Translator Scandinavia’s privacy policy

At Translator Scandinavia we safeguard your individual privacy and always strive to provide a high level of data protection. This privacy policy explains how we collect and use your personal information. It also describes your rights and how you can assert them.

It is important that you familiarise yourself with and understand our privacy policy and feel secure in our processing of your personal data. You are always welcome to contact us if you have any questions.

Cecilia Enbäck, CEO

Stockholm, 25 May 2018

1.   What is personal data and what is personal data processing?

Personal data is all forms of information that directly and indirectly can be traced to a physical person who is still alive. For example, images and sound recordings that are processed in computers may be personal data, even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to physical individuals.

The only thing that happens to the personal data is that they are processed. Each action taken with personal data constitutes processing, regardless of whether or not it is automated. Examples of regular processing are collection, recording, organisation, structuring, storage, adaptation, transmission and erasure.

2.   Who is responsible for the personal data we collect?

Cecilia Enbäck, CEO at Translator Scandinavia AB, is data controller for Translator Scandinavia’s processing of personal data.

3.   What personal data do we collect about you as an employee and for what purpose (why)?


Salary payments, tax payments, insurance, corporate healthcare 

Processing carried out

Salary and time reporting program.

Categories of personal data

Name, personal identification number

Contact information (email and telephone number). Account number

Any notes that you yourself choose to submit.

Legal grounds: Performance of contract of employment. This collection of your personal data is required in order for us to meet our obligations.

Storage period:  During the employee’s term of employment plus 7 years.

4.   What personal data do we collect about you as an employee’s relative and for what purpose (why)?


List of next-of-kin

Processing carried out

All employees have access to the list via the management system.

Categories of personal data

Name, telephone number

Legal grounds: Personal data is collected after consent being obtained from each relative.

Storage period:  During the employee’s term of employment.

5.   What personal data do we collect about you as a job applicant and for what purpose (why)?


Recruitment of human resources

Processing carried out

Application processing.

Categories of personal data

Cover letters, CVs

Legal grounds: Personal data is stored after consent from each applicant.

Storage period: During the recruitment period and possibly longer after consent is obtained

6.   What personal data do we collect about you as a customer and for what purpose (why)?


To be able to process quotations/agreements.

Processing carried out

Customer database, booking documents, web services, time reporting, accounting.

Project documentation.

Processing payment.

Categories of personal data


Corporate registration number.

Contact information (e.g. address, email and telephone number).

Payment history. Payment information.

Legal grounds: Performance of agreement. This collection of your contact information is required in order for us to meet our obligations under the agreement.

Storage period: As long as the agreement is valid and for a period of 24 months after that in order to able to process any complaints

7.   What personal data do we collect about prospects and for what purpose (why)?


Marketing, generating new custom.

Processing carried out

List of prospects, newsletters, trade fair contacts

Categories of personal data


Contact information (e.g. address, email and telephone number).

Legal grounds: Legitimate interest. The processing is necessary in order to satisfy our legitimate interest and that of any new customers in establishing deeper contact.

Storage period: As long as there is interest. Individuals are removed from the database by request on a continuous basis.

8.   What personal data do we collect about you as a supplier and for what purpose (why)?


In order to meet the requirements of our company’s purchasing procedures and those that ISO certification makes of our company.

Processing carried out

Requisite processing to meet our company’s obligations under statutory requirements or public authority decisions

Categories of personal data


Contact information (e.g. address, email and telephone number).

Legal grounds: Performance of agreements. This collection of your contact information is required in order for us to meet our obligations under the agreement.

Storage period: Until the purchase has been made (including delivery and payment) and for a period of 36 months thereafter.

9.   From which sources do we obtain your personal data?

You provide us with your personal data yourself. We do not collect personal data from anyone else (known as a third party).

