PDF VERSION

Privacy Policy (Customer Inquiries)

This notice explains how we use and process Personal Data that we collect when you submit a request for a quotation.

Who We Are

Isarey Language Services SL

Urb. Luberrieta Ondo 20; Gatika; 48110 Bizkaia; Spain

Company no. ES B95586533

Email (general enquiries): info@isarey.eu

Email (personal data enquiries): personaldata@isarey.eu

Definitions used in this policy

  • Additional Supporting Data

  • Personal data which is disclosed or made available to us to enable provision of a Quotation Request and prior to entering into a contract, but not specifically covered elsewhere in this policy. This data may be provided to us on the Data Submitter's own initiative or upon our request or suggestion, and may relate to the Data Submitter or to 3rd party Data Subjects referenced in Submitted Content.
  • Collected Data

  • Personal Data which we have purposefully collected from you, automatically or manually following the submission of forms provided on our website or as a result of communications which we have solicited from you.
  • Customer Enquiry

  • A request for information on Our Services submitted by a customer or potential customer prior to entering into a contract (including information on pricing, turnaround time, process, procedures, delivery, preparation requirements, schedules and any other information). This request may be submitted using the forms made available on our website or communicated to us by other means.
  • Customer Enquiry Form

  • Online Form made available on our website, allowing the submission of commercial enquiries from customers about our Services.
  • Data Breach

  • A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Data Controller

  • The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Data Included in Submitted Content

  • Any personal data which is included in documents or other media which the Data Submitter chooses to upload, send to us or otherwise disclose or make available to us because they require their translation, certification, legalization or their use in any other procedure which we offer as part of Our Services.
  • Data Processor

  • A natural or legal person, public authority, agency or other body which processes personal data on behalf of a Data Controller.
  • Data Subject

  • Natural person who is identified by or identifiable from Personal Data
  • Data Submitter

  • A natural or legal person, public authority, agency or other body which, upon their own initiative and by whatever means, chooses to submit a Quotation Request and/or Additional Supporting Data in relation to a submitted Request.
  • Domestic Purposes

  • Data is considered as being processed for Domestic Purposes where it is being processed by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity.
  • European Economic Area

  • The Member States of European Union, as well as Norway, Iceland and Liechtenstein, and including, for the purpose of this policy, the United Kingdom.
  • Our Services

  • Translation, document certification and legalization services, visa assistance and any other services offered by us.
  • Personal Data

  • Any information relating to an identified or identifiable natural person.
  • Processing

  • Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Special Category Data

  • Sensitive Personal Data, including data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health (personal data related to the physical or mental health of a natural person) and data concerning a natural person's sex life or sexual orientation. For the purpose of this policy, Special Category Data also includes personal data relating to criminal convictions and offences or related security measures.
  • Subprocessor

  • A natural or legal person contracted by a Data Processor to undertake all or some of the processing of personal data on behalf of a Data Controller.
  • Third Party

  • A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Scope of this policy

The provisions of this policy apply to the Personal Data of all natural persons, regardless of their nationality or place of residence.

This policy specifically covers Personal Data which is collected by us (Collected Data) in the context of a Customer Enquiry submitted on our website or by other means upon the initiative of the Data Submitter. In this context, this policy covers Collected Data related to the Data Submitter and also covers Collected Data related to any Third Party when the Data Submitter is processing this data for Domestic Purposes.

This policy does not apply to Collected Data which relates to Data Subjects other than the Data Submitter and which the Data Submitter is processing for purposes other than Domestic Purposes (e.g. in connection to a professional or commercial activity). Our processing of such data is as a Data Processor appointed by the Data Submitter (who acts as the Data Controller), in accordance with a separate agreement (Data Processing Agreement). In respect of such data, Isarey does not decide: i) what personal data should be collected, ii) the lawful basis for its processing iii) the purposes the data will be used for, iii) how long to retain the data, iv) whether to disclose the data or to whom.

Objective of this Policy

We are committed to the protection of privacy and of all Personal Data entrusted to us for Processing. This protection is a fundamental right essential to individual well-being. As such, the objective of our policy is to ensure that all Personal Data which we process is:

  • Processed fairly, lawfully and in a transparent manner;
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary;
  • Accurate and, where necessary, kept up to date;
  • Not kept for longer than necessary; and
  • Processed securely, maintaining integrity and confidentiality.

