Privacy Policy
Introduction
TARA values Your privacy and is committed to managing all Your personal data in a transparent, fair and lawful manner. This privacy policy (together with the Terms of Service and the Cookie Policy) sets out the basis upon which We collect, store, and use Your personal data, as well as what Your rights are, and how the law protects those rights (“Policy”). This Policy applies when You visit Our website, are in contact with Us through social media, receive marketing material from Us, enquire into or use Our services, or supply Us with services. You are a visitor of Our website, a social media contact, a recipient of Our marketing materials, a (potential) client, a freelancer or a person whose personal data are included in materials used in the provision of our services (“You”, “Your”).
1. About Us
1.1. Purpose of Policy
We aim to protect Your personal data and respect Your privacy in accordance with best practice and applicable law. This Policy aims to provide a thorough understanding of how we process personal data gathered by Us. Should We provide You with any privacy notice from time to time, that should be read in conjunction with this Policy.
When we refer to Your personal data, this includes the personal data of third parties included in information delivered to Us in the course of the provision of Our services. We do not knowingly collect data relating to underage persons. If it becomes apparent to Us that we have collected personal data relating to persons under the age of 18 (eighteen), We do Our utmost to ensure that such data is handled lawfully.
You are responsible to provide Us with personal data that is correct and inform Us in writing of any changes occurring in Your data, so we can keep Our records in Your regard correct and up to date.
1.2. Data Controller
TARA of 68, Triq il-Qoton, Naxxar NXR3576, Malta is the data controller and is therefore responsible for Your personal data (“Company” or “We”, “Us”, “Our” in this Policy):
a. if You are Our client as an individual not acting in the course of business, in respect of Your personal data only;
b. if You are a linguist supplying services to Us, in respect of Your personal data;
c. if You are a visitor of Our website, in respect of Your personal traffic data;
d. if You are a recipient of Our marketing materials, in respect of Your personal data.
In all other cases, We are a data processor and are therefore not end-responsible for Your personal data. The data controller in these cases is Our client, or the customer of Our client. In these cases, if and to the extent that Our client is, or acts on behalf of, the data controller, We will process data and information in accordance with Our client’s instructions. Our client’s consent to and instructions for the processing of personal data are deemed to have been given also on behalf of any and all third parties whose personal data are contained in the information Our client has provided Us with, and Our client warrants and represents to have duly obtained and be able to evidence the consent of these third parties, and to promptly provide Us with such evidence on Our request.
Should You have any queries about this policy, or any request to exercise Your legal rights, please contact Us using the details provided below:
Full name:
Jeanelle Gladwish
Postal address:
68, Triq il-Qoton, Naxxar NXR3576, Malta
Email address:
You also have the right to file a complaint with the Information and Data Protection Commission (“IDPC”) at any time, being the main Supervisory Authority for data protection matters in Malta. However, We would truly appreciate the opportunity to address Your issues before You contact the IDPC, so do not hesitate to contact Us in the first instance.
2. Data and Processing
2.1. Definition
The General Data Protection Regulation (“GDPR”) defines personal data as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
You, as Our client, and/or other persons whose personal data are included in the information We receive in the course of the provision of Our services, are the ‘data subject’ in relation to this Policy. In short, this means that any personal data relating to the data subject is protected under data protection law. However, this does not include data where the identifiers relating to the data subject have been removed (meaning anonymous data).
