Etymax Privacy Notice
Etymax (“we”, “us”, “our”) is committed to ensuring the security and protection of the personal information that we process, and to be vigilant and compliant in our approach to data protection. We operate in accordance with the UK GDPR and the Data Protection Act 2018. This policy explains how we collect, handle and protect your personal data, in line with the guidance set out by the Independent Commissioner’s Office (ICO).
Who we are:
6 Bickels Yard
151-153 Bermondsey St.
London SE1 3HA UK
Tel: +44 (0)20 7089 9098
What type of personal information we hold and how we collect it:
We collect personal information about vendors and employees during the application and recruitment process. This information is received directly from candidates. We may sometimes also collect information via third parties including former employers, recruitment agencies or professional organisations who you have given permission to pass your information on to us. The type of information held could include your name and contact details, payment account and work or qualification history.
If you are a client, we may also collect and process personal information about you in connection with job-related activities, carried out under contract with us. This includes your name and place of work.
Why we collect and hold personal information:
Our reasons for collecting personal information are as follows:
- To maintain a database of resources for the function of our business and to provide services to our clients.
- To comply with our responsibilities as an ISO 17100:2015 certified translation service provider.
- To maintain our own accounts and records
- To comply with tax obligations
- To comply with employment-related legal obligations
- To fulfil the obligations set out in our contract with you (e.g. to pay you for services), or to prepare to enter such a contract with you.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
- Your consent, as described in our Vendor Service Agreement. You are able to remove your consent at any time by contacting us at firstname.lastname@example.org. However, we may still continue to process your information on the basis of the below. We will let you know if this is the case, when you contact us to withdraw your consent.
- We have a contractual obligation to fulfil.
- We have a legitimate interest (reason) to do so, which does not compromise your own rights and interests.
How we protect your personal information:
Your personal data is treated as strictly confidential and is securely stored and processed in accordance with the GDPR principles as presented in GDPR Article 32 which stipulates the following technical and organisational requirements to ensure the security of personal data:
- encryption of personal data.
- measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- measures to ensure the data is accurate and complete in relation to why it is being processed.
- measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
- a process for regular testing, assessment and evaluation of the effectiveness of the TOMS for ensuring the security all data processing.
A document detailing our current Technical and Organisational Measures is available on request.
Personal data is processed on a strictly need-to-know basis, by:
- Etymax employees who have a legitimate need to access this information, to carry the services of our business.
- our UK-based, accountancy support service, who assist us in carrying out our obligations to HMRC.
- our recruitment team, for verification of qualifications and memberships, and to perform other background screenings.
- senior management, to satisfy other legal or regulatory obligations.
All Etymax employees who handle personal data receive regular GDPR training, to reinforce awareness of data security procedures and to ensure that security practices are up to date.
Personal data is stored in a UK data centre implementing an ISO/IEC 27001 compliant Security Management System.
We will keep your personal data for no longer than reasonably necessary for our ongoing business relationship, for record keeping or regulatory purposes, and in case of any legal claims or complaints. We will then dispose of your information by permanent deletion from our server. As part of our commitment to keeping your data safe, Etymax has implemented paperless record keeping since March 2020. Etymax will not print out or make copies of your personal information. Paper records compiled before this time are destroyed after a period of six years since our last contact with you, or at your request, whichever is sooner. Destruction of hard-copy data is carried out by our dedicated GDPR compliant waste-management company, in a BS15713-accredited facility.
We will never sell your personal information to other organisations.
Your data protection rights:
Under data protection law you have rights over any personal data we hold about you, including:
- Your right of access – You have the right to request copies of your personal information.
- Your right to rectification – You have the right to request that we rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to request that we erase your personal information in certain circumstances.
If you make a request, we will respond to you within 30 days. Please contact us at email@example.com if you wish to make a request.
How to complain:
We will work with you to resolve any concerns you may have regarding our use of your personal data. You can make a complaint verbally or in writing. Our full contact details can be found in the “Who we are” section above. We will respond to you as soon as possible, and no later than 30 days from receipt of your complaint.
You can also complain to the ICO if you are unhappy with our handling of your data or any complaint arising thereof.
The ICO’s address is:
Information Commissioner’s Office
Cheshire SK9 5AF
Helpline number: 0303 123 1113