Privacy policy

At Translator Scandinavia we safeguard your individual privacy and always strive to provide a high level of data protection. This privacy policy explains how we collect and use your personal information. It also describes your rights and how you can assert them.

It is important that you familiarise yourself with and understand our privacy policy and feel secure in our processing of your personal data. You are always welcome to contact us if you have any questions.

Cecilia Enbäck, CEO

Stockholm, 2022-03-24

How we process personal data at Translator Scandinavia

At Translator Scandinavia, we care about your privacy and always strive for a high level of data protection (for example, we would never sell your personal data to another company).

This Privacy Policy explains how we collect and use your personal information. It also describes your rights and how you can assert them. It is important that you familiarise yourself with and understand our Privacy Policy and feel secure in our processing of your personal data. You are always welcome to contact us if you have any questions.

This information may be updated. The latest version is always published on our website. If we make material changes to the way we process your personal data, we will notify you by email. Latest update 20 April 2022.

What is personal data and what is personal data processing?

Personal data is all forms of information that directly and indirectly can be traced to a physical person who is still alive. For example, images and sound recordings that are processed in a computer may be personal data, even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to physical individuals. The only thing that happens to the personal data is that they are processed. Each action taken with personal data constitutes processing, regardless of whether or not it is automated. Examples of regular processing are collection, recording, organisation, structuring, storage, adaptation, transmission and erasure.

Who is responsible for the personal data we collect?

Translator Scandinavia AB, corporate identification number 556412-6869, address Box 4209, SE-102 65 Stockholm, is the data controller for the company’s processing of personal data.

What personal data do we collect about you as a customer and why?

When you send us a request for a quote

In order to process a quote, we store some of your personal data in our order management system, our email system and our file server. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number)
  • Information about your company (name and corporate identification number)

The legal basis is the performance of a contract. This collection of your contact information is required in order for us to meet our obligations.

We save your data as long as the agreement is valid and for a period of 7 years after that in order to able to process any complaints and meet legal requirements. If no contract or order comes about, we delete the data from our systems after 2 years.

NOTE: We do not work for private individuals. If you send us a request as a private individual, we will not store any personal data about you, and your request, including any material you have sent to us for translation, will be deleted from our systems.

When you partner with us

In order to process quotes, orders and payments as agreed, we store some of your personal data in our order management system, our email system, our file server and our accounting system. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number)
  • Payment details (payment history and payment information)

The legal basis is the performance of a contract. This collection of your contact information is required in order for us to meet our obligations.

We save your data as long as the agreement is valid and for a period of 7 years after that in order to able to process any complaints and meet legal requirements.

What personal data do we collect about you as a prospective customer and why?

In order to be able to find new customers, we store some of your personal data in our order management systems and email system. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number)
  • Information about your company (name and corporate identification number)

The legal basis is the balancing of interests.

The processing carried out is registration in our order management system and notes from any presentation meetings and/or telephone conversations.

If no contract or order comes about, we delete the data from our systems after 2 years.

What personal data do we collect about you as a language service provider and why?

When you partner with us

In order to contact you about assignments and process payments as agreed, we store some of your personal data in our order management system. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number).
  • Your personal identification number if it is the same as your corporate identification number (e.g. in the case of sole proprietorship)
  • Information about your company (name and corporate identification number)
  • Payment details
  • CV, cover letter, academic certificates and certificates of employment
  • Your skills
  • Assessments we make of your skills

The information is also stored in other IT systems such as our file server, our email system, our contract management system and our accounting system.

The legal basis for the processing is the performance of contracts with our customers and with you as a provider.

Emails and other project-related documentation are deleted 7 years after the final delivery of each project at the latest.

We keep information about you and your skills until further notice.

If you are included in one of our tenders and/or quotes, the information from your CV, including first and last name, certificates of employment and academic certificates, may be forwarded to our clients.

The legal basis for the processing is the performance of contracts.

If you participate in translation projects of stock exchange-related documentation, we, our clients and the authorities will save the following personal data:

  • First name and surname
  • Telephone number
  • Email address
  • Personal identification number or equivalent

The insider register shall include all individuals who have access to inside information and who work for the issuer through employment contracts or otherwise perform tasks via which they have access to inside information.

The information is stored on our file server, in Outlook and by our customers and is deleted when you no longer have access to inside information.

The legal basis for the processing is legal requirements.

What personal data do we collect about you as a job applicant and why?

