Personal data and confidentiality

General Conditions of Services (GCS) relating to personal data and confidentiality

Personal data

Personal data of third parties

In order to perform the order, and generally during its various exchanges with the Client, TRADUTEC, hereinafter referred to as the Company, may receive personal data from third parties, hereinafter referred to as the Data.

This Data may be included in the documents to be translated, or in any other document communicated by the Client. The Data may relate to any natural person and be of any nature such as: surname, first name, age, profession, address, telephone number, etc. Some of this Data may be particularly sensitive, in particular that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual life or sexual orientation, health, offences or convictions of any kind, particularly criminal.

The Client guarantees the Company that it has obtained the valid consent of the persons whose Data is cited in the documents provided to the Company, and that it has informed them of their rights in its capacity as data controller. The Company, in its capacity as a subcontractor, shall not be bound by any obligation in this respect, and its liability shall not be incurred if the processing requested by the Client is unlawful. If, due to the Client’s fault, the Company’s liability is incurred on the basis of Data processing, the Client shall indemnify the Company for the amount of the compensation required.

The Company is authorised to process said Data on behalf of the Client in order to carry out the following services:

  • translate the documents and/or content submitted to it by the Client and/or
  • legalise/certify or provide a sworn translation of a document entrusted by the Client and/or
  • take part in an interpreting assignment and/or
  • participate in any other linguistic type mission on the Client’s order.

In order to carry out said services, the Company is required to process the Data, in particular to receive, consult, modify, copy, save and/or restore the Data. Furthermore, in the context of the performance and follow-up of the order, the Company is authorised to subcontract all or part of the processing of the Data to a third party of its choice, whether this third party is located in the European Union or outside the European Union. Whilst the order is being carried out, and as long as the Company remains in possession of the Data, the Company undertakes in its capacity as a subcontractor to:

  1. to communicate its information systems security policy on the Client’s request,
  2. implement all technical and organisational measures to guarantee the maximum level of security, taking into account the sensitivity of the Data, the risk involved and the state of technical knowledge,
  3. to process the Data only on the basis of documented instructions of the Client and in accordance with such instructions, particularly in the case of transferring such Data to another country of the European Union or to a third country outside the European Union,
  4. to inform the Client immediately if one or more of the their instructions could constitute a violation of regulatory provisions or a violation of European Union law on personal data,
  5. to only process the Data entrusted by the Client within the limits that will be defined by them on a case-by-case basis, in particular with regard to the purpose, nature, duration and purposes of processing,
  6. assist the Client insofar as possible in order to allow the persons holding such Data to exercise their rights (in particular their rights of access, rectification, deletion and opposition, their rights to limit the processing, to the portability of the Data, and their right not to be subject to an automated individual decision),
  7. inform the Client of any incident or security breach likely to affect the security and/or confidentiality of the Data without delay after its occurrence,
  8. assist the Client insofar as possible to respond effectively and promptly to a Data breach, including the obligation to use all means at its disposal to immediately inform the Client of such a breach, and the obligation to cooperate with the Client to inform the supervisory authority and the persons concerned, as well as the obligation to inform the Client of the likely consequences of such a breach and the measures to be taken to remedy it,
  9. assist the Client, insofar as possible, in the implementation of impact assessments, and during the prior consultation with the supervisory authority, with the purpose of such assessments being to determine a priori the risks that a particular processing operation may entail for the rights and freedoms of the data subjects,
  10. on the Client’s instructions and without delay, delete the Data transmitted from all media on which it appears, not to keep any copy in any form whatsoever, not to make any kind of a posteriori use of them and to provide proof of its destruction in writing,
  11. at the end of a period of 10 years from the date of performance of the order, permanently delete the Data transmitted from all media on which it appears, not keep any copy of them in any form whatsoever, and not make any kind of a posteriori use of them and provide proof of its destruction in writing, unless the EU law or the law of the Member State requires the Data to be kept for a longer period,
  12. communicate the name and contact details of their Data Protection Officer (DPO), if they have appointed one,
  13. inform the Client of the existence of a treatment register, if applicable,
  14. make all the information necessary to demonstrate compliance with the obligations arising from the present contract available to the Client, and if necessary allow an audit to be carried out for these purposes, by the Client or by any third party mandated by it.

Client’s personal data

In addition, in order to perform the order, and generally during its various exchanges with the Client, the Company may receive communication of personal data belonging to the Client’s personnel (employees, staff, managers, etc.), hereinafter referred to as the Client’s Data. The Client’s Data may be of any kind, including: surname, first name, telephone number, e-mail address, etc. As the Client’s Data is necessary for the performance of the order, it is collected and processed on the basis of Article 6, paragraph 1, point b) of EU Regulation 2016/679 of 27th April 2016, hereinafter the GDPR. The Client’s Data is collected and processed by the Company in order to:

  • process and follow up on orders,
  • inform the Client of the Company’s service offer in line with its needs,
  • find out the client’s opinion on the Company’s services.

