LEGAL CONDITIONS

The http://www.traduquest.com site is published by:

EDUARDO COSTA, LDA with a declared capital of 10,000.00 euros,

registered at the Conservatória do Registo Predial/Comercial Bombarral (Portugal)

under the number PT508196795.

The http://www.traduquest.com site is hosted by:

AMEN
Edificio Parque Expo | Av. D. João II 1.07-2.1 R/C | 1998-014 Lisboa | Portugal

Telephone: (+351) 707 50 51 55 | Fax: (+351) 707 50 51 56 | E-mail: internic@amen.pt

CONDITIONS FOR USE OF THIS WEBSITE

The use of the http://www.traduquest.com website is subject to the general conditions laid under the appropriate headings. When you access the http://www.traduquest.com website, you declare that you have taken note of the general conditions for use and accept them without any reservations.

ACCESS TO THE SITE

Access to the http://www.traduquest.com website is possible 24 hours per day and 7 days per week, except in cases of “force majeure” or of an event which is not under TRADUQUEST‘s control, and subject to any breakdowns, and maintenance operations necessary for the http://www.traduquest.com website and the associated hardware to function correctly.

SITE CONTENTS

The TRADUQUEST (From Eduardo Costa, Lda) company makes checked information available to users of the http://www.traduquest.com website, but cannot be held responsible for the unavailability of certain information.

Furthermore, no guarantee is supplied as to the exactness, precision or completeness of the information supplied on the http://www.traduquest.com website.

TRADUQUEST (From Eduardo Costa, Lda) reserves the right to modify and/or delete all or part of its http://www.traduquest.com website without prior warning.

TRADUQUEST (From Eduardo Costa, Unipessoal, Lda) reserves the right to modify and/or delete all or part of its http://www.traduquest.com website without prior warning.

OWERSHIP

All the elements (texts, logos, pictures, etc.) held on the http://www.traduquest.com website are protected under national and international laws relating to intellectual property rights. All these items remain the exclusive property of TRADUQUEST (From Eduardo Costa, Lda).

With respect to this, you are forbidden to reproduce, represent, adapt, translate and/or partially or totally transform or transfer onto another website any part of the http://www.traduquest.com website without the prior written permission of Eduardo Costa, Lda.

BRAND NAMES

The brand names and logos presented on the http://www.traduquest.com website are registered by the companies which own them.

Any reproduction, republishing or redistribution of these names or logos by any means, without the prior written permission of their owners, is forbidden by the law.

HYPERTEXT LINKS

The hypertext links incorporated into the http://www.traduquest.com website, The hypertext links incorporated into the http://www.traduquest.com website, which link to other resources present on the Internet network, do not imply any responsibility on the part of the TRADUQUEST (From Eduardo Costa, Lda) company.

TRADUQUEST (From Eduardo Costa, Lda) also declines all responsibility with respect to the content and the relevance of the information supplied by websites published by third parties and accessible from the TRADUQUEST website by means of hypertext links.

GENERAL SALES CONDITIONS

The conditions described here refer to work done by the TRADUQUEST (From Eduardo Costa, Lda) company for its clients, except for dispensations resulting from the negotiation of specific different conditions.

1. Every order for translation work must be accompanied by a firm and definite order document which gives the price agreed between the client and our company, by post or by fax, signed by an authorized person, or, by default, by email, if we have explicitly given our agreement; if we have not given our agreement, we reserve the right not to start the work.

2. The technical texts will be accompanied by whatever documents, drawings or illustrations are necessary to be able to understand these technical texts.

3. The unit used for measuring the volume of text to be translated is the word of source text.

4. If a translation is cancelled by the client, the work already completed will be invoiced at 100% of its normal price and that still to be done will be invoiced at 50% of its normal price.

5. Except in the case of a special agreement, the invoiced amounts are net, without any discount and are due for payment on reception, as per the normal practice for this type of service.