Your Responsibilities as Data Submitter

When sharing Personal Data with us, you can assist us with protecting your privacy as follows:

  • When submitting content for translation, certification, etc, make sure that you inform us when it contains Personal Data and especially when it contains sensitive Special Category Data.
  • When submitting content which contains Personal Data, use our online forms (where uploaded documents are immediately encrypted and transmitted securely) in preference to email or potentially unsecure means.
  • When submitting content which contains Personal Data relating to another person, make sure that you have acquired this data lawfully and that you are authorised to disclose it to us, especially in the case of sensitive Special Category Data or Personal Data relating to children. If you need assistance with this, contact us, and we will help you ensure that all processing is properly authorised and lawful.
  • If you have content which contains Personal Data, consider redacting this data, especially for the purpose of obtaining a quotation.
  • For additional security when redaction is not feasible, consider protecting your documents with passwords before uploading them (PDFExternal link (opens in new tab), Office DocumentsExternal link (opens in new tab), RAR foldersExternal link (opens in new tab)). In our acknowledgement of your Customer Enquiry, we will send you instructions so that you can send these passwords to us by SMS (please note: use strong passwords of at least 8 characters, containing random letters and numbers; Do not use this password for any other purpose).
  • Inform us immediately if you have any reason to believe that a Data Breach may have occurred in relation to any Personal Data which we are processing.

Data Protection Laws

The principal law governing this policy is Regulation (EU) 2016/679 of 27 April 2016 (EU GDPR)External link (opens in new tab):

  • where there is any omission, ambiguity or lack of clarity in this policy, the provisions of the EU GDPR shall apply;
  • except where otherwise and specifically defined for the purposes of this policy, all terms and concepts used in this policy shall have the meaning given to them under the EU GDPR;

Validity of this Policy

When we send the Data Submitter a quotation in response to the request submitted by the Data Submitter, we will include a New privacy policy in relation to the collection And processing of data required to provide Our Services in the event that the Customer wishes to proceed. This New privacy policy will only apply following the Data Submitter’s acceptance of the quotation and/or explicit consent of the Data Subjects (as appropriate).

Unsolicited submissions of personal data

Personal Data which is communicated to us upon the initiative of the submitter for any purpose other than obtaining commercial information about our services will be considered unsolicited data (in particular, Personal Data included in unsolicited CVs or other unsolicited commercial offers). Such data is not covered by this policy,

Where we receive unsolicited data, we will either, within 60 days of receipt:

  • Respond, providing the privacy policy which will apply to our continued processing of this personal data; or
  • Without any notification, delete the personal data in question without any further processing.

What Personal Data we collect

By submitting the Customer Enquiry Form, the Data Submitter will be providing us with the following Personal Data for processing

  • Email address of the Data Submitter (required field in online form)
  • IP address of the Data Submitter (collected automatically)
  • Data Included in Submitted Content And submitted by the Data Submitter (optional field in online form).
  • Additional Supporting Data (specifically requested of the Data Submitter during Or subsequent to receiving the Customer Enquiry). This data may include name, address And other contact details, nationality, place of residence, tax reference numbers.
  • Data Included in Submitted Content

    Although we treat all information in documents and other content submitted for quotations as confidential information, we may not specifically treat it as containing Personal Data as follows

    • where, by checking the respective checkbox on the Customer Enquiry Form, the Data Submitter gives indication that the submitted documents do Not include personal data.
    • And where, by the nature of the request, it would not be reasonable to assume that the documents might contain personal data.

How we use Personal Data

  • Email address of the Data Submitter

    We will use the Data Submitter's email address and the information indicated by this email address to process and appropriately respond to the Submitter's specific request for a quotation and to communicate with the Submitter in relation to this request.

    • Lawful basis for processing: in order to take steps at the request of the data subject prior to entering into a contract.
  • IP address of the Data Submitter

    We use the IP address to obtain an indication of the Data Submitter's location (country and town/city) in order to process and respond appropriately to the specific request for a quotation.

    • Lawful basis for processing: in order to take steps at the request of the data subject prior to entering into a contract.

    We may use the IP address and information obtained based on the IP address for the purpose of preventing the fraudulent or unlawful use of our services.

    • Lawful basis for processing: legitimate interest.
  • Data Included in Submitted Content | Additional Supporting Data

  • We use Data Included in Submitted Content and Additional Supporting Data for the purpose of obtaining and providing the Data Subject with information on translation, certification, legalization, visa assistance and other services involving the submitted data).

    • Lawful basis for processing: in order to take steps at the request of the data subject prior to entering into a contract.

    We may carry out Processing of Data Included in Submitted Content and Additional Supporting Data for the purpose of detecting, preventing and mitigating acts which we deem as potentially fraudulent, unlawful, harmful to our interests or reputation or in breach of our terms of business, and also as necessary to comply with any legal obligations to which we are subject.

    • Lawful basis for processing: legitimate interests / legal obligation.

Further processing

With the exception of Data Included in Submitted Content and Special Category Data in particular, which shall be subject to no further processing, we may also use Collected Data for internal statistical purposes, to produce aggregated statistics about the use of our website and customer enquiries, about market trends and about the evolution and performance of our business. Further processing will take place with respect for the principle of data minimisation and without any permanent link to data that would allow identification of any particular natural person.