In accordance with article 6, paragraph 1, point a), the Client consents to the Company using their Data to contact them to inform them of its offer of services and to find out their opinion on the services provided. The Company is responsible for processing the Client’s Data. As such, it can be contacted via e-mail at the following address: info ((@)) tradutec.com or by post at the following postal address: 3 rue Paul Lafargue – 92800 Puteaux – FRANCE. The Client’s Data is processed by the Company, members of its staff, and its subcontractors in compliance with the aforementioned purposes. As such, this Data may be subject to automated or partially automated processing. This Data may be transferred in whole or in part outside the European Union, and in some cases this transfer may be necessary to carry out our services. The Customer agrees that their contact details (particularly their email address) may be used to contact them for the purposes of completing the order, commercial follow-up and to find out their opinion on the services provided.

The Company does not market the Client’s Data, which is only used for the proper performance of the order. During the performance of the order and as long as the Company remains in possession of the Client’s Data, the Company undertakes to:

  • implement all technical and organisational measures to guarantee the maximum level of security, taking into account the sensitivity of the Data, the risk involved and the state of technical knowledge,
  • inform the Client of any incident or security breach likely to affect the security and/or confidentiality of the Data immediately upon its occurrence,
  • inform the Customer, where appropriate, of the further processing of their Data for a purpose other than that for which the Data was collected.

The Client benefits, by virtue of the GDPR and the law of 6th January 1978 relating to IT, data files and civil liberties, of the following rights subject to the conditions in which they can be exercised laid down by the texts:

  • the right to access, rectify, update and delete Data when it is inaccurate, incomplete, ambiguous, outdated, or when the collection, use, communication or conservation of which is prohibited,
  • the right to limit processing,
  • the right to object to processing,
  • the right to portability,
  • the right to lodge a complaint with a supervisory authority,
  • the right to withdraw consent,
  • the right to define guidelines for the storage, deletion and communication of their Data after their death.

If the Client wishes to exercise one or more of these rights, they must contact the Company by post at the following address: 3 rue Paul Lafargue – 92800 Puteaux – FRANCE. or by e-mail at the following address: info ((@)) tradutec.com. The Company undertakes to reply by e-mail or post if necessary within 14 days.

For any complaint relating to the processing of your Data, the Client may contact the National Commission of Information Technology and Civil Liberties [CNIL] located at 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. Tel: 01 53 73 22 22 (Monday to Thursday from 9am to 6.30pm / Friday from 9am to 6pm). Fax: 01 53 73 22 00. In this respect, the Client is informed that the data controller is the Company and that the Company’s Data Protection Officer is Vincent Rivalle: 3 rue Paul Lafargue – 92800 Puteaux – FRANCE.

The Client’s Data will be conserved by the Company for the time necessary to process it for the above mentioned purposes. If necessary for administrative follow-up, due to legal or regulatory requirements, or for archiving purposes, this Data will be conserved beyond the time necessary to achieve the above-mentioned purposes. In any event, the maximum conservation period of the Data is 10 years, after which the Data will be deleted.

Privacy

The Company undertakes to respect the confidentiality of Data and the Client’s Data. As part of its confidentiality obligation, the Company undertakes, for the entire period necessary for the performance of the order and for 10 years beyond this:

  • to treat Data and the Client’s Data in a strictly confidential manner, and consequently to only communicate it to persons who need to access it for the accomplishment of their missions, and who are themselves bound by a confidentiality obligation of a legal or contractual nature,
  • not to make personal use of the Data and of the Client’s Data under any circumstances,
  • to ensure the protection of the Client’s Data and Information, with the same care as it uses for the protection of its own confidential information of the same nature, and in any event by implementing an objectively sufficient level of protection.

This confidentiality obligation does not apply to Data and Client Data, and in general to information of any kind:

  • in the public domain at the time of its communication or which became part of the public domain after its communication through no fault of one of the Parties, or
  • received lawfully from a third party without a confidentiality obligation, or
  • the disclosure of which has been authorised by the Client or the disclosure of which is necessary for the performance of the order, or
  • the disclosure of which has been imposed by a legal or regulatory provision or a court decision.

Applicable law

The above provisions shall be governed exclusively by French law, both as regards their interpretation and their execution. In the event of a dispute between the Parties, the Parties agree to meet in order to find an amicable solution. In the absence of an amicable agreement within thirty (30) days, the dispute will be brought by the most diligent Party before the French courts, which have sole jurisdiction to hear this dispute. The present provisions form an integral part of the Company’s general terms and conditions of service on the date of their acceptance by the Client. They cancel and replace any provision of the general terms and conditions of service to the contrary.