2. Category of data collected: The personal data collected through the Website are in no case considered special categories of data.
The personal data required in the quotation request forms are: name, surname(s), company (optional), telephone and email. The personal data requested in the form to collaborate as a T2T8 supplier or to send the Curriculum Vitae are: name and surname(s), date of birth, nationality, postal address, telephone, email and professional data.
The personal data requested in the form to leave a comment on any blog post are: name, email and website (optional).
If the data provided are erroneous, inaccurate or incomplete, T2T8 will not be able to carry out the processing referred to hereunder.
3. Purpose and lawful basis for the processing of personal data: T2T8 will process the personal data collected through the Website for the following purposes and lawful bases of processing:
3.1. In the event of contracting any of T2T8’s services: The purpose of the processing will be the commercial and administrative management of the order made, which includes maintenance of the contractual relationship, as well as the administration, information, provision and improvement of the service, dealing with any type of incident, processing payment of the service and maintaining contact for any aspect related to the order and its follow-up.
Such processing is based on the performance of a contract or pre-contract to which you are a party as a data subject.
3.2. In the event of requesting information through any of the forms on the Website or by email: The purpose of the processing will be to meet any of your requests for information.
Such processing is based on T2T8’s legitimate interest in fulfilling the request.
3.3. Data processing of the “Join Us at Time to Translate” form: The data provided through the “Join Us at Time to Translate” form (full name, Tax ID, address, email, date of birth, telephone and professional data), as well as any other data provided through the Curriculum Vitae that the data subject decides, if applicable, to send to T2T8, will be processed for the purpose of allowing the data subject to collaborate with T2T8 for the provision of the services offered by T2T8 or to take part in any potential personnel screening processes of T2T8, performing an analysis of the candidate’s profile to determine whether they fit the needs of T2T8.
Such processing is based on informed, free, specific and unequivocal consent by ticking the corresponding check box.
3.4. Sending commercial communications and promotional actions: If you have contracted any of T2T8’s services, your data may be processed in order to send commercial communications or to contact you by telephone to offer you T2T8’s services, provided that you have not objected to this at the time your data were collected or at any time thereafter.
Such processing is based on the legitimate interest of the data controller for direct marketing purposes.
If you have not contracted any of T2T8’s products and/or services, your data may be processed for the purpose of sending you commercial communications or contacting you by telephone to offer you T2T8’s services, provided that T2T8 has your informed, free, specific and unequivocal consent, by means of a clear affirmative action, such consent serving as the lawful basis for such processing.
3.5. Segmentation for commercial purposes: Segmentation is a practice consisting of establishing user profiles to send the requested information in a more personalized way and in accordance with the users’ interests.
Similarly, if you have consented to receive commercial communications, such segmentation will allow these communications to match the interests shown by the user.
Under no circumstances will such profiling involve automated individual decisions that produce legal effects on you or significantly affect you in any similar way.
The lawful basis for such processing is T2T8’s legitimate interest in direct marketing.
We remind you that you are entitled to object to such segmentation processing for commercial purposes at any time.
3.6. If you leave a comment on the blog: Your data will be processed to moderate and publish your comment on the blog with your name. Under no circumstances will your email address or web address be published.
The lawful basis is T2T8’s legitimate interest in fulfilling your request to post a comment.
4. Data processing as Data Processor: If you send T2T8 any document containing personal data for which you are responsible in order to request a quote, you or the company you represent (hereinafter the Client) will be the Data Controller of such data as you decide how and for what purpose the data contained in such document will be processed.
4.1. Purpose of the processing order: By contracting the services of T2T8, you authorize T2T8 to process the personal data necessary to provide the T2T8’s services on behalf of the Client.
The processing will consist of the possibility of accessing the information related to the personal data contained in the documents provided by the Client to T2T8.
4.2. Identification of the information concerned: For performance of the services, the Client provides T2T8 with the information related to the personal data contained in the documents on which T2T8 works. Such data may be anonymized.
4.3. Duration: Access to personal data for which the Client is responsible will occur as long as the contracting of T2T8 services is in force. Upon termination of the service for any reason, T2T8 will erase the personal data collected.
4.4. Obligations of T2T8 as data processor: T2T8 and all its personnel undertake:
a. To use the personal data to be processed solely and exclusively for the purpose of the service contracted. Under no circumstances may the data be used for T2T8’s own purposes.
b. To process the data in accordance with the Client’s instructions.
If T2T8 considers that any of the instructions infringe the General Data Protection Regulation (GDPR) or any other data protection provisions of the Union or the Member States, it will immediately inform the Client.
c. To keep a written record of all categories of processing activities carried out on behalf of the Client, containing:
– The name and contact details of T2T8 and of each data controller for whom it acts.
– The categories of processing carried out on behalf of each data controller.
– Where applicable, transfers of personal data to a third country or international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second paragraph of Article 49(1) of the GDPR, documentation of appropriate safeguards.
– An overview of technical and organizational security measures relating to:
i) Pseudonymization and encryption of personal data.
ii) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
iii) The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
iv) The process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of the processing.
d. Not to disclose data to third parties, except with the express authorization of the Client, in the legally admissible cases.
T2T8 may disclose the data to other data processors of the same data controller, in accordance with the Client’s instructions. In this case, the Client will identify, in advance and in writing, the entity to which the data must be disclosed, the data to be disclosed and the security measures to be applied in order to proceed with such disclosure.