In order to be able to find new employees or partners, we store some of your personal data on email and file servers. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number)
  • Your personal identification number if it is the same as your corporate identification number (e.g. in the case of sole proprietorship) or if it is included in your documents.
  • CV, cover letter, academic certificates and certificates of employment

During the application period. Most are discarded after the recruitment process is complete. Applications that appear to be of interest for future recruitment will be kept for up to 2 years.

What personal data do we collect about you as a provider of other services and why?

In order to contact you and collaborate as agreed, we store some of your personal data in our order management, email and accounting systems. The personal data we store are:

  • Your first name and surname
  • Your contact information (address, email and telephone number).
  • Your personal identification number if it is the same as your corporate identification number (e.g. in the case of sole proprietorship)
  • Provider assessment
  • Payment details

The legal basis for the processing is the performance of contracts with providers.

We store the information until the purchase has been made (including delivery and payment) and for a period of 7 years thereafter.

Personal data in the material to be translated

Presence of personal data in texts to be translated.

For example, the first and last names of board members in an annual report, or patient records. Personal data may appear in the material to be translated without our knowledge. Managing this potential personal data can be challenging for a variety of reasons, such as:

  • it may be impossible to identify personal data in content for translation before it has already been sent for translation and the work has begun, for example because of the scope of the assignment, the format, or because the project manager does not understand the source language.
  • The ordering party is not always aware of the implications of data protection and personal data in the material to be translated.
  • Content for translation is transferred between different countries for translation.
Storage

Project-related documentation, including texts to be translated, is kept for 7 years after final delivery. Text in translation memories is stored indefinitely unless otherwise agreed.

If we discover that the texts contain sensitive personal data, we inform the customer of this and if possible we anonymise the documentation before we start the assignment. If anonymisation is not possible, we delete the files from our various IT systems after final delivery.

From which sources do we obtain your personal data?

In addition to the data you provide to us, we may also collect personal data from someone else (known as a third party). The data we collect from third parties are as follows:

1) Address details from public records to make sure we have the correct details for you.

2) Credit rating information from credit rating agencies, banks or information companies.

Who might we share your personal data with?

Data processors.

In cases where it is necessary in order for us to offer our services, we share your personal data with companies that act as processors for us. A processor is a company that processes information on our behalf and in line with our instructions. We have processors that help us with:

1) Accounting.

2) Marketing (search optimisation, web design, PR).

3) IT services (company that manages the necessary operation, technical support and maintenance of our IT solutions).

4) Business systems.

When your personal data is shared with processors, it is solely for purposes associated with the purposes for which we have collected the information (e.g. to be able to meet our obligations under the purchasing agreement).

We check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all processors, in which they guarantee the security of the personal data processed and undertake to comply with our security requirements, along with limitations and requirements concerning the international transmission of personal data.

Companies that are independent data controllers.

We also share your personal data with certain companies that independently are data controllers. The fact that the company is independently a controller means that we do not govern how the information submitted to the company is processed.

Independent data controllers that we share your personal data with are:

1) State authorities (police, tax authorities or other public authorities) if we are obliged to do so by law or on suspicion of criminal activity.

2) Companies that provide general goods transport services (logistics companies and hauliers).

3) Companies that offer payment solutions (payment processors, banks and other payment service providers).

When your personal data is shared with a company that is independently a data controller, the privacy policy and data processing of that company apply.

Where do we process your personal data?

We always strive to ensure that your personal data is processed within the EU/EEA, and all our own IT systems are located in the EU/EEA. In terms of system support and maintenance, we may however need to transmit the information to a country outside the EU/EEA, e.g. if we share your personal data with a processor that, either themselves or through a sub-processor, is established or stores information in a country outside the EU/EEA. The processor may in such cases only have access to the information relevant to the purpose (e.g. log files).

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as in the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision from the European Commission that the country in question guarantees an equivalent level of protection, or through using what are known as appropriate safeguards. Examples of such safeguards include an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules or Privacy Shield. If you would like a copy of the safeguards that have been put in place, or information on where these have been made available, you are welcome to contact us.

How long do we save your personal data?

We never save your personal data longer than is necessary for each purpose.

What are your rights as a data subject?

Right of access (known as a database extract).

We are always open and transparent about how we process your personal data, and if you wish to gain greater insight into which personal data we process about you specifically, you can request access to the data. (The information is presented in the form of a database extract stating the purpose, categories of personal data, categories of recipient, storage periods, information on where the information has been obtained from and any instances of automated decision-making.) Bear in mind that if we receive a request for access, we may ask for further data to ensure we can process your request efficiently, and that the information is being conveyed to the right person.

