Lingo Service Client Confidentiality
Lingo Service Translations Ltd understands the importance of confidentiality for all our clients. All assignments are treated with utmost confidentiality and we are committed to ensuring that your privacy is protected.
Protection of Client Names and Contact Details
Client names and addresses are disguised by our project managers before the documents are assigned to our professional translators and linguists.
We are committed to ensuring that your information is secure and take all reasonable and appropriate measures to protect your data. We have put in place strict procedures to safeguard the information we collect online.
Links to other Websites
Our website may contain links to other websites. Once you have used these links to leave our site, then we do not have any control over that other website and we cannot be held responsible for the protection and privacy of any information that you provide whilst visiting such sites and they are not governed by this privacy statement.
Lingo Service Translations GDPR Policy – Third Parties & Suppliers
This Policy has been designed to assist in managing confidential information that might be present in the translation content managed by Lingo Service Translations. The overall risk includes the following factors:
- Failure to identify the information and related assets that must be protected;
- Failure to protect information from unauthorised disclosure, modification, or corruption and systems being compromised
- Failure to detect a breach or malicious attack on Lingo Service Translations information or systems;
- Failure to respond to a breach or malicious attack on Lingo Service Translations information or systems;
- Failure to recover from a breach or malicious attack on Lingo Service Translations information or systems;
- Failure to manage Information Security and Cyber risk with suppliers and 3rd parties.
In addition, this Policy has been designed to support compliance with the following legislation and/or regulations:
- Data Protection Act 2017 (The Seventh Principle);
- General Data Protection Regulation (EU) 2016/679.
Lingo Service Translations’ Obligations to Freelancers:
In order to correctly and effectively distribute translation/interpretation projects to our network of freelancers, we are required to hold certain personal information relating to the nature of the work being completed. Information we hold about your person may include articles such as:
- Contact details (including, but not limited to: telephone numbers, e-mail addresses, physical addresses) in order to make contact with you to distribute project work
- Names and surnames in order to identify you
- Details of past work completed for Lingo Service Translations as part of our quality checking process
- CVs and other recruitment information necessary to select the appropriate linguist for the appropriate task, such as qualifications, and covering letters where necessary
- Banking details – in order to ensure correct and efficient payment for project completion
The information we hold on you may be stored electronically within our database, and you may from time-to time be made reference to in company literature. You may also be personally identifiable by the work you have carried out for Lingo Service Translations in the past.
Lingo Service Translations will store and process the aforementioned information for the purposes of administering and maintenance of past, present, and future project work for a period of 2 years after last contacting you.
You have a right to make a written request for the details of personal information held, free of charge unless your request is excessive or labour intensive in nature.
Details on how to make a written request for details on the personal information we hold can be found on our Subject Access Request Policy and Procedure.
The above is in-line with your rights as specified in the GDPR.
The General Data Protection Regulation (GDPR) Policy for Third Party Suppliers Policy supports our vision of being the best, most accurate, and fastest LSP, and of providing customers with reliable and accurate translations by:
- Preventing the unauthorised disclosure of customer information;
- Protecting the integrity of customer information
- Ensuring the availability of services and information to meet customer needs.
Lingo Service Translations has a moral, legal and regulatory responsibility to protect, preserve and manage the confidentiality, integrity and availability of company Information and all supporting processes, applications and systems.
This extends to activities carried out for or on behalf of Lingo Service Translations. Meeting the requirements in this Policy will protect against reputational damage. The Supplier must prevent:
- Any unauthorised use, alteration or destruction of company information by any supplier or any approved subcontractor; and
- The introduction of any Malware into the company Infrastructure by any supplier or any approved subcontractor.
The Supplier must obtain prior approval from the Lingo Service Translations where it needs to hold company information on any portable device in any media (including but not limited to a laptop, CD, USB memory stick, backup tapes and all other similar media). Where approved the Supplier must encrypt the information in accordance with good industry practice and in accordance with company requirements as notified to the Supplier from time to time.
The Supplier must not introduce or permit the introduction of any Malware into, or spamming or denial-of service attack against, any company infrastructure which is intended by any person to, or is likely to:
- Impair the operation of any such infrastructure;
- Cause loss of, or corruption or damage to, any program or data held on such infrastructure; or
- Damage the reputation of Lingo Service Translations or any other Associated Company.
If Malware or a vulnerability is introduced on to Lingo Service Translations systems by a supplier or sub-contractor, the supplier must reimburse Lingo Service Translations for the costs and expenses that arise as a consequence of Lingo Service Translations taking all actions required to remediate the vulnerability. The Supplier must:
- Restrict access to Lingo Service Translations Information and Lingo Service Translations Records in any shared environment such that any person who is not authorised by Lingo Service Translations to do so, may not gain access; and
- Ensure that any Lingo Service Translations Information and Lingo Service Translations Records stored on the supplier’s systems are logically separated from the Supplier’s own data and the data of any third party.
Suppliers must implement security measures that include the following security controls at a minimum:
- Measures to protect the confidentiality, integrity and availability of Lingo Service Translations Information (including details of storage, physical security, handling, transportation and destruction);
- Controls to detect any security incident/breach of the security measures by the supplier and/or approved subcontractor employees;
When undertaking new or additional services, the supplier must update their security measures to the extent necessary so that it takes into account any specific security requirements in relation to the provision of the applicable services or; If the company reasonably believes that the security measures are inconsistent with the company GDPR Policy.
Security Incident Management:
The Supplier must implement a password policy for systems and application under the Supplier’s management as agreed.
Data Security, Logical & Physical Access Control:
The Supplier must not access Lingo Service Translations Infrastructure and/or Data on the company infrastructure and/or access company owned assets without the prior written consent of the company. Where consent is given the following minimum security measures must be applied to ensure access to company information is restricted to the minimum level necessary for individual role responsibilities to be discharged. The supplier must ensure:
- Supplier employees or sub-contractors use the company supplied Users IDs and that secret authentication information (e.g. passwords, PINs) and security tokens are protected and not shared with any other individuals;
- Supplier employees or sub-contractors do not transmit company information from the company’s infrastructure to the supplier’s infrastructure prior without written consent from the Lingo Service Translations;
- Supplier employees or sub-contractors comply with company policies where supplied with company owned equipment;
LINGO SERVICE TRANSLATIONS INFORMATION & CYBER SECURITY POLICY THIRD PARTY SUPPLIER SUMMARY
The following must be implemented by third party suppliers:
- Processes (i.e. leavers processes) are in place to identify supplier employees or sub-contractors who no longer require access (i.e. job role changes, leavers) to company systems;
- Timely notification to Lingo Service Translations of supplier employees or sub-contractors who no longer need access to company systems to perform their role including the return of any company property, e.g. ID cards, laptop, secure token;
- Supplier employees or sub-contractors are made aware that Lingo Service Translations may monitor use of systems.
Storage and Destruction of Company Information:
The supplier (any individual or organisation whom provides a product or service to Lingo Service Translations) must protect all company information (held by supplier employees or approved subcontractors in any form) by adopting a ‘clear desk’ policy and disposing of company information securely by treating it as confidential waste.
The supplier must ensure that any company information held by the supplier or an approved subcontractor is disposed of in a manner which protects the confidential nature of Lingo Service Translations information.
Termination and Decommissioning At the end of the Term (for whatever reason):
The supplier must ensure that company information assets are returned or destroyed appropriately as agreed with Lingo Service Translations. Any continued use of the information assets must be formally agreed with the company and covered by an appropriate contract.