How we share Personal Data

We may share personal data with external service providers in order to take steps which allow us to process and respond to your request to receive a Quotation, as follows:

  • Data Submitter's email address

    • with providers of email services for the purpose of delivering email communications on pre-contractual matters related to the Customer Enquiry.
  • Data Submitter's IP address

    • with providers of IP geo-location services for the purpose of obtaining data about your location and fraud prevention.
  • Data Included in Submitted Content | Additional Supporting Data

    • We may share this data with external service providers and public agencies (including translation agencies and translators, notaries, solicitors and law firms, other providers of legal services, government authorities, embassies and consulates, and other agents) exclusively and only as strictly necessary in order to provide the Data Subject with relevant or requested information prior to entering into a contract.

    Other circumstances where we may disclose personal data:

    We may disclose Personal Data which we are processing:

    • to state or judicial authorities where disclosure is unavoidable in order to comply with a requirement, obligation, instruction or duty to which Isarey is subject under the law.
    • to state or judicial authorities or to third-party legal advisors where disclosure is strictly necessary and proportionate in order to protect ourselves from acts and circumstances which we deem as potentially fraudulent, unlawful or harmful to our interests or reputation.

    In cases where we do disclose personal data:

    • We require all appointed Data Processors to process your data in accordance with the law and require that processing is limited to the purposes specified in this privacy policy
    • We respect the principle of data minimisation at all times and will limit disclosure to personal data that is necessary to fulfil the instructed purpose;
    • Where possible, and particularly in pre-contractual contexts, we use techniques of pseudonymisation (ensuring respectively that the data can no longer be attributed to a specific data subject without the use of additional safeguarded information) or anonymisation (redacting all personal data from a disclosed document) to minimise disclosure.

International transfers

Where necessary for the purpose of data processing and where also compatible with the lawful basis of processing, personal data may be processed by appointed Data Processors in countries outside of the European Economic Area and may also be transferred to international organisations (including embassies or consulates representing non-EEA countries, even where within EEA territory) subject to at least one of the following safeguards:

  • the country where data processing takes place Is a country which the European Commission has decided ensures an adequate level of protection;
  • the transfer is subject to standard data protection clauses adopted Or approved by the European Commission;
  • the transfer is subject to an approved code of conduct together with binding And enforceable commitments of the processor to apply the appropriate safeguards, including as regards data subjects' rights.
  • If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.

In other cases, on an exceptional basis, we may transfer personal data to a non-EEA country or International Organisation where it is not feasible to apply one of the above safeguards, provided that at least one of the following conditions is met:

  • the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers;
  • the transfer is necessary for the implementation of pre-contractual measures taken at the request of Data Subject;
  • the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person; or
  • the transfer is necessary for Isarey to establish, exercise or defend legal claims.

How long we keep Personal Data

  • Collected Data:

    • Data Submitter's email address
    • Data Submitter’s IP address
    • Data Included in Submitted Content and Additional Supporting Data

    Unless you decide to proceed with the work that is the object of the Customer Enquiry (in which case the data retention periods specified in the quotation will apply), we will retain this data for as long as we require it to respond to the request (no longer than 30 days) and subsequently for the period for which the quotation remains valid (usually 3 months, but as specified on the quotation we provide).

    In the meantime, we will erase this data from our systems within 30 days of receiving notification from the Data Submitter as follows:

    • that, in the capacity of Data Subject, the Data Submitter chooses to exercise their right to erasure or withdraw consent for the processing of Special Category Data with respect to data which is integral to the pre-contractual process; or
    • that the Data Submitter does not wish to proceed with the quoted work or does not wish to receive a quotation
  • Uploaded files

  • Where documents are uploaded to our server, but the form is not subsequently submitted, the documents will be automatically erased as soon as the "cancel" button is clicked or the user navigates away from the page. In the meantime, while on our server the documents remain encrypted and inaccessible to us or any other party.

How we store Personal Data

Except where otherwise stated, our Personal Data will be stored and processed by us in the European Economic Area. All Personal Data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. These measures include, as appropriate, the pseudonymisation and encryption of personal data, and other measures to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services.

Your rights

Where you are the Data Subject (the personal data relates to you), you have the following rights:

  • You have a right to be informed about the collection and use of your personal data

    Information on the collection and use of your personal data is provided in this privacy policy, which is available on our website, and can also be obtained by contacting us.

  • You have a right to access your personal data

    You have a right to obtain confirmation that we are processing your personal data and to receive a copy of your personal data.

    You also have right to obtain confirmation and information as regards:

    • the purposes of our processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient that we have disclosed your personal data to;
    • the periods for which your personal data will be retained and our policies on retention and deletion;
    • how you may request rectification, erasure or restriction of your personal data or to object to its processing;
    • the safeguards provided if we transfer your personal data to a country outside the European Economic Area or to an International Organisation.
  • You have a right to rectify your personal data

    Where your personal data is inaccurate or incomplete, you have the right to have this rectified.