2.2. Processing
We may collect, use, store, and transfer different kinds of personal data. Below We explain: what kind of data We collect; how We collect such data; for which purposes We collect the data; and which of the following is Our legal basis for processing such data:
-
Legal obligations – a requirement by law or regulations or a legal obligation to process this data
-
Legitimate interest – processing personal data in the interest of conducting and managing Our business and providing Our services except where the data subject’s rights and interests override Our interests to process such data
-
Performance of contract – the processing of personal data is necessary for the performance of contractual obligations We enter into with You and which You are a party to
-
Consent – processing personal data in such a manner for as long as We have Your consent to do so, until withdrawal of consent
2.2.1. Identification data – this may include full name and gender
-
Methods:
-
Included when a client requests a quote;
-
Included when a linguist sends an application form
-
-
Purpose:
-
Client identification and creation of client account;
-
Provision or receipt of services;
-
Linguist identification and creation of linguist account
-
-
Legal basis:
-
Performance of contract;
-
Legal obligation;
-
Legitimate interest;
-
Consent
-
2.2.2. Contact details – this may include email address, home address, contact number
-
Methods:
-
Included when a client requests a quote;
-
Included when a linguist sends an application form
-
-
Purpose:
-
Client identification and creation of client profile;
-
Linguist identification and creation of linguist profile;
-
Provision or receipt of services;
-
Distribution of marketing material
-
-
Legal basis:
-
Performance of contract;
-
Legal obligation;
-
Legitimate interest;
-
Consent
-
2.2.3. Financial and transaction data – this may include bank details and relevant details relating to payment methods
-
Methods:
-
Included when a client requests a quote;
-
Included when a linguist sends an application form
-
Included in payment details
-
-
Purpose:
-
Client identification and creation of client profile;
-
Linguist identification and creation of linguist profile;
-
Provision or receipt of services;
-
Receiving and making payments for services
-
-
Legal basis:
-
Performance of contract;
-
Legal obligation;
-
Legitimate interest;
-
Consent
-
2.2.4. Communications data – via email, post, phone call
-
Methods:
-
Whilst contact is made
-
-
Purpose:
-
Provision or receipt of services;
-
Receiving and making payments for services
-
-
Legal basis:
-
Performance of contract;
-
Legitimate interest;
-
Consent
-
2.2.5. Technical and usage data – this may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform as well as how you use our website
-
Methods:
-
Cookies
-
-
Purpose:
-
Provision or receipt of services (online as applicable);
-
Receiving and making payments for services;
-
All data (including location and IP) is used to improve website functionality and troubleshoot technical issues.
-
-
Legal basis:
-
Performance of contract;
-
Legitimate interest;
-
Consent
-
2.2.6. Marketing and communications data – includes your preferences relating to receiving marketing messages from us as well as your communication preferences
-
Methods:
-
Whilst contact is made
-
-
Purpose:
-
Marketing via different communication channels
-
-
Legal basis:
-
Consent
-
You may check and amend Your choices relating to marketing by emailing Us. If You feel You would like more control over what kind of marketing materials We send to You, please feel free to send Your suggestions to Us at the contact details listed above.
Should You wish to revoke Your consent for certain processing activities, it may take up to 48 hours for Us to ensure that the changes were implemented into Our systems.
Your personal data shall not be processed for purposes other than those it was collected for; should further processing be required, You will be informed of that purpose and provided with all necessary information.
3. Sharing of Data
Due to the nature of Our service, in order to process Your data as explained in section 2 of this Policy, We may need to share Your personal data with third parties which include:
-
Linguists – Our linguists receive all information You have provided in terms of the subject matter of Our services.
-
Payments providers and related service providers – We may share some of Your personal data with the payment providers used to make and receive payments.
-
Marketing – where You give us Your consent to send You marketing and promotional material, We may on occasion share Your contact details (such as email address or mailing address) with Our marketing channels through whom We send Our marketing material to You.
-
Governmental or regulatory authorities – We may, if obliged or authorised by law, provide Your personal data to law enforcement agencies, governmental or regulatory organisations, courts or other public authorities. We attempt to notify all Our clients about legal demands for their personal data unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when We believe that the requests are disproportionate, vague or lack proper authority, but We do not undertake to challenge every demand.
-
Communication devices and software – We use a third-party software to help Us communicate with You. This software enables Us to send You emails and communicate with You.
Our linguists and marketing channels having access to Your personal data are bound to respect the security of Your personal data, and to process it in a lawful manner at all times and in compliance with Our Policy. We do not allow any third-party service providers to use Your personal data for their own purposes. Processing by such third parties (also known as “Data Processors”) is solely carried out for specific purposes and in accordance with Our instructions as Data Controller and on Our behalf, and such third parties may only use Your personal data to the extent to which We ourselves are entitled. Furthermore, in all cases, We strive to ensure that We do not share more data than is necessary to be shared for the service providers to carry out the processing activities in accordance with our instructions.