10. Who might we share your personal data with?

Processors. In cases where it is necessary in order for us to offer our services, we share your personal data with companies that act as processors for us. A processor is a company that processes information on our behalf and in line with our instructions. We have processors that help us with:

1) Accounting

2) Marketing (web agency and SEO specialist).

3) IT services (company that manages the necessary operation, technical support and maintenance of our IT solutions).

When your personal data is shared with processors, it is solely for purposes associated with the purposes for which we have collected the information (e.g. to be able to meet our obligations under the purchasing agreement). We check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all processors, in which they guarantee the security of the personal data processed and undertake to comply with our security requirements, along with limitations and requirements concerning the international transmission of personal data.

We also share your personal data with certain companies that independently are data controllers. The fact that the company is independently a controller means that we do not govern how the information submitted to the company is processed.

Independent data controllers that we share your personal data with are:

1) State authorities (police, tax authorities or other public authorities) if we are obliged to do so by law or on suspicion of criminal activity.

2) Companies that provide general goods transport services (logistics companies and hauliers).

3) Companies that offer payment solutions (payment processors, banks and other payment service suppliers).

When your personal data is shared with a company that is independently a data controller, the privacy policy and data processing of that company apply.

11. Where do we process your personal data?

We always strive to ensure that your personal data is processed within the EU/EEA, and all our own IT systems are located in the EU/EEA. In terms of system support and maintenance, we may however need to transmit the information to a country outside the EU/EEA, e.g. if we share your personal data with a processor that, either themselves or through a sub-processor, is established or stores information in a country outside the EU/EEA. The processor may in such cases only have access to the information relevant to the purpose (e.g. log files).

Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organisational measures to ensure that the level of protection is the same as in the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision from the EU Commission that the country in question guarantees an equivalent level of protection, or through using what are known as appropriate safeguards. Examples of such safeguards include an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules or Privacy Shield. If you would like a copy of the safeguards that have been put in place, or information on where these have been made available, you are welcome to contact us.

12. How long do we save your personal data?

We never save your personal data longer than is necessary for each purpose. See more about the specific storage periods under each purpose.

13. What rights do you have as a data subject?Right of access (known as a database extract).

We are always open and transparent about how we process your personal data, and if you wish to gain greater insight into which personal data we process about you specifically, you can request access to the data. (The information is presented in the form of a database extract stating the purpose, categories of personal data, categories of recipient, storage periods, information on where the information has been obtained from and any instances of automated decision-making.)

Bear in mind that if we receive a request for access, we may ask for further data to ensure we can process your request efficiently, and that the information is being conveyed to the right person.

Right to rectification. You can request that your personal data be rectified in the event that the data is erroneous. Within the scope of the stated purpose, you are also entitled to supplement any incomplete personal data.

Right to erasure. You can request that personal data that we are processing about you be erased if:

The personal data are no longer necessary in relation to the purposes for which they were collected or processed.

You object to a balancing of interests that we have undertaken based on a legitimate interest, and your reason for objection weighs heavier than our legitimate interest.

You object to processing for direct marketing purposes.

The personal data has been unlawfully processed.

The personal data must be erased to meet a legal obligation we are subject to.

Bear in mind that we may be entitled to deny your request in the event of legal obligations that prevent us from immediately erasing certain personal data. These obligations may arise from accounting and tax legislation, bank and money laundering legislation, as well as from consumer legislation.

It may also be the case that the processing is necessary for the establishment, exercise or defence of legal claims. If we should be prevented from meeting a request for erasure, we will instead obstruct the personal data from being used for purposes other than the purposes that prevent the requested erasure. This means that you can request that we do not erase your data.

Right to restriction. You are entitled to request that our processing of your personal data be restricted. If you dispute that the personal data we are processing is correct, you can request restricted processing during the time we require to check whether the personal data is correct. If we no longer need your personal data for the stated purposes, but you require it for the establishment, exercise or defence of legal claims, you can request restricted processing of data. If you have objected to a balancing of legitimate interests that we have undertaken as legal grounds for a purpose, you can request restricted processing during the time we require to check whether our legitimate interests weigh heavier than your interests in having the data erased.

