LanguageLine Solutions UK: Customer GDPR Summary
We are responsible for implementing and maintaining the technical and organisational measures for the Services to help protect the personal data we process on your behalf against unauthorised processing and accidental or unlawful loss, access or disclosure.
You are responsible for complying with the technical and organisational measures we have put in place around end-user access and use of our Services, for example maintaining the secrecy of Service username and passwords, where supplied.
Data Subject Access Requests (DSARs)
We will notify you promptly if we receive a Data Subject Access Request from one of your customers or employees. We will not respond to a request unless specifically instructed by you to do so.
If required, we will provide you with commercially reasonable assistance in relation to access to the data subject’s personal data held by us, to the extent legally permitted and where you do not have access to this data through our existing Services.
You will be responsible for any costs arising from LanguageLine Solutions’ provision of such assistance at our professional services rates, unless otherwise agreed in writing.
Data Breach Notification
In the unlikely event that we suffer a data breach, we will notify you without undue delay once we become aware of the breach. This notification will include:
- a description of the breach;
- the type of data that was the subject of the breach;
- the identity of each affected person or, where possible, the approximate number of Data Subjects and of Personal Data records concerned; and
- details of the LLS contact that can provide more information, if required.
We will immediately investigate the breach and implement measures to mitigate the effects of such. In accordance with and subject to your prior agreement or instructions, we will carry out any recovery or other action necessary to address the breach.
Further updates will be provided as details emerge through the course of the breach investigation. These may include:
- a description of the likely consequences of the breach;
- a description of the measures to be taken by LanguageLine Solutions to mitigate adverse effects and prevent future breaches; and
- any other information that you may reasonably request relating to the breach.
As the Data Controller, you retain overall responsibility for handling the data breach and for notifying the relevant Supervisory Authorities (e.g. the UK Information Commissioner’s Office) or Data Subjects, where applicable.
From time-to-time we may engage Sub-processors to assist in the provision of written Translation Services. These sub-processors are required to abide by substantially the same obligations as ourselves. We are responsible for ensuring that our sub-processors process data in line with the Service Terms and Conditions.
Processing of Client Personal Data Outside of the EEA
From time to time, limited subsets of customer employee personal data may be processed by Language Line Solutions outside the European Economic Area. Safeguards are in place to ensure that the privacy of this data is protected in line with the EU GDPR.
Privacy Impact Assessments
We carry out formal Privacy Impact Assessments when we plan major changes to our services. Upon request, we will also provide you with commercially reasonable assistance in carrying out your own Privacy Impact Assessment of the Services and will work with you to implement agreed mitigation actions to address any privacy risks identified.
Data Processing Summary
Subject matter of the Processing
Personal data collection, processing and storage in support of the administration and delivery of face-to-face, over-the-phone and video interpreting services, as well as written translation services.
Duration of the Processing
Duration of the agreement with the Customer.
Nature and purposes of the Processing
Service user, interviewer and interviewee data is collected for the purpose of administration and delivery of face-to-face, over-the-phone and video interpreting services, service usage reporting and invoicing.
Service user data is collected for the purpose of administration and delivery of written translation services and invoicing.
Personal data incidentally provided in written translation materials is processed for the purposes of translation only.
Type of Personal Data
Service users: name, business e-mail address, business telephone number.
Interviewer: name (if provided by the Customer)
Interviewee: unique reference (if provided by the Customer), contact phone number (if conference call set-up is required)
No special data categories are processed.
Categories of Data Subject
Customer Employees (e.g. service users, interviewers)
Interviewees (People with limited English proficiency e.g. patients, customer’s customer)
Plan for return or destruction of the data once the Processing is complete
Data captured for usage reporting and invoicing will be retained for 6 years then electronically deleted and/or securely shredded.
Project data relating to each project completed will be held by LanguageLine Solutions for a period of twelve (12) months following the completion of the project or in line with customer specific contracts where appropriate. The system will automatically destroy data and backup storage of data supplied by the customer after the 12-month period
Please send queries to our GDPR team: firstname.lastname@example.org