Privacy policy

Consent and privacy notice for sending of marketing communication

Phrase a.s., with its registered office at Spálená 108/51, 110 00 Prague 1, Czech Republic and Phrase GmbH, with its registered office at ABC-Straße 4, 20354 Hamburg, Germany (both together as “we” or “us” or “our”) act as joint controllers of the processing of your personal data. This privacy notice describes how your personal data is processed and for what purposes. 

What personal data do we collect about you?

We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation (“GDPR“) and other provisions of European data protection law.  This data includes your name and surname, job title, name of your organisation, email address, phone number, country of your location, languages you speak, and identification of your social media account.

How do we obtain your personal data?

We obtain your personal data either directly from you or from public sources such as your LinkedIn profile.

How do we use your personal data?

Your personal data will be processed for marketing purposes, including sending you marketing materials about us and our services and products by email.

On what legal basis do we use your personal data?

We use your personal data on the following basis:

• If you are not our former or existing client our processing of your personal data is legitimate if you have given your consent as stipulated in Article 6 (1) a) GDPR.

• If you are our former or existing client then processing of your personal data is based on our legitimate interest in accordance with the Article 6 (1) f) GDPR, as it helps our business to offer you new products and services, and provide you with some other information about us that you may find interesting.  

How long will we keep your personal data?

We will always keep your personal data for the period for which we maintain an active interaction with you or your organization. We will also keep your personal data where required by law or where we need to do so in connection with potential or actual legal action, or an investigation involving us. Otherwise, Data will be held until you opt-out,  until you do not engage with us for more than one year, or until they are no longer subject to contractual or legal retention obligations.

With whom do we share your personal data?

Your personal data will be accessible to our employees, as well as to authorized employees of our suppliers which provide us with a variety of essential services. Below you can find some of our most important suppliers: 

List of our authorized suppliers 

Google Analytics

Google LLC headquartered in San Francisco, California, USA

We use Google Analytics to analyze the use of our website and to improve it on a regular basis. Google Analytics uses cookies. In exceptional cases in which personal data is sent to the USA, Google is relying on the European Commission’s approved model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. 

Google Adwords Conversion

Google LLC headquartered in San Francisco, California, USA

We use the offering from Google Ads (“Ads“), a marketing tool from Google. Ads is used to attract attention to our offerings by means of advertising (termed “Google Ads”) on external websites. We can thus determine and see how successful the individual promotional measures are in relation to the data for the campaigns. Our interest in doing that is to display advertising that appeals to you. 

AdRoll

AdRoll, Inc. headquartered in San Francisco, California, USA

We use the services of AdRoll Advertising Limited to optimize the display of advertising for visitors. AdRoll displays advertising campaigns based on your browsing behavior on the Internet. That means that, after you visit our website, ads may also be displayed on other third-party sites. In some circumstances, AdRoll may also transfer the information to countries outside the EEA. AdRoll will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. 

Salesforce.com

Salesforce.com, Inc. headquartered in San Francisco, California, USA

Salesforce provides customer relationship management software and applications focused on sales, customer service, marketing automation, analytics, and application development.

HubSpot 

HubSpot, Inc. headquartered in Cambridge, Massachusetts, USA

We use HubSpot to tailor communication with visitors and users of our website as well as to keep improving it and make the website more attractive to you. HubSpot is also used to optimize the care and support we give customers.

Mailchimp

Mailchimp headquartered in Atlanta, Georgia, USA

Mailchimp is a marketing automation platform and email marketing service that helps us manage and talk to our clients, customers, and other interested parties. 

Pardot

Pardot LLC headquartered in Atlanta, Georgia, USA

Pardot is a marketing automation platform that, among other features, helps us to create automated marketing campaigns and analyze prospect activity and engagement.

Chili Piper

Chili Piper, Inc. headquartered in New York, New York, USA

Chili Piper is a meeting automation platform which helps us to automatically schedule appointments with leads.

Hotjar

Hotjar Ltd. headquartered in St. Julians, Malta

Our website uses the Hotjar analytics service to improve its user friendliness and the customer experience. That permits tracking of the various ways in which visitors interact with our website so that it can then be optimized for the user. During your visit to our website, the tracking cookie automatically collects your activity data and stores them on the Hotjar servers. The Hotjar servers are located exclusively in Ireland. 

Mixpanel

Mixpanel, Inc. headquartered in San Francisco, California, USA

Mixpanel is a tracking tool used by us to understand how our customers use our applications and to keep on improving them. Mixpanel is used to gather information on which features of our website are used by customers and to what extent. Such an analysis offers a means to control planning as part of product development, since it enables the specific demand for features to be taken into account.