Right to rectification.

You can request that your personal data be rectified in the event that the data is erroneous. Within the scope of the stated purpose, you are also entitled to supplement any incomplete personal data.

Right to erasure.

You can request that personal data that we are processing about you be erased if:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or processed.
  • You object to a balancing of interests that we have undertaken based on a legitimate interest, and your reason for objection weighs heavier than our legitimate interest.
  • You object to processing for direct marketing purposes.
  • The personal data has been unlawfully processed.
  • The personal data must be erased to meet a legal obligation we are subject to.

Bear in mind that we may be entitled to deny your request in the event of legal obligations that prevent us from immediately erasing certain personal data. These obligations may arise from accounting and tax legislation, as well as bank and money laundering legislation, but also from consumer legislation. It may also be the case that the processing is necessary for the establishment, exercise or defence of legal claims. If we should be prevented from meeting a request for erasure, we will instead obstruct the personal data from being used for purposes other than the purposes that prevent the requested erasure. This means that you can request that we do not erase your data.

Right to restriction.

You are entitled to request that our processing of your personal data be restricted. If you dispute that the personal data we are processing is correct, you can request restricted processing during the time we require to check whether the personal data is correct. If we no longer need your personal data for the stated purposes, but you require it for the establishment, exercise or defence of legal claims, you can request restricted processing of data. If you have objected to a balancing of legitimate interests that we have undertaken as legal grounds for a purpose, you can request restricted processing during the time we require to check whether our legitimate interests weigh heavier than your interests in having the data erased. If the processing has been restricted as occasioned by one of the situations above, in addition to the actual storage, we may only process the data to establish, exercise or defend legal claims, to protect a third party’s rights, or in the event that you have given your consent.

Right to make objections to certain forms of processing.

You are always entitled to opt out of direct marketing and to object to all processing of personal data based on a balancing of interests.

Balancing of interests

In cases in which we use a balancing of interests as the legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to demonstrate a mandatory legitimate reason for the processing in question that weighs more heavily than your interests, rights or freedoms. In other cases, we may only process the data in order to establish, exercise or defend legal claims.

Direct marketing

You have the opportunity to object to your personal data being processed for direct marketing purposes. The objection also covers the analyses of personal data (known as profiling) performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing (e.g. via regular mail, email and text message). Marketing measures where you as a customer actively have opted to use one of our services or otherwise sought us out to find out more about our services are not considered direct marketing (e.g. product recommendations or other functions). If you object to direct marketing, we will cease processing your personal data for that purpose and cease all direct marketing activities.

Remember that you always have the opportunity to influence which channels we use for mailings and personalised offers. For example, you can choose to receive offers from us by email only.

Right to data portability.

If our right to process your personal data is based either on your consent or meeting the terms of an agreement with you, you are entitled to request to have the data concerning you that you have submitted to us transferred to another controller (known as data portability). A requirement for data portability is that the transfer is technically possible and can be automated.

What are cookies and how do we use them?

Cookies are small text files consisting of letters and numbers that are sent from our web server and saved in your browser or device. We use cookies to monitor the effectiveness of our marketing activities and analyse our traffic, as well as for certain functionality on the website. We also forward such identifiers and other information from your device to the advertising and analytics companies with whom we work.

You can find out more about the cookies we use at https://www.translator-scandinavia.se/en/cookies/

Your browser or device gives you the opportunity to change the settings for the use and scope of cookies. Go to your browser or device settings to learn more about how to adjust the settings for cookies. Examples of things you can adjust are blocking all cookies, only accepting first-party cookies, or deleting cookies when you close your browser. Bear in mind that some of our services may not work if you block or erase cookies. You can read more about cookies on the Swedish Post and Telecom Authority website, www.pts.se.

How can you exercise your rights?

Call 08-702 0503, email us at gdpr@translator-scandinavia.se or use our contact form if you want your data to be erased or restricted and/or if you want to rectify an entry.

How is your personal data protected?

We use IT systems to protect confidentiality, privacy and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only those individuals who actually need to process your personal data in order for us to fulfil our stated purposes have access to it.

What does it mean that the Swedish Authority for Privacy Protection (IMY) is the supervisory authority?

The Swedish Authority for Privacy Protection (IMY) is responsible for monitoring the application of the legislation, and an individual who considers that a company is handling personal data in an improper or erroneous manner can lodge a complaint with the Authority.