6. Any lateness or absence of payment will result in all the sums due from the client become due immediately, whatever the reason, without any prior warning or other formality, and will initiate late payment interest becoming due at the Bank of Portugal rate on the date when the payment fell due. In every case, the customer must pay all costs arising from litigation to obtain the due amounts.

7. In case of late payment, other work in progress for the same client will be stopped.

8. In case of technical translation work, the client may be asked to validate a glossary. In this case, the delivery date will be delayed by the time that the client takes to validate the glossary.

9. The TRADUQUEST company may not in any way be pursued or held morally or materially responsible for any claims relating to details of style. In particular, as regards advertising material, the work we undertake is simply translation; we cannot be asked or obliged to produce a different advertising style from that of the source text.

10. Our responsibility is limited to the invoice amount.

11. All claims will be taken into account up to 15 calendar days after the delivery date of the work (i.e. the date the work left our offices). Such claims must be sent to us with the original documents and a copy of the parts of the translation called into question with notes describing the points of contention. Once this 15-day claim period has elapsed, the translation will be considered as being correct.

12. We cannot be held responsible for delays in delivery by fax, modem, e-mail and other postal or surface transport methods.

13. Defects in one part of a translation can in no wise cause the whole of the work to be called into question. We reserve the right to modify the work produced.

14. Only written agreements between the parties concerned can be taken into consideration. If no agreement can be reached, the Caldas da Rainha Commercial Court will be the sole jurisdiction to decide on the issue.

PRIVACY POLICY

1. Purpose and contact

1.1 This policy is designed to ensure transparency on all processing by TRADUQUEST of personal information held on individuals across our organization. TRADUQUEST (EDUARDO COSTA, LDA) is the Data Controller and are hereby responsible for the processing of data that we collect and store through our website or otherwise. We ensure that your data is processed according to any applicable law. For any questions regarding this policy or invoking of any of the rights mentioned in this policy, please contact our Data Protection Officer Eduardo Costa at geral [AT] traduquest.com or by using the following phone number: PT +351 262 841 096

2. How do we comply with the GDPR requirements?

2.1 At TRADUQUEST, we take data security and the privacy of our users very seriously. Our services are secure, and we have implemented sufficient technical and organisational measures to ensure the security of your data during our processing. We train all our employees in data protection and have extensive guidelines and protocols to ensure that the processing of personal information lives up to the same high standards across our organisation. This policy will outline which types of data we process, why we process it and which rights you have regarding the processing of your data.

3. What Data Do You Provide Yourself?

3.1 We collect your personal/company data to deliver our services to you: Your contact information: name, surname, company name, e-mail, and phone number Information concerning the services you purchase with us to customize and adjust the services to your specific needs Your billing information

4. What Data Do We Collect Automatically?

4.1 We want to improve our digital services and applications. That’s why we collect the data automatically in form of cookies, click-stream, and web analytics. This data does not usually contain personal details about the user. Click-stream data Your visit to our website usually results in the collection of the following information. the visitor’s IP address the date and time of the visit the referral URL (the site from which the visitor has come) the pages visited on our website information about the browser used (browser type and version, operating system, etc.). Cookies We use cookies on our website and mobile applications. Cookies are small text files that are stored on your device from the web browser. We can use cookies to match you with your account. You can find instructions on how to manage browser specific cookie settings here: Internet Explorer: https://support.microsoft.com/en-us/help/260971/description-of-cookies Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647 Safari: http://support.apple.com/kb/PH5042 Opera: https://help.opera.com/en/latest/web-preferences/#cookies Web analytics We use Google analytics to collect information from your user sessions on our website as we want to improve our services and to give you the best possible experience.

5. How do we use your data?

To deliver the service you ordered We will use the information we have gathered to get back to you with service propositions based on your quote request. If you choose to accept the quote, we will use your data to deliver the service you ordered with us. This includes making files available for our production team. To deliver the best service and experience for you We will use the information we have gathered about you to customize our services for you and provide the best possible digital experience. This includes optimizing of our services and websites based on analytical information gathered from you. To send you newsletters If you have given your consent to receive our newsletters, you will get them. We can inform you about similar products, services, and campaigns we might have. You can, at any moment, unsubscribe from our e-mail service.