 

When transferring data outside of the EU into the USA, the adequate means of protection is ensured by the European Commission’s approved model contract clauses. 

Jetpack from WordPress

Automattic, Inc. headquartered in San Francisco, California, USA

Jetpack from WordPress is a tool for statistical analysis. The purpose of Jetpack is to analyze the number of visitors to our blog, create anonymized, aggregate access statistics, and to enable technical support for the search function in the blog (Elasticsearch) and SEO support.

Zapier

Zapier, Inc. headquartered in San Francisco, California, USA

Zapier enables us to integrate the services of various applications in one application and to automate workflows in it. We use Zapier on the basis of legitimate interest, since Zapier is used to automate workflows from various services and to optimize processes.

Twitter

Twitter, Inc. headquartered in San Francisco, California, USA

We use Twitter tracking pixel to recognize visitors who access our website from ads on Twitter. 

Quora

Quora, Inc. headquartered in Mountain View, California, USA

We use the Quora tracking pixel to recognize visitors who access our website from content marketing on the Quora.com website.

Bugsnag & Sentry

Bugsnag, Inc. and Sentry headquartered in San Francisco, California, USA

These services enable us to quickly identify bugs in our software which have led to a disruption or crash and so to improve our offering. We have a legitimate interest in using Bugsnag and/or Sentry since it enables us to identify and remedy bugs as efficiently as possible. When transferring data outside of the EU into the USA, the adequate means of protection is ensured by the European Commission’s approved model contract clauses.

Bitbucket

Bitbucket headquartered in San Francisco, California, USA

Bitbucket is a software for collaborative versioning management. The synchronization between us and Bitbucket’s versioning management enables users to export localization files from the versioning management software into their accounts.

Albacross

Albacross Nordic AB headquartered in Stockholm, Sweden 

We use Albacross for the targeted advertising purposes. The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies. The Albacross database is also used for targeted advertising towards companies and for this purpose data will be transferred to third party data service providers. For the purpose of clarity, targeted advertising is focused on companies, not individuals.

Transfers of your personal data outside of your home country

Your personal data may be transferred to countries outside the European Economic Area.  These countries include: The USA, Canada, and Japan. The countries to which we transfer personal data may not have data protection laws that provide an adequate level of protection to your personal data.

We therefore take steps (which may include entering into data transfer agreements based on the Model Clauses approved by the European Commission) to ensure that the persons to whom we transfer data in those countries commit to ensure an adequate level of protection for your personal data. You can find more information about data transfer agreements here. 

Protecting your personal data

We may share your personal data with its suppliers under a written agreement which commits the suppliers to appropriate safeguards in relation to the handling of your personal data (including in relation to maintaining confidentiality of your personal data and implementing appropriate technical and organizational security measures). 

We will take appropriate legal, organizational and technical measures to protect your personal data, consistent with applicable privacy and data security laws.

Your rights

You may be entitled to:

• Opt out from your personal data being processed for direct marketing purposes

If you have given your consent you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject shall have the right to withdraw his or her consent at any time.

• Request access to processing information

You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed as well as to be provided with a copy of your personal data.

• Request the correction and/or deletion of your personal data;

You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed. In certain circumstances you have the right to erasure of the personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary to comply with legal obligations.

• Object to the processing of your personal data;

You have the right to object at any time to the processing of your personal data for any advertising purposes.

• Request the restriction of the processing of your personal data;

You have the right to request the restriction of the processing of your personal data where you have contested its accuracy or if the processing is deemed unlawful.

• Complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal data.

You are not required by law to provide your personal data to us. If you object to the processing of your personal data, we will respect that choice in accordance with our legal obligations. 

If you would like to exercise any of your rights, please let us know by getting in touch using the contact details below.

Contact us

If you have questions or requests regarding the processing of your personal data, or require additional information, please contact: security@phrase.com.

Privacy notice for sales communication

Phrase a.s., with its registered office at Spálená 108/51, 110 00 Prague 1, Czech Republic and Phrase GmbH, with its registered office at ABC-Straße 4, 20354 Hamburg, Germany (both together as “we” or “us” or “our”) act as joint controllers of the processing of your personal data. This privacy notice describes how your personal data is processed and for what purposes.  

What personal data do we collect about you?