4. Transfers of Personal Data
Some of the service providers outlined in section 3 above may be based in countries which do not form part of the European Economic Area (“EEA”). This may mean that Your data may be stored in a location outside of the EEA. Whenever any transfers of Your personal data are made to Data Processors located outside of the EEA, We contractually ensure that Your data is protected.
5. Automated Decision Making
In establishing and carrying out Our business relationship, We generally do not make use of fully automated decision making.
6. Data Security Measures
We always strive to ensure that Your data is safe, both in Our hands and in the hands of any third-party to whom We may disclose Your data. Internally, We have put in place security measures encompassing both technical and organisational aspects, to ensure that Your data is not accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. We also strive to ensure that access to Your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access Your personal data will have access to it. Furthermore, any linguist or marketing channel having access to Your personal data is subject to a duty of confidentiality and security.
In case of any suspected or actual personal data breaches We will notify both You as an affected data subject and the supervisory authority concerned of any such data breach whenever We are legally required to do so and We shall maintain a log of any such breaches.
7. Data Retention
We shall only retain Your personal data for as long as necessary in view of the purposes for which they were collected. Such purposes could include the satisfaction of any legal, accounting, or reporting requirements.
When determining the appropriate retention period applicable to Your data, We take several factors into consideration, such as the nature and sensitivity of the personal data, the potential risks surrounding the unauthorised use or disclosure of such data, the purposes for which We collect and process such data, and the applicable laws and/or regulatory requirements imposed on Us.
Please feel free to contact Us using the contact details provided above for further information on Our retention periods.
8. Your Rights
If You are a data subject, data protection law gives You certain rights in certain circumstances. In accordance with law, You have the following rights:
-
Request access to Your personal data – You have a right to request, free of charge, a copy of the personal data We hold about You.
-
Request the correction of Your personal data – If any personal data We hold about You is incomplete or incorrect, You have a right to have this corrected.
-
Request the deletion of Your personal data - You may request the deletion of Your personal data where We no longer have a legitimate reason to continue processing it or retaining it. Please be aware that this right is not absolute – meaning that We are not able to satisfy Your request where We are obliged under a legal obligation to retain the data, or where We have reason that the retention of data is necessary for Us to defend ourselves in a legal dispute.
-
Object to the processing of Your personal data where We rely on Our legitimate interests (or those of a third party) to process Your data and You feel that Our processing of Your data in such a manner impacts Your fundamental rights and freedoms. However, in some cases, We may be able to demonstrate that We have a compelling legitimate ground to process Your data which may override Your rights and freedoms. You may submit Your objections to processing of Your personal data on the grounds of Our above-mentioned legitimate interests by contacting Us.
-
Request the restriction of the processing of Your personal data – You may ask Us to temporarily suspend the processing of Your personal data in one of the following scenarios: (a) where You want Us to establish the accuracy of the data, (b) where Our use of the data is unlawful but You do not wish for Us to delete it, (c) where You need Us to retain Your data even when We no longer need it in order for You to establish, exercise, or defend legal claims, or (d) where You have objected the use of Your data but We need to verify whether We have overriding legitimate grounds to use it.
-
Request the transfer of Your personal data (i.e. data portability) – You may request Us to transfer certain data We process about You to a third party. This right only applies to data acquired through automated means which You initially provided consent for Us to use, or where We used the data to perform Our obligations under a contract with You. Please note that We do not have automated data export processes.
-
Withdraw Your consent at any time where We rely on Your consent to process the data – ‘Opting out’ or withdrawing Your consent will not affect the lawfulness of the processing carried out by Us up until the time You withdrew Your consent. Withdrawing Your consent means that, going forward, You no longer wish for Us to process Your data in such a manner. This means that You may no longer consent for Us to provide You with certain services (such as marketing). You may withdraw Your consent at any time by email.
-
File a complaint with a supervisory authority – As explained above in this Policy.
In order to assist You in exercising Your rights as explained above, We may need to request specific information about You to help Us verify Your identity. This is a security measure to ensure that We are certain that the person to whom We disclose Your personal data is really You.
We will do our utmost to respond to all legitimate requests within a 30-day timeframe from the submission of a request. If Your request is particularly complex, or if You have made multiple requests in a certain time period, it may take Us a little longer. In such a case, We will notify You of this extension.
This Policy was last updated on 17 March 2022.