6. How long do we store the data?

6.1 The data that we collect either directly from our users or from any of the services described in section 4, is stored during the whole time an account is active and the data is necessary, and for a period of time after the account is no longer active. The period after depends on the nature of the data, and will vary depending on any mandatory retention periods set forth by law. The maximum period will be 5 years.

7. Information Disclosure

7.1 We treat your data with confidentiality. This means that we do not sell you data to third parties. Your data will only be disclosed if required by law.

7.2 We may use supporting services provided by third parties. This might include maintenance services, analysis services, e-mail messaging services, handling of payment transactions. These third parties will get access to the data they require to provide their services. We take the necessary steps to ensure that these third-party providers protect your data.

8. Your rights

8.1 If you wish to gain access to your data, get them corrected or deleted or make any reservations towards our data processing, we will investigate whether or not this is possible according to any of our legal obligations, and get back to your request as soon as possible and no later than a month after we received your request.

8.2 Users can access their data at any time from their account settings, where users can see, download, delete or correct any information they have provided us.

8.3 You have the right to be informed, what data we have stored concerning you, where they are collected and what they are being used for. You can be informed about our retention periods, who receive data concerning you, in the extent that we disclose or transfer your data.

8.4 You can request to gain access to any data processed regarding your person. Access can be limited in cases where it can compromise other people’s privacy, trade secrets or intangible rights.

8.5 You have the right to correct any information that is no longer correct or current. If you become aware that any of the data that we store concerning you are incorrect, you have the right to get such information corrected or deleted.

8.6 You also have the right to object our processing of your data, or to our disclosure or transfer of your data for marketing purposes. You have the right to receive any data that we are processing regarding your person, this includes data collected directly from your or from other parties. In the event that you put in such a request, your data will be provided for you on a commonly used digital transportable format.

8.7 Any matters relating to TRADUQUEST’s collection and storage of personal information, your rights under the GDPR or this policy, can be addressed to geral [AT] traduquest.com or to the phone number listed in section 1

8.8 If our collection, storage or processing of your data should raise any concerns with you, you have the right to file a complaint with the Portuguese Data Protection Agency or any other supervising authority in your country.

9. Security of the Information

9.1 We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access; in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing and misusing of data.

9.2 – Our platform is hosted at AMEN.PT which provides maximum scalability and security. The platform uses https/ssl for secure communication and is backed by a firewall and a load balancer to ensure constant availability. All passwords for clients, translators and TRADUQUEST employees are encrypted, and advanced role-based access control (RBAC) can be provided and customised. User logins are logged with timestamp and IP address. Additionally, web servers keep access logs of all requests. Source files and translations are hosted in a secure centralized storage service (S3). All data is stored in EU (Dublin, Ireland).

10. Privacy Policy Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, in certain services, email notification of Privacy Policy changes)

DATA PROTECTION POLICY

1. Definitions

1.1 Consent – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

1.2 Data controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.3 Data Subject – any living individual who is the subject of personal data held by an organisation.

1.4 Personal Data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.5 Personal Data Breach – any breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. There is an obligation on the controller to report personal data breaches to the supervisory authority and where the breach is likely to adversely affect the personal data or privacy of the data subject.

1.6 Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.7 Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.8 Profiling – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse, or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.

1.9 Special Categories of Personal Data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

1.10 Third Party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2. Purpose

2.1 TRADUQUEST is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. TRADUQUEST is the Data Controller under the Data Protection laws, which means that it determines what purposes personal information held, will be used for.

2.2 This policy sets forth the expected behaviours of all TRADUQUEST employees and Third Parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal Data belonging to a Data Subject.

2.3 Personal Data is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards and other regulations, which impose restrictions on how organisations may process Personal Data. An organisation that handles Personal Data and makes decisions about its use is known as a Data Controller. TRADUQUEST, as a Data Controller, is responsible for ensuring compliance with the Data Protection requirements outlined in this policy.