We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation (“GDPR“) and other provisions of European data protection law. In connection with our potential or actual business cooperation with you or your organisation, we collect personal data such as: your name and surname, job title, name of your organisation, email address, phone number, Skype contact details, Phrase TMS / Strings Cloud ID, information from your LinkedIn profile, information about your participation in conferences, information about our historic interaction with you or your organisation, information about the use of the Phrase TMS / Strings Cloud by you or your organisation, and information about opportunities for further sale of our products to you or your organisation.

How do we obtain your personal data?

Your personal data can be: 

• Obtained directly from you, such as your name, surname, and contact details. 
• Created in the course of our relationship with you or your organisation, such as information about our interaction with you. 
• Collected from public sources such as your LinkedIn profile.

How do we use your personal data?

Your personal data will be processed for the following purposes:

• To enable you or your organisation to use the Phrase TMS / Strings Cloud or its trial versions
• To discuss our potential business relationship with you or your organisation; and, if you or your organisation becomes our client, to maintain the business relationship with you or your organisation;
• Our internal reporting;
• To provide you or your organisation with business proposals; and
• For future marketing, including sending to you marketing materials about us and our services and products by email (if applicable).

On what legal basis do we use your personal data?

We use your personal data on the following basis:

• If you or your organisation becomes our client, then the processing of your personal data for the purpose of use of Phrase TMS / Strings Cloud is necessary to allow us to perform a contract that we have concluded with you or your organization (Article 6 (1) b) GDPR)
• Processing of your personal data for other purposes listed in Section “How do we use your personal data?” is based on our legitimate interest  (Article 6 (1) f) GDPR) as processing of personal data for these purposes: (i) to help us to maintain a productive communication and business relationship with you or your organisation, (ii) to improve our ability to understand your business needs and (iii) to improve our services.

How long will we keep your personal data?

We will always keep your personal data for as long as there is a specific purpose for such storage, and for the duration of our business relationship with you or your organisation. We will also keep your personal data where required by law or where we need to do so in connection with  potential or actual legal action or an investigation involving us. Data will be held until you opt-out or until two years have passed since your last active communication with us.

With whom do we share your personal data?

Your personal data will be accessible to our employees, as well as to authorized employees of our suppliers which provide us with a variety of essential services. Here you can find some of our most important suppliers.

List of our authorized suppliers 

Google Analytics

Google LLC headquartered in San Francisco, California, USA

We use Google Analytics to analyze the use which is made of our website and to improve it on a regular basis. Google Analytics uses cookies. In exceptional cases in which personal data is sent to the USA, Google is relying on the European Commission’s approved model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. 

Google Adwords Conversion

Google LLC headquartered in San Francisco, California, USA

We use the offering from Google Ads (“Ads“), a marketing tool from Google. Ads is used to attract attention to our offerings by means of advertising (termed “Google Ads”) on external websites. We can thus determine and see how successful the individual promotional measures are in relation to the data for the campaigns. Our interest in doing that is to display advertising that appeals to you. 

AdRoll

AdRoll, Inc. headquartered in San Francisco, California, USA

We use the services of AdRoll Advertising Limited to optimize the display of advertising for visitors. AdRoll displays advertising campaigns based on your browsing behavior on the Internet. That means that, after you visit our website, ads may also be displayed on other third-party sites. In some circumstances, AdRoll may also transfer the information to countries outside the EEA. AdRoll will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. 

Salesforce.com

Salesforce.com, Inc. headquartered in San Francisco, California, USA

Salesforce provides customer relationship management software and applications focused on sales, customer service, marketing automation, analytics, and application development.

HubSpot 

HubSpot, Inc. headquartered in Cambridge, Massachusetts, USA

We use HubSpot to tailor communication with visitors and users of our website as well as to keep improving it and make the website more attractive to you. HubSpot is also used to optimize the care and support we give customers.

Mailchimp

Mailchimp headquartered in Atlanta, Georgia, USA

Mailchimp is a marketing automation platform and email marketing service that helps us manage and talk to our clients, customers, and other interested parties. 

Pardot

Pardot LLC headquartered in Atlanta, Georgia, USA

Pardot is a marketing automation platform that, among other features, helps us to create automated marketing campagnes and analyze prospect activity and engagement.

Chili Piper

Chili Piper, Inc. headquartered in New York, New York, USA

Chili Piper is a meeting automation platform which helps us to automatically schedule appointments with leads.