If T2T8 is required to transfer personal data to a third country or an international organization under applicable Union or Member State law, it will inform the Client of this legal requirement in advance, unless such law prohibits it for important reasons of public interest.
e. The Client expressly and in general authorizes T2T8 to subcontract to a third party (subcontractor) the performance of any data processing entrusted to it by reason of the contracted services. In the event of using a sub-processor to carry out certain processing activities on behalf of the Client, T2T8 will impose on said sub-processor the same obligations as those stipulated herein (by signing the relevant data processing contract), and in particular, the provision of sufficient guarantees of implementation of appropriate technical and organizational measures so that the processing complies with the provisions of the GDPR. Should the sub-processor fail to comply with its data protection obligations, T2T8 will remain fully liable to the Client for compliance with the sub-processor’s obligations.
f. To maintain the duty of secrecy with regard to personal data to which it has had access by virtue of the provision of the service, even after the purpose thereof has concluded.
g. To ensure that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed.
h. To keep at the Client’s disposal the documentation proving compliance with the obligation laid down in the preceding section.
i. To ensure the necessary training in the protection of personal data of the persons authorized to process personal data.
j. To assist the Client in responding to the exercise of the rights to access, rectification, erasure and objection, restriction on processing, data portability, not to be subject to automated individualized decisions (including profiling), when the affected persons exercise such rights.
k. T2T8 will notify the Client, without undue delay, and in any case within 72 hours by email, of any breach of security of the personal data in its care of which it becomes aware, together with all relevant information for the documentation and communication of the incident.
Notification is not required when such a breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons.
If available, at least the following information will be furnished:
a) A description of the type of personal data security breach, including, whenever possible, the categories and the approximate number of data subjects affected, and the categories and the approximate number of personal information records affected.
b) The name and contact details of the data protection officer or other contact point where further information can be obtained.
c) A description of the possible consequences of the personal data security breach.
d) A description of the measures adopted or proposed to remedy the personal data security breach, including, if applicable, the measures adopted to mitigate possible negative effects.
Insofar as it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
It is the Client’s responsibility to report data security breaches to the Data Protection Authority and to data subjects, when the breach is likely to pose a high risk to the rights and freedoms of natural persons.
l. To provide support to the Client in carrying out prior consultations with the supervisory authority, when appropriate.
m. To make available to the Client all information necessary to demonstrate compliance with its obligations, as well as for audits or inspections carried out by the Client or any other auditor authorized by the Client.
n. In any case, T2T8 will implement mechanisms to:
a) Ensure continued confidentiality, integrity, availability and resilience of data processing systems and services.
b) Restore availability and access to personal data quickly, in the event of a physical or technical incident.
c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to guarantee the security of the processing.
d) Pseudonymize and encrypt personal data, if applicable.
o. Upon completion of the service, cease access to the data and, if appropriate, return the personal data and media on which they are stored to the Client, with the total erasure of the existing data on the IT equipment used by T2T8. However, T2T8 may keep a copy, with the data duly blocked, for as long as liabilities may arise from the performance of the service.
4.5. Obligations of the Client: It corresponds to the Client:
a. To make available to T2T8 the data necessary for the provision of the contracted service.
b. It is the Client’s responsibility to provide the right to information at the time of collecting the Trademarks data.
c. To carry out, where appropriate, an assessment of the impact on the protection of personal data of the processing operations to be carried out by T2T8, as well as prior consultations with the corresponding supervisory authority.
d. To ensure, prior to and throughout the processing, compliance with the GDPR by T2T8.
e. To supervise the data processing, including inspections and audits.
5. Personal data storage: The personal data provided will be stored for as long as there is a mutual interest in maintaining the purpose of the processing and for the legal period for which liabilities may arise for the services provided.
When no longer required for such purposes, the data will be erased with appropriate security measures to ensure the pseudonymization of the data or the total destruction of the data.
6. Recipients: The data will not be disclosed to any third party outside T2T8, except by legal obligation or with the express authorization of the person concerned.
As data processors that may have access to the personal data of the data subject, within the framework of the business activity it carries out, T2T8 has contracted the services of companies or service providers with which it has signed a data processor contract in accordance with the provisions of the applicable data protection regulations.
7. International Transfers: T2T8 will not carry out international data transfers.
8. Rights: As a data subject who provides their personal data to T2T8, you are fully entitled to exercise the following rights that the regulations on data protection afford you:
– The right to revoke at any time the consent you have given if that is the lawful basis for the processing.
– Right to access your personal data.
– Rights to request the rectification of inaccurate data.
– The right to request the erasure of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
– In certain circumstances, you may request the restriction on processing of your data, in which case we will only keep them for the exercise or defence of claims.
– In certain circumstances and for reasons related to your specific situation, you may exercise your right to object to the processing of your data. We will cease processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
– In certain circumstances and for reasons related to your specific situation, you may request your right to data portability.
– You may exercise such rights by sending a communication to the postal or email addresses indicated above.
9. Confidentiality, security and updating of personal data: The data collected through the Website will be processed with the utmost care and confidentiality by T2T8 and by all the personnel under its charge and those data processors that, if applicable, intervene in any of the processing stages.
To safeguard the security of the personal data provided, we inform you that all the necessary technical and organizational measures have been adopted to guarantee their security and avoid their alteration, loss, and/or unauthorized processing or access, as required by law, although absolute security does not exist.
In order for us to keep your personal data up to date, it is important that you inform T2T8 of any changes to your personal data.
If this document is translated into any language and there is a contradiction with the original Spanish version, the latter will prevail.