2.4 TRADUQUEST’s leadership is fully committed to ensuring continued and effective implementation of this policy, and expects all employees and Third Parties to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.

3. Scope

3.1 This policy applies to all TRADUQUEST entities processing Personal Data.

3.2 This policy applies to all Processing of Personal Data in electronic form or where it is held in manual files that are structured in a way that contains information about individuals.

4. Basic principles

4.1 TRADUQUEST has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data: Lawfulness, fairness and transparency: Personal Data is processed lawfully, fairly and in a transparent manner in relation to the data subject. Purpose limitation: Any Personal Data collected shall have a specified, explicit and legitimate purpose. Data minimisation: Any Personal Data collected shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Accuracy: Any Personal Data collected shall be accurate and, where necessary, kept up to date. Storage limitation: Personal Data shall not be stored longer than what is necessary for the purposes for which the Personal Data are processed. Integrity and confidentiality: Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Accountability: TRADUQUEST shall be responsible for, and be able to demonstrate compliance with the above mentioned principles. This policy provides the foundation for adherence to this responsibility.

5. Lawfulness of processing

5.1 TRADUQUEST will Process Personal Data in accordance with all applicable laws and applicable contractual obligations.

5.2 More specifically, TRADUQUEST will not Process Personal Data unless one of the other available foundations for processing is applicable. As non-exhaustive examples of these valid grounds can be mentioned the following: The Data Subject has given valid Consent. Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

5.3 To the extent that TRADUQUEST process Special Categories of Data (also known as sensitive data), such processes shall receive special attention in the governance of personal data. Particularly, such processing shall only take place if the more stringent requirements for Processing of Special Categories of Data are fulfilled. As non-exhaustive examples of these valid grounds can be mentioned the following: The Data Subject has given valid Consent. The Processing relates to Personal Data which has already been made public by the Data Subject. The Processing is necessary for the establishment, exercise or defence of legal claims. The Processing is specifically authorised or required by law.

6. Information to data subjects

6.1 TRADUQUEST will, when required by applicable law, contract, or where it considers that it is reasonably appropriate to do so, provide Data Subjects with information as to the purpose of the Processing of their Personal Data.

6.2 When any Personal Data is collected, all appropriate disclosures will be made, in a manner that draws attention to them, unless one of the following apply: The Data Subject already has the information A legal exemption applies to the requirements for disclosure and/or Consent.

6.3 By way of non-exhaustive example, TRADUQUEST has implemented the following standard methods of providing information to Data Subjects: All Personal Data processed on TRADUQUEST’s website is described in a Privacy Policy made available to all users of TRADUQUEST’s website. All Personal Data processed on TRADUQUEST’s own employees, is described in the Employee contracts of each employee.

7. Continued compliance with basic principles

7.1 The basic principles of lawful Processing described in section 4 shall also apply when the same Personal Data is later stored, used and/or shared.

7.2 In particular it is essential to make sure that any changes in the purpose of Processing of Personal Data.

7.3 It is also essential that all stored Personal Data at all times is accurate and up-to-date.[1] In order to achieve this goal, TRADUQUEST has implemented the following procedures: Correcting Personal Data known to be incorrect, inaccurate, incomplete, ambiguous, misleading or outdated, even if the Data Subject does not request rectification. Only storing Personal Data for the period necessary to satisfy the permitted uses or applicable statutory retention period. Restriction, rather than deletion of Personal Data, insofar as: a law prohibits erasure. erasure would impair legitimate interests of the Data Subject. the Data Subject disputes that their Personal Data is correct and it cannot be clearly ascertained whether their information is correct or incorrect.

8. Transfers within the group of companies

8.1 In order for TRADUQUEST to carry out its operations effectively across its various entities, there may be occasions when it is necessary to transfer Personal Data from one entity to another, or to allow access to the Personal Data from an overseas location. Should this occur, the TRADUQUEST entity sending the Personal Data remains responsible for ensuring protection for that Personal Data. All TRADUQUEST entities are located within the EU.