Hotjar

Hotjar Ltd. headquartered in St. Julians, Malta

Our website uses the Hotjar analytics service to improve its user friendliness and the customer experience. That permits tracking of the various ways in which visitors interact with our website so that it can then be optimized for the user. During your visit to our website, the tracking cookie automatically collects your activity data and stores them on the Hotjar servers. The Hotjar servers are located exclusively in Ireland. 

Mixpanel

Mixpanel, Inc. headquartered in San Francisco, California, USA

Mixpanel is a tracking tool used by us to understand how our customers use our applications and to keep on improving them. Mixpanel is used to gather information on which features of our website are used by customers and to what extent. Such an analysis offers a means to control planning as part of product development, since it enables the specific demand for features to be taken into account. When transferring data outside of the EU into the USA, the adequate means of protection is ensured by the European Commission’s approved model contract clauses. 

Jetpack from WordPress

Automattic, Inc. headquartered in San Francisco, California, USA

Jetpack from WordPress is a tool for statistical analysis. The purpose of Jetpack is to analyze the number of visitors to our blog, create anonymized, aggregate access statistics, and to enable technical support for the search function in the blog (Elasticsearch) and SEO support.

Zapier

Zapier, Inc. headquartered in San Francisco, California, USA

Zapier enables us to integrate the services of various applications in one application and to automate workflows in it. We use Zapier on the basis of legitimate interest, since Zapier is used to automate workflows from various services and to optimize processes.

Twitter

Twitter, Inc. headquartered in San Francisco, California, USA

We use Twitter tracking pixel to recognize visitors who access our website from ads on Twitter. 

Quora

Quora, Inc. headquartered in Mountain View, California, USA

We use the Quora tracking pixel to recognize visitors who access our website from content marketing on the Quora.com website.

Bugsnag & Sentry

Bugsnag, Inc. and Sentry headquartered in San Francisco, California, USA

These services enable us to quickly identify bugs in our software which have led to a disruption or crash and so to improve our offering. We have a legitimate interest in using Bugsnag and/or Sentry since it enables Us to identify and remedy bugs as efficiently as possible. When transferring data outside of the EU into the USA, the adequate means of protection is ensured by the European Commission’s approved model contract clauses.

Bitbucket

Bitbucket headquartered in San Francisco, California, USA

Bitbucket is a software for collaborative versioning management. The synchronization between us and Bitbucket’s versioning management enables users to export localization files from the versioning management software into their accounts.

Albacross

Albacross Nordic AB headquartered in Stockholm, Sweden 

We use Albacross for the targeted advertising purposes. The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies. The Albacross database will in addition to “Lead Generation” be used for targeted advertising purposes towards companies and for this purpose data will be transferred to third party data service providers. For the purpose of clarity, targeted advertising regards companies, not towards individuals.

Protecting your personal data

We may share your personal data with Our suppliers under a written agreement which commits the suppliers to appropriate safeguards in relation to the handling of your personal data (including in relation to maintaining confidentiality of your personal data and implementing appropriate technical and organisational security measures).

We will take appropriate legal, organizational, and technical measures to protect your personal data consistent with applicable privacy and data security laws.

Your rights 

You are entitled to:

• Opt out from your personal data being processed for direct marketing purposes

If you have given your consent you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject shall have the right to withdraw his or her consent at any time.

• Request access to processing information

You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed as well as to be provided with a copy of your personal data.

• Request the correction and/or deletion of your personal data

You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed. In certain circumstances you have the right to erasure of the personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary to comply with legal obligations.

• Object to the processing of your personal data

You have the right to object at any time to the processing of your personal data for any advertising purposes.

• Request the restriction of the processing of your personal data

You have the right to request the restriction of the processing of your personal data where you have contested its accuracy or if the processing is deemed unlawful.

• Request receipt or transmission to another organisation, in a machine-readable form, of the personal data that you have provided to us; and

You have the right to transmit your personal data to another company in a safe and secure way without hindrance to usability.

• Complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal data.

You are not required by law to provide your personal data to us however, if you do not then we may not be able to provide you or your organisation with the Phrase TMS / Strings Cloud. If you object to the processing of your personal data, we will respect that choice in accordance with our legal obligations. Depending on the scope of your request, this could mean that we will not be able to provide you or your organisation with the Phrase TMS / Strings Cloud or any of its trial versions.

If you would like to exercise any of your rights, please let us know by getting in touch using the contact details below.

