employee of Holger Thomas Translation) who processes the data on our behalf.

“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Principles of Data Processing

Article (5)(1) of the GDPR covers the principles of data processing. We are mindful of these principles at all times, and we ensure that Personal Data is:

• processed lawfully and fairly and that we are transparent about how and why we process data (‘lawfulness, fairness and transparency’),
• only collected when there is a specific purpose to do so and that we do not further process data in a manner that is incompatible with the original purpose (‘purpose limitation’),
• adequate, relevant and limited to what is necessary for the purpose for which it was collected (‘data minimisation’),
• accurate and, where necessary, kept up to date (‘accuracy’),
• only kept for as long as it is necessary for the purpose for which it was collected (‘storage limitation’),
• kept secure at all times and is protected against any unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’),

As per Article (5)(2) of the GDPR we must also be able to demonstrate compliance with the above listed principles and be held accountable at all times (‘accountability’).

Data Subject Rights

Individuals have certain rights regarding their Personal Data, and it is important to us that we respect these rights so that you feel in control of your data. There are certain exemptions to these rights; should you look to exercise any of these rights, we will always be clear in our communications with you and inform you if an exemption applies.

Right of access: You have the right to ask if we hold any of your Personal Data and, if we do, to receive copies of this data as well as details relating to the processing and any third parties in receipt of the data. However, we cannot give you access to a copy of your data if this would adversely affect the rights and freedoms of others.

Right of rectification: If any of the Personal Data we hold is inaccurate, you have the right to request us to correct it.

Right to be forgotten: In certain circumstances, you have the right to request that we delete your Personal Data. Examples include:

• where the data is no longer needed for the purpose for which it was originally collected, for instance upon expiry of a business relationship or partnership;
• you have withdrawn your consent for us to use your data (where there is no other legal reason us to use it),
• there is no legal reason for us to process your data,
• deleting the data is a legal requirement.

Right of restriction: You can restrict the use of your data unless we have an overriding legitimate lawful purpose for continuing to process the data.

Right to data portability: You have the right to ask for your Personal Data to be returned to you or given to another Data Controller in a commonly used format. This right only applies to Personal Data being processed under the lawful basis of consent, or pursuant to a contract, and where the processing is automated and not manual. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object: The instances where you have the right to object to the processing of your data are:

• when your objection is based on the grounds of public interest or legitimate interest including profiling based on these grounds;
• when data is used for direct marketing purposes.

Rights relating to automated decision making/profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which has significant effects on you. This right shall not apply where the processing:

• is necessary for entering into, or performance of, a contract,
• is based on your consent, or
• is authorised by law.

Right to make a complaint: You have the right to make a complaint to a relevant Supervisory Authority, in Ireland this is the Data Protection Commission (“DPC”). The contact details are:
Email: info@dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.
Tel: 1890 252 231

How we collect information

In order to run our business and provide our services to the public, we must process certain Personal Data. This data may be collected by various means including:

The general operation of our business: We receive and store information you provide directly to us when:

• you make inquiries about our business,
• you engage with us in connection with any service, offer or event;
• you submit documents or other data directly to us or via our business website for translation or language-related processing purposes,
• you sign up to receive marketing information.

From our website and social media pages: We may collect any personal information through the operation of social media pages or other online platforms when:

• you visit our website, we collect certain information related to your device, and
• if you engage with us through our accounts on social media platforms.

Types of personal data

We require certain Personal Data in order to operate our business, including the following:

• Identity – Name and title
• Communication & correspondence – Address, email, phone number/s
• Employment information – Job role in your enterprise (only when requested)
• Financial Data – Payment information (not stored on our website – separate data security provisions apply here, outlined in our terms & conditions)
• Web, events & social media –
  Website: your device’s IP address, referring website, what pages your device visited, date and time of visit,
  Events: contact details,
  Social Media: photos, videos, general personal information publicly available.