9. Transfers to Third parties

9.1 TRADUQUEST will only transfer Personal Data to, or allow access by, Third Parties when it is assured that the information will be Processed legitimately and protected appropriately by the recipient. Where Third Party Processing takes place, TRADUQUEST will first identify if, under applicable law, the Third Party is considered a Data Controller or a Data Processor of the Personal Data being transferred.

9.2 Where the Third Party is deemed to be a Data Controller, the TRADUQUEST entity will enter into an appropriate agreement with the Controller to clarify each party’s responsibilities in respect to the Personal Data transferred.

9.3 Where the Third Party is deemed to be a Data Processor, TRADUQUEST will enter into an agreement with the Data Processor.

10. Use of data processors

10.1 TRADUQUEST will enter into an agreement with all of its Data Processors.

10.2 The agreement must require the Data Processor to protect the Personal Data from further disclosure and to only Process Personal Data in compliance with TRADUQUEST instructions. In addition, the agreement will require the Data Processor to implement appropriate technical and organisational measures to protect the Personal Data as well as procedures for providing notification of Personal Data Breaches.

10.3 When TRADUQUEST is outsourcing services to a Third Party (including Cloud Computing services), they will identify whether the Third Party will Process Personal Data on its behalf and whether the outsourcing will entail any Third Country transfers of Personal Data. In either case, it will make sure to include adequate provisions in the outsourcing agreement for such Processing and Third Country transfers.

11. Transfer of personal data outside EU

11.1 TRADUQUEST will only transfer Personal Data to internal or Third Party recipients located in country outside of the European Union where the conditions for such a transfer are fulfilled.

12. Security

12.1 TRADUQUEST will adopt physical, technical, and organisational measures to ensure the security of Personal Data. This includes the prevention of loss or damage, unauthorised alteration, access or Processing, and other risks to which it may be exposed by virtue of human action or the physical or natural environment.

12.2 The minimum set of security measures to be adopted by TRADUQUEST is provided in the Information Security Policy. A summary of the Personal Data related security measures is provided below: Prevent unauthorised persons from gaining access to data processing systems in which Personal Data are Processed. Prevent persons entitled to use a data processing system from accessing Personal Data beyond their needs and authorisations. Ensure that Personal Data in the course of electronic transmission during transport cannot be read, copied, modified or removed without authorisation. Ensure that access logs are in place to establish whether, and by whom, the Personal Data was entered into, modified on or removed from a data processing system. Ensure that in the case where Processing is carried out by a Data Processor, the data can be Processed only in accordance with the instructions of the Data Controller. Ensure that Personal Data is protected against undesired destruction or loss. Ensure that Personal Data collected for different purposes can and is Processed separately. Ensure that Personal Data is not kept longer than necessary.

13. Breach Reporting

13.1 Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify the Data Protection Officer Eduardo Costa providing a description of what occurred. Notification of the incident can me made via e-mail geral [AT] traduquest.com or by calling the phone number +351 262 841 096.

13.2 The Data Protection Officer will investigate all reported incidents to confirm whether or not a Personal Data Breach has occurred. If a Personal Data Breach is confirmed, the Data Protection Officer will follow the relevant authorised procedure based on the criticality and quantity of the Personal Data involved, assessed by the completion of a Data Protection Impact Assesment (DPIA).

14. Limitation of retention period

14.1 To ensure fair Processing, Personal Data will not be retained by TRADUQUEST for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further Processed.

14.2 The length of time for which TRADUQUEST need to retain Personal Data is set out in the Personal Data Retention Schedule. This takes into account the legal and contractual requirements, both minimum and maximum, that influence the retention periods set forth in the schedule. All Personal Data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a need to retain it.

15. Notification of Data Protection Officer

15.1 All requests received for access to or rectification of Personal Data must be directed to the appointed Data Protection Officer, who will log each request as it is received.

15.2 The Data Protection Officer will observe that all Data Subject requests are handled in accordance with section 16-18 below.