Contact us

If you have questions or requests regarding the processing of your personal data, or require additional information, please contact: security@phrase.com

Privacy notice for candidates

Phrase a.s., with its registered office at Spálená 108/51, 110 00 Prague 1, Czech Republic,  Phrase GmbH, with its registered office at ABC-Straße 4, 20354 Hamburg, Germany, Phrase Ltd, with its registered office at 73 Cornhill, London EC3V 3QQ, United Kingdom and Phrase Inc., with its registered office at 90 Canal Street, 4th Floor, Boston, Massachusetts, 02114, US ( together as “we” or “us” or “our”) act as joint controllers of the processing of your personal data. This privacy notice describes how your personal data is processed and for what purposes.  

What personal data do we collect about you?

In the course of the recruitment process, we collect and generate information about you. We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation (“GDPR“) and other provisions of European data protection law. This information includes mainly personal data provided by you: 

• Your basic information—such as your name (including name prefix or title), gender, age, date of birth, relationship to a person, photograph
• Contact information—such as your home address, email address, and phone number(s)
• Talent Management Information—such as details contained in letters of application and resume/CV, previous employment background, all background checks (including criminal record checks where applicable) education history, professional qualifications, language and other relevant skills, details on performance management ratings and performance appraisals, and all correspondence with us with regard to job applications, including references.

How do we obtain your personal data?

We collect your personal data submitted during our recruitment process, or records obtained when you engage with our company’s Human Resources.

We may also receive personal data about you from other sources, such as recruitment agencies, healthcare provider directories, and publicly available sources. We combine personal data that we have about you from various sources, including the personal data that you have provided to us.

How do we use your personal data?

Your personal data will be processed for the following purposes:

• Identifying and evaluating candidates for our positions
• Record-keeping related to hiring processes
• Analysing the hiring process and outcomes
• Conducting background checks, where permitted by law

On the other hand, we will not:

• Use your personal data for any other purposes than those described above
• Make recruiting or hiring decisions based solely on automated decision-making
• Transfer any of your data to any third country or international organization which are not considered to be providing adequate protection of personal data

On what legal basis do we use your personal data?

We use your personal data on the following basis:

• Article 6 (1) b) GDPR: the processing of your personal data is necessary for the conclusion of the employment relationship with you
• Article 6 (1) c) GDPR: the processing of your personal data is necessary for compliance with our legal and regulatory obligations
• Article 6 (1) f) GDPR, the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us, such as to achieve purposes specified in Section “How do we use your personal data?”

How long will we keep your personal data?

In addition to using your personal data for the position for which you have applied, we may retain and use your personal data to consider you for other positions. If you do not want to be considered for other positions or would like to have your personal data removed, you may contact us as specified below. Unless required for tax or other legal purposes or in connection with employment, we will generally keep your data for a maximum of 6 months.

With whom do we share your personal data?

Your personal data will be accessible to certain authorised employees of our company, as well as to authorised employees of certain suppliers of our company, who provide us with various services.

List of our authorised suppliers

We use these authorised suppliers as our applicant tracking systems, making it easier for us to find a new candidate:

• Greenhouse
• LinkedIn Talent Solutions

Protecting your personal data

We may share your personal data with our suppliers under a written agreement which commits the suppliers to appropriate safeguards in relation to the handling of your personal data (including in relation to maintaining confidentiality of your personal data and implementing appropriate technical and organisational security measures).

We will take appropriate legal, organizational, and technical measures to protect your data consistent with applicable privacy and data security laws.

Your rights

You may be entitled to:

• Request access to processing information

You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed as well as to be provided with a copy of your personal data.

• Request the correction and/or deletion of your personal data

You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed. In certain circumstances you have the right to erasure of the personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary to comply with legal obligations.

• Object to the processing of your personal data

You have the right to object at any time to the processing of your personal data for any advertising purposes.

• Request the restriction of the processing of your personal data

You have the right to request the restriction of the processing of your personal data where you have contested its accuracy or if the processing is deemed unlawful.

• Complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal data.

You are not required by law to provide your personal data to us, however, if you don’t, then we will not be able to consider you as a candidate for a position in our company. If you object to the processing of your personal data, we will respect that choice in accordance with our legal obligations. This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described above.

If you would like to exercise any of your rights, please let us know by getting in touch using the contact details below.

Contact us

If you have questions or requests regarding the processing of your personal data, or require additional information, please contact: security@phrase.com

Privacy notice for participants in the Phrase TMS certification program

Phrase a.s., with its registered office at Spálená 108/51, 110 00 Prague 1, Czech Republic and Phrase GmbH, with its registered office at ABC-Straße 4, 20354 Hamburg, Germany (both together as “we” or “us” or “our”) act as joint controllers of the processing of your personal data (hereinafter referred to as “you” or “your”). This privacy notice describes how your personal data is processed and for what purposes.  