If the processing has been restricted as occasioned by one of the situations above, in addition to the actual storage, we may only process the data to establish, exercise or defend legal claims, to protect a third party’s rights, or in the event that you have given your consent.

Right to make objections to certain forms of processing. You are always entitled to opt out of direct marketing and to object to all processing of personal data based on a balancing of interests.

Balancing of interests: In cases in which we use a balancing of interests as the legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to demonstrate a mandatory legitimate reason for the processing in question that weighs more heavily than your interests, rights or freedoms. In other cases, we may only process the data in order to establish, exercise or defend legal claims.

Direct marketing (including analyses performed for direct marketing purposes): You have the opportunity to object to your personal data being processed for direct marketing purposes. The objection also covers the analyses of personal data (known as profiling) performed for direct marketing purposes.

Direct marketing refers to all types of outreach marketing (e.g. via regular mail, email and text message). Marketing measures where you as a customer actively have opted to use one of our services or otherwise sought us out to find out more about our services are not considered direct marketing (e.g. product recommendations or other functions).

If you object to direct marketing, we will cease the processing of your personal data

for that purpose and with all types of direct marketing measures.

Right to data portability. If our right to process your personal data is based either on your consent or meeting the terms of an agreement with you, you are entitled to request to have the data concerning you that you have submitted to us transferred to another controller (known as data portability). A requirement for data portability is that the transfer is technically possible and can be automated.

14. How do we process personal identification numbers?

We will only process your personal identification number when this is clearly justified considering the purpose, necessary for secure identification, or if there is any other noteworthy reason. We always minimise the use of your personal identification number to as great an extent as possible by, in cases where it is sufficient, using your date of birth instead.

15 What are cookies and how do we use them?

Cookies are small text files consisting of letters and numbers that are sent from our web server and saved in your browser or device. We use the following cookies:

1) Session cookies (temporary cookies that expire when you close your browser or device).

2) Persistent cookies (cookies that remain in your computer until you remove them or they expire).

3) First-party cookies (cookies created by the website you visit).

4) Third-party cookies (cookies created by a third-party website. In our case these are primarily used for analysis, e.g. Google Analytics.).

5) Similar technologies (technologies that store information in your browser or device in a manner similar to cookies).

The cookies we use normally improve the services we offer. Some of our services require cookies to function correctly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other data.

16. Can you control the use of cookies yourself?

Yes! Your browser or device gives you the opportunity to change the settings for the use and scope of cookies. Go to your browser or device settings to learn more about how to adjust the settings for cookies. Examples of things you can adjust are blocking all cookies, only accepting first-party cookies, or deleting cookies when you close your browser. Bear in mind that some of our services may not work if you block or erase cookies. You can read more about cookies on the Swedish Post and Telecom Authority website,

17. How is your personal data protected?

We use IT systems to protect confidentiality, privacy and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only those individuals who actually need to process your personal data in order for us to fulfil our stated purposes have access to it.

18. What does it mean that the Swedish Data Protection Authority is the supervisory authority?

The Swedish Data Protection Authority is responsible for monitoring the application of the legislation, and an individual who considers that a company is handling personal data in an improper or erroneous manner can lodge a complaint with the Swedish Data Protection Authority.

19. How do we keep you informed of any changes to our privacy policy?

As we take data protection very seriously, we have specific employees at the company who deal with these specific matters. We may make changes to our privacy policy. The latest version of the policy will always be available here on our website. When making updates that are crucial to our processing of personal data (e.g. changes to stated purposes or categories of personal data), or updates that are not crucial to the processing but that may be crucial to you, you will receive information on our website and via email (if you have given us an email address) in good time prior to the updates becoming applicable. When we make information on updates available, we will also explain the meaning of the updates and how they may affect you.


Tarjous Soittakaa minulle!