16. Data Subject request handling procedure

16.1 The Data Protection Officer has established a system to enable and facilitate the exercise of Data Subject rights related to: Information access. Objection to Processing. Objection to automated decision-making and Profiling. Restriction of Processing. Data portability. Data rectification. Data erasure.

16.2 If an individual makes a request relating to any of the rights listed above, TRADUQUEST will consider each such request in accordance with all applicable Data Protection laws and regulations. No administration fee will be charged for considering and/or complying with such an initial request unless the request is deemed to be unnecessary or excessive in nature due to repetitive requests.

17. Information access

17.1 Data Subjects are entitled to obtain, based upon a request made in writing to the Office of Data Protection and upon successful verification of their identity, the following information about their own Personal Data: The purposes of the collection, Processing, use and storage of their Personal Data. The source(s) of the Personal Data, if it was not obtained from the Data Subject; The categories of Personal Data stored for the Data Subject. The recipients or categories of recipients to whom the Personal Data has been or may be transmitted, along with the location of those recipients. The envisaged period of storage for the Personal Data or the rationale for determining the storage period. The use of any automated decision-making, including Profiling.

18. Response time

18.1 A response to each request will be provided within 30 days of the receipt of the written request from the Data Subject. Appropriate verification must confirm that the requestor is the Data Subject or their authorised legal representative. Data Subjects shall have the right to require [Company] to correct or supplement erroneous, misleading, outdated, or incomplete Personal Data. If [Company] cannot respond fully to the request within 30 days, the Office of Data Protection shall nevertheless provide the following information to the Data Subject, or their authorised legal representative within the specified time: An acknowledgement of receipt of the request. Any information located to date. Details of any requested information or modifications which will not be provided to the Data Subject, the reason(s) for the refusal, and any procedures available for appealing the decision. An estimated date by which any remaining responses will be provided. An estimate of any costs to be paid by the Data Subject (e.g. where the request is excessive in nature). The name and contact information of the TRADUQUEST individual who the Data Subject should contact for follow up.

19. Data Protection Officer

19.1 To demonstrate our commitment to Data Protection, and to enhance the effectiveness of our compliance efforts, TRADUQUEST has appointed an employee to be the primary supervisor of TRADUQUEST’s compliance with the Data Protection rules (the DPO).

19.2 The DPO reports directly to the CEO of TRADUQUEST.

19.3 The DPO’s duties include: Informing and advising TRADUQUEST and its Employees who carry out Processing pursuant to Data Protection regulations, national law or Union based Data Protection provisions; Ensuring the alignment of this policy with Data Protection regulations, national law or Union based Data Protection provisions; Providing guidance with regards to carrying out Data Protection Impact Assessments (DPIAs); Acting as a point of contact for and cooperating with Data Protection Authorities (DPAs); Determining the need for notifications to one or more DPAs as a result of TRADUQUEST’s current or intended Personal Data processing activities; Making and keeping current notifications to one or more DPAs as a result of TRADUQUEST’s current or intended Personal Data processing activities; The establishment and operation of a system providing prompt and appropriate responses to Data Subject requests; Informing senior managers, officers, and directors of TRADUQUEST of any potential corporate, civil and criminal penalties which may be levied against TRADUQUEST and/or its Employees for violation of applicable Data Protection laws. Ensuring establishment of procedures and standard contractual provisions for obtaining compliance with this Policy by any Third Party who: provides Personal Data to TRADUQUEST receives Personal Data from TRADUQUEST has access to Personal Data collected or processed by TRADUQUEST.

20. Awareness

20.1 The management team of TRADUQUEST will ensure that all TRADUQUEST Employees responsible for the Processing of Personal Data are aware of and comply with the contents of this policy.

20.2 All TRADUQUEST Employees that have access to Personal Data will have their responsibilities under this policy outlined to them as part of their staff induction training. In addition, each TRADUQUEST Entity will provide regular Data Protection training and procedural guidance for their staff.