What personal data do we collect about you?

We collect the following personal data in connection with your relationship with us: your name and surname, information that you obtained the certification, and e-mail address. This personal data falls under the GDPR into the category of identifiers. 

Optionally, based on your additional consent, we may also collect the information about your location and your professional position. 

How do we obtain your personal data?

Your personal data can be: 

• Obtained directly from you, such as your name, surname, and contact details.
• Statistics from the course you were enrolled in. 

How do we use your personal data?

Your personal data will be processed for the following purposes:

• To create a list of certified linguists which can be accessed by various language services providers (“LSPs”) 
• To enable you to get approached by such LSP with potential job offers  
• Our internal reporting
• To ensure network and information security and to enhance our services

On what legal basis do we use your personal data?

Processing of your personal data for other purposes listed in Section “How do we use your personal data?” is based on the following legal titles: 

• Service provision/fulfilment of the contractual obligations (Article 6 (1) b) GDPR)
• The necessity to comply with our legal obligations (Article 6 (1) c) GDPR), e.g. obligation to archive accounting documents.
• Our legitimate interest pursuant to Article 6 (1) f) GDPR (i) to help us to maintain a productive business relationship with you, (ii) to improve our ability to understand your business needs; (iii) to improve and enhance our services; and (iv) to ensure network and information security.
• Your consent, which you gave us upon completing the certification by confirming the relevant checkbox, for the purpose of sharing your personal data with relevant Language Service Providers 

How long will we keep your personal data?

We will always keep your personal data for the period for which you will be using our services while completing the Phrase TMS – Linguist Certification and afterwards for the purpose of maintaining the record that you have completed this certification successfully. We will also keep your personal data where required by law or where we need to do so in connection with potential or actual legal action, or an investigation involving Phrase a.s. or Phrase GmbH.

We will also delete your personal data upon your request. Whichever employee receives your request must promptly communicate it through our GDPR channel.  

With whom do we share your personal data?

Your personal data will be accessible to our employees as well as to authorized employees of our suppliers which provide us with a variety of essential services. 

If you complete the Linguist certification, your personal data will be also accessible to Language Service Providers who are customers of Phrase TMS solely on the basis of your explicitly given consent upon completing the certification. 

Transfers of your personal data outside of your home country

Your personal data may be transferred to countries outside the European Economic Area.  These countries include: The USA, Canada, and Japan. The countries to which we transfer personal data may not have data protection laws that provide an adequate level of protection to your personal data.

We therefore take steps (which may include entering into data transfer agreements based on the model clauses approved by the European Commission) to ensure that the persons to whom we transfer data in those countries commit to ensure an adequate level of protection for your personal data. You can find more information about data transfer agreements here.

Protecting your personal data

We may share your personal data with our suppliers under a written agreement which commits the suppliers to appropriate safeguards in relation to handling of your personal data (including in relation to maintaining confidentiality of your personal data and implementing appropriate technical and organizational security measures).

We will take appropriate legal, organizational and technical measures to protect your personal data consistent with applicable privacy and data security laws.

We do not sell your personal data.

Your rights 

If you have given your consent you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject shall have the right to withdraw his or her consent at any time.

• Request access to processing information

You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed as well as to be provided with a copy of your personal data.

• Request the correction and/or deletion of your personal data

You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed. In certain circumstances you have the right to erasure of the personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary to comply with legal obligations.

• Object to the processing of your personal data

You have the right to object at any time to the processing of your personal data for any advertising purposes.

• Request the restriction of the processing of your personal data 

You have the right to request the restriction of the processing of your personal data where you have contested its accuracy or if the processing is deemed unlawful.

• Request receipt or transmission to another organization, in a machine-readable form, of the personal data that you have provided to us

You have the right to transmit your personal data to another company in a safe and secure way without hindrance to usability.

• Complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered in consequence of unlawful processing of your personal data.

You are not required by law to provide your personal data to us, however, if you don’t, then we may not be able to provide you or your organization with our service. If you object to the processing of your personal data, we will respect that choice in accordance with our legal obligations. Depending on the scope of your request, this could mean that we will not be able to provide you or your organization with our service.

If you would like to exercise any of your rights, please let us know by getting in touch using the contact details below.

Contact Us

If you have questions or requests regarding the processing of your personal data, or require additional information, please contact: security@phrase.com.