  • You have a right to erase your personal data

    You have the right to have personal data erased. This applies where its processing and retention is no longer necessary for the purpose for which it was originally collected or processed, or where it is being processed based on your consent and you wish to withdraw this consent.

    Your right of erasure does not apply where your data was obtained lawfully and where:

    • its erasure would prevent us from complying with a legal obligation; or
    • its erasure would prevent us from the establishment, exercise or defence of a legal claim.
  • You have a right to restrict the processing of your personal data

    You have a right to restrict the processing of your personal data in certain circumstances under the law.

  • You have a right to data portability

    You have a right, in certain circumstances under the law, to obtain and reuse personal data which you have provided to us.

  • You have a right to object

    You have a right to object to the processing of your personal data in certain circumstances under the law. This right is applicable only where we are processing data based on your consent.

  • You have a right to be informed in the event of a Data Breach

    You have a right to be informed, directly and without undue delay, in the event of a Data Breach affecting your personal data where this breach is likely to result in a high risk to your individual rights and freedoms.

How to exercise your rights

Where we are acting only as Data Processor (i.e. your data was submitted to us by another entity for processing), you should, in first instance, contact the person who is Data Controller (i.e. the entity who submitted your personal data to us).

Otherwise, all requests and inquiries in relation to the processing of your data and your rights under this policy may be addressed to:

By Post:

Data Protection Officer
Isarey Language Services SL
Apartado 130; 48110 Bizkaia; Spain

By Email:

personaldata@isarey.eu

We will respond to requests within 30 days, either fully complying or setting out the lawful reasons why we are not complying or only partially complying.

Upon submission of a customer inquiry on our website, you will be provided with a reference code which should be quoted in all requests related to your personal data. While we will also respond to valid requests which omit this reference, providing us with the reference will help us in ensuring a speedy and proper response.

Depending on the type of request and the data involved, we may require verification of your email address and/or identity and verification of the authenticity of the request.

Requests which result in the erasure of personal data or a restriction in its use may prevent us from responding to your Customer Enquiry.

Special Category Data (sensitive data)

We do not purposefully collect or process Special Category Data, but it is the nature of our work and Our Services that you may ask us to translate or otherwise process documents and content which contain Special Category Data or personal data relating to criminal convictions and offences. In this respect, we only process Special Category Data according to the instructions and purposes of the Data Submitter and do not extract it for any other purpose.

We do not disclose Special Category Data supplied as part of a customer inquiry to any Third Party for any reason, except in cases where disclosure is our legal obligation or where, on an exceptional basis, disclosure to an appointed Data Processor is absolutely necessary in order to respond to the Customer Inquiry. In this latter case, we will seek the Data Subject’s explicit and specific consent and only proceed with the disclosure where this consent is given.

You are advised, as a matter of good practice, to redact documents containing Special Category Data (to remove this data or to make the documents anonymous), in particular for the purpose of making a Customer Enquiry.

Your responsibility to declare Special Category Data

When submitting, uploading, sending or otherwise disclosing documents to us, you are asked to declare to us whether they contain Special Category Data so that we can seek your explicit consent to its processing and ascertain that processing has lawful basis.

In the event that you fail to declare the inclusion of Special Category Data:

  • the Data Submitter agrees to defend, indemnify and hold Isarey and its Subprocessors harmless from any claims based on unlawful processing of submitted data which results from its inappropriate categorisation;
  • we will erase all such data that we find, as soon as we become aware of it and request resubmission of the documents following your explicit consent.

Special Category Data related to another person

If any document or other content which you submit, upload, send or otherwise disclose or make available to us contains Special Category Data referring to another Data Subject, it is the responsibility of the Data Submitter:

  • to declare the existence of Special Category Data;
  • to apply appropriate measures of data minimisation prior to its disclosure;
  • to ensure that the disclosure of this data to Isarey is lawful and, where required by law, has the explicit consent of the Data Subject.

Personal Data related to Children

Particular care must be taken in the case of any Personal Data relating to children. Consent must be obtained from the child's parent or guardian and consideration must be given to whether the Processing of a child's Personal Data is in the child's interest.

Inquiries and Complaints

If you have any questions, concerns, comments or complaints about our privacy policy or our processing of Personal Data, please contact us by email at personaldata@isarey.eu.

If you remain unsatisfied with our response to your complaint or inquiry, and wish to take the matter further, you may contact:
Spanish Data Protection Agency (AEPD) External link (opens in new tab).

REF: BAC77E67EFF18D884DE2F84AF31C4E676F26A4FE2377D2273A466C7D8DF8A6A9

VERSION: 1/1/57/EN

VALID FROM: Monday, October 14, 2024