For all processing of Personal Data, we are required by law to identify a lawful basis on which the processing is based. These are defined in Article (6)(1) of the GDPR. Here we provide further information about the legal grounds we have for processing Personal Data:

Performance of a contract:
– to register you for general communication, individualised service offers and service contracts on a project or ongoing basis,
– to provide you with the requested services and deliverables,
– to process payments for our services and deliverables, or to contact you regarding payments

Consent:
– to send direct electronic marketing material to individuals where consent applies,
– to use cookies on our website in accordance with our Cookie Policy.

Legitimate Interests:
When using this lawful basis, we will ensure that the legitimate interest pursed does not infringe on your privacy rights. Our legitimate interests include:
– to ensure the appropriate governance of our business,
– to handle complaints or appeals,
– to promote our services to other businesses
– to liaise with other businesses for the sourcing and recruiting of sub-contractors.

Legal Obligation:
– to carry out Garda Vetting checks,– to report any security incidents or hacking attempts,
– to meet our insurance requirements,
– to meet our legislative and regulatory requirements,
– to maintain proper accounts,
– to fulfil our obligations as a business,

Vital Interests of the data subject:
– to protect the vital interests of individuals participating in programmes or events

Article (9) of the GDPR deals with processing special categories of data.

In context with the conduction of our business we only capture and store contact data, job role designation and financial data in as far payments have to be processed. No sensitive or other types of data will be processed by us.

Holger Thomas Translation as a data processor

In certain instances, we may be deemed a Data Processor rather than a Data Controller. This may arise where we are partnering with another business in order to execute the agreed language services and where they collect the data from individuals as the Data Controller and share it with us to carry out our language services.

We will maintain the same level of security and confidentiality over the data as we apply to all the data we collect, process and store and will ensure that there are appropriate technical and organisation measures in place to protect the data.

In order to provide you with our language services and if you wish to benefit from any of our special offers, we must process certain personal information relating to you. Failing to provide certain personal information will reflect how we can interact with you and what services you can avail of.

We do not sell any personal information, nor do we share it with unaffiliated third parties unless we are required to do so by law. Where we engage the services of Data Processors on our behalf, we ensure that this processing is done with respect for the security of Personal Data and will be protected in line with data protection law. A written contract will be in place with any Processors prior to any information being shared, this contract places specific obligations on Processors and guarantees the security of the data.

Ways in which we may share personal information include:

• with affiliated business partners in connection with the execution of a project that might involve more and other than the mentioned language pairs (e.g. language service sub-contractors)
• to avail of web-based hosted services (eg. Microsoft, Smart Sheet, Shopify, Google)
• to engage the professional services of third parties, such as consultants, auditors, solicitors or any other such business advisers. Any such parties are bound by obligations of confidentiality,
• if we are collaborating with external parties in the organisation of a larger project or event or any similar activity,
• we engage providers to administer and evaluate our website,
• with our insurers or assessors when providing or reviewing information if an incident occurs,
• to assist the Gardaí and other competent authorities with investigations including criminal and safeguarding investigations,
• we reserve the right to report to law enforcement any activities that we, in good faith, believe to be illegal.

In cases where we transfer your data outside the EEA (European Economic Area), we will ensure that specific safeguards are in place prior to sharing your data. Such safeguards will be in line with Article 46 GDPR and will include:

• an organisation signed up to Binding Corporate Rules,
• an organisation based in a country with an EU approved Adequacy Agreement, or
• where we have a set of signed Standard Contractual Clauses (SCCs) in place, an organisation.

We ensure the confidentiality, integrity, availability, and resilience all data of which we are a Data Controller. We are obliged to protect the data from inadvertent destruction, amendment, loss, disclosure, corruption or unlawful processing and our organisational and technical security measures deliver on our commitment.

Access Control

• When accessing our systems, access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their task,
• We instruct users to apply strong passwords (long and complex enough),
• In certain cases, third parties are given access to specific systems to facilitate them providing us with their services, e.g. IT companies. In such cases, access will be strictly controlled on a need-to-know basis.

User Responsibilities

All users who have access to our systems are instructed to:

• lock their devices whenever they are not in use,
• always abide by the Password Management Policy for managing and use of passwords,
• never download or use software that is not for business use,
• never copy or remove company information from any devices,
• keep sensitive or confidential information secure at all times,
• always log off completely when finishing work,
• ensure they apply the same duty of confidentiality and security of data when working
  remotely,
• protect the Personal Data they handle during the course of their work.