20.3 The training and procedural guidance set forth will consist of, at a minimum, the following elements: The Data Protection Principles set forth in Section 4 above. Each Employee’s duty to use and permit the use of Personal Data only by authorised persons and for authorised purposes. The need for, and proper use of, the forms and procedures adopted to implement this policy. The correct use of passwords, security tokens and other access mechanisms. The importance of limiting access to Personal Data, such as by using password protected screen savers and logging out when systems are not being attended by an authorised person. Securely storing manual files, print outs and electronic storage media. The need to obtain appropriate authorisation and utilise appropriate safeguards for all transfers of Personal Data outside of the internal network and physical office premises. Proper disposal of Personal Data by using secure shredding facilities. Any special risks associated with particular departmental activities or duties.

21. Governance of Third Parties and Data processors

21.1 In addition, TRADUQUEST will make sure all Third Parties engaged to Process Personal Data on TRADUQUEST’s behalf (i.e. their Data Processors) are aware of and comply with the contents of this policy.

21.2 Assurance of such compliance must be obtained from all Third Parties, whether companies or individuals, prior to granting them access to Personal Data controlled by TRADUQUEST.

22. Data Protection Impact Assessments

22.1 The Data Protection Officer will ensure that a Data Protection Impact Assessment (DPIA) is conducted, in cooperation with the Office of Data Protection, for all new and/or revised systems or processes for which it has responsibility. Where applicable, the Information Technology (IT) department, as part of its IT system and application design review process, will cooperate with the Data Protection Supervisor to assess the impact of any new technology uses on the security of Personal Data.

23. Compliance Monitoring

23.1 To confirm that an adequate level of compliance that is being achieved by TRADUQUEST in relation to this policy, the Data Protection Officer will carry out an annual Data Protection compliance audit for all relevant parts of the organisation. Each audit will, as a minimum, assess: Compliance with Policy in relation to the protection of Personal Data, including the assignment of responsibilities, raising awareness and training of employees. The effectiveness of Data Protection related operational practices, The level of understanding of Data Protection policies and Privacy Notices. The accuracy of Personal Data being stored. The conformity of Data Processor activities. The adequacy of procedures for redressing poor compliance and Personal Data Breaches.

23.2 The DPO in cooperation with key business stakeholders from management, will devise a plan with a schedule for correcting any identified deficiencies within a defined and reasonable time frame.

GDPR

At TRADUQUEST, we care about the General Data Protection Regulations (GDPR). More importantly, we care about you, your business, and your privacy. With everything these new regulations have done to revolutionise personal privacy and security online, we feel it’s necessary to answer some of the most important questions you may have.

Are you, TRADUQUEST, compliant with the new rules and regulations of the GDPR?

We are! In fact, before the universal EU enforcement date: 25 May 2018, we were ready to go above and beyond the GDPR, in order to protect your data and privacy.

What do you do with my data?

We only collect information which will allow us to perform our job on your behalf, in the most efficient manner possible. Which is why we collect your personal, professional, and financial data only for the purposes of creating an account, translating your work, and invoicing you.

Can I access, edit, move, and/or delete my data, whenever I like?

Definitely! Your Account Settings page gives you full control over your data. Simply go to our Intranet and you can edit, export, and delete your data, at the touch of a button.

Will my data cross any borders within, or without, the EU?

Yes! We receive and process your important documents at our office in Portugal. Additionally, our platform is hosted on state-of-the-art AMEN.PT cloud servers.

How secure is your office network?

We ensure access to our local network is secure, and limited to office personnel. Both wired and wireless connections can only be accessed by employees, working on-site, at our office(s).

Where can I learn more about how my data is handled by you?

We have created a new Data Protection Policy in order to provide you with absolutely everything you could ever want to know about how we handle your data, which includes our compliance with GDPR.

Who do I contact if I have important questions or concerns regarding TRADUQUEST & the GDPR?

You may contact our Data Protection Officer (DPO), Eduardo Costa, by email: geral@traduquest.com.