Any third parties who process Personal Data on our behalf are contractually bound to process Personal Data in line with current data protection law practices and principles thus ensuring the security of the data.

Technical Securities

Our IT partners ensure that our systems are protected, and all information is stored securely,

• Anti-malware scans our emails for malicious links,
• All anti-virus software is kept up to date on all devices, and
• Firewalls are activated and kept up to date on our systems.

Our website at www.holgerthomastranslation.com uses cookies to help us to provide a good user experience for visitors to our website and to make any necessary improvements to our site. Using cookies enable us to customise the website according to your individual interests from information stored about your preferences. They are also used to monitor which parts of the website are most popular to visitors.

For any further information regarding cookies, please refer to our Cookies Policy, which you can find on our website.

We only keep your data as long as it is necessary for the purposes for which it was originally collected or to comply with legal or regulatory requirements. When determining the retention period, we take into account various criteria, such as the type of services requested by or provided to you, the nature and length of our relationship with you, mandatory retention periods provided by law and the statute of limitations.

Should you require any specific information regarding the retention of your data, please contact us directly.

Article 25 of the GDPR stresses the importance of Privacy by Design and Default. It puts an obligation on organisations to ensure that privacy is considered at all levels of the design and development of processing, and this is particularly relevant to new technologies.

In any instances where we are introducing new technologies for the processing of Personal Data, we will ensure that privacy is not an afterthought and will liaise with the respective providers to address any concerns.

Article 4(12) GDPR defines a ‘personal data breach’ as: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise
processed”.

Holger Thomas Translation may suffer a breach for a number of reasons including:

• the disclosure of confidential data to unauthorised individuals,
• improper disposal of documents,
• loss or theft of data or equipment on which data is kept,
• loss or theft of paper records,
• inappropriate access controls allowing unauthorised use of information,
• suspected or actual breach of our IT security,
• attempts to gain unauthorised access to computer systems, e.g. hacking,
• viruses or other security attacks on our IT systems or cloud storage,
• breaches of physical security,
• breaches as a result of a third-party breach, and
• emails containing personal or sensitive information sent in error to the wrong recipient.

In the event of a breach of personal data occurring, we will ensure that it is dealt with immediately and appropriately to minimise the impact of the breach and prevent a recurrence.

Each breach will be handled on a case-by-case basis and the level of risk to individuals caused by the breach will determine our notification. Where we deem there to be a significant risk to individuals, we will inform the Data Protection Commission within 72 hours of becoming aware of the breach. Where it is deemed necessary, individuals will also be notified without undue delay.

You have the right to be informed whether we hold data/information about you and to be given a description of the data together with details of the purposes for which your data is being kept.

You must make this request to us in writing (electronic or by post), and we will accede to the request within one month if it is deemed valid. In certain cases, it may be necessary for us to first verify your identity to ensure the request is legitimate.

Where a subsequent or similar request is made soon after a request has just been dealt with, it is at our discretion as to whether or not we need to comply with the second request. This will be determined on a case-by-case basis.

No personal data can be supplied relating to another individual unless that third party has consented to the disclosure of their data to the applicant. Data will be carefully redacted to omit references to any other individual and only where it has not been possible to redact the data to ensure that the third party is not identifiable, we must refuse to furnish the data to the applicant.

There are exemptions to the right of access, and should we deem the request to fall under an exemption, the individual will be informed within the initial one-month period.

Holger Thomas Translation is no business that is open to public visits, nor does it deal with the wider public in general, and therefore no public health concerns have to be addressed. No data relating to the health state of individuals are capture and stored.

This Privacy Policy may be updated from time to time to reflect changes in our privacy practices. The most up-to-date version is always available on our website.

If you have any questions, concerns or suggestions related to our Privacy Policy, you can contact us using our details below:
Email: office@holgerthomastranslation.com

Address: 191 Viewmount Park, Dunmore Road, Waterford X91 XVN0, Ireland
Tel: 00353 87 7369003