Privacy Policy

This Privacy Policy describes how Transfective ("we," "us," or "our") collects, uses, processes, and protects personal information when you use our professional B2B translation and localization services.

Enterprise-Only Focus: Transfective exclusively serves business and organizational clients. This privacy policy applies to personal information processed in connection with our B2B services, including information about business contacts, project stakeholders, and organizational representatives.

Data Processing Roles: Depending on the specific service and relationship, Transfective may act as either a data controller or data processor of your personal information, in accordance with applicable privacy laws including GDPR, CCPA, and other regional data protection regulations.

Business Contact Information

Professional Identity Data:

• Names, business titles, and professional roles
• Corporate email addresses and business phone numbers
• Company names, departments, and office locations
• Professional credentials and industry certifications

Account and Access Data:

• Login credentials for service platforms
• Account preferences and service settings
• User permissions and access levels
• Time zone and language preferences

Project-Related Information

Business Content:

• Documents, files, and materials submitted for translation/localization
• Project specifications, requirements, and deadlines
• Quality preferences and style guidelines
• Revision requests and approval communications

Communication Records:

• Email correspondence regarding projects and services
• Meeting notes and discussion records (with consent)
• Support requests and technical assistance communications
• Service feedback and quality assessments

Technical and Usage Data

System Information:

• IP addresses and device identifiers
• Browser types and operating system details
• Service usage patterns and feature utilization
• Performance metrics and error logs

Website Analytics:

• Pages visited and time spent on our website
• Referral sources and navigation patterns
• Geographic location data (country/region level)
• Marketing campaign interaction data

Service Delivery and Management

Translation and Localization Services:

• Processing and managing your translation projects
• Assigning qualified linguists and project managers
• Conducting quality assurance and review processes
• Delivering completed projects and related communications

Account and Relationship Management:

• Creating and maintaining business accounts
• Providing customer support and technical assistance
• Managing billing, invoicing, and payment processing
• Maintaining service agreements and project records

Business Operations and Improvement

Service Enhancement:

• Analyzing service usage to improve quality and efficiency
• Developing new features and service capabilities
• Conducting performance monitoring and quality assessments
• Training and managing our linguistic resources

Business Communications:

• Sending service updates and important notifications
• Providing industry insights and best practice guidance
• Sharing relevant service announcements
• Responding to inquiries and support requests

Legal and Compliance Purposes

Regulatory Compliance:

• Meeting legal obligations under applicable laws
• Responding to valid legal processes and government requests
• Maintaining records for regulatory audits and compliance
• Protecting intellectual property rights

Security and Fraud Prevention:

• Detecting and preventing unauthorized access
• Investigating security incidents and policy violations
• Protecting the safety and rights of our clients and staff
• Maintaining system integrity and data protection

Authorized Service Providers

Linguistic and Quality Teams:

• Certified linguists and subject matter experts
• Project managers and quality assurance specialists
• Editorial and proofreading professionals
• All bound by strict confidentiality agreements and professional standards

Technology and Infrastructure Partners:

• Cloud service providers with enterprise-grade security certifications
• Translation technology and CAT tool providers
• Secure payment processing services
• IT infrastructure and security service providers

Business Partners and Integrations

Client Organization Personnel:

• Designated contacts and project stakeholders within your organization
• Billing and procurement contacts as specified
• Technical administrators for platform integrations
• Legal and compliance teams when required

Legal and Regulatory Disclosures

Required Disclosures: We may disclose personal information when legally required:

• Compliance with court orders, subpoenas, or legal processes
• Response to valid government or regulatory requests
• Protection of our legal rights and property
• Investigation of suspected fraud or security breaches
• Prevention of harm to individuals or public safety

No Sale of Personal Information

Data Protection Commitment: Data Protection Commitment: We do not sell, rent, lease, or otherwise monetize personal information. Your data is used exclusively for providing our professional language services and maintaining our business relationship.

Technical Safeguards

Encryption and Access Controls:

• Industry-standard encryption for data transmission and storage
• Multi-factor authentication and secure access controls
• Regular security assessments and penetration testing
• Network monitoring and intrusion detection systems

Infrastructure Security:

• Secure data centers with physical access controls
• Redundant backup systems and disaster recovery procedures
• Regular software updates and security patch management
• Isolated environments for sensitive project content

Operational Security

Personnel and Process Controls:

• Background verification for all staff with data access
• Comprehensive security training and awareness programs
• Strict confidentiality agreements with all personnel
• Regular security audits and compliance assessments

Quality and Compliance Standards:

• ISO 9001 and ISO 17100 certified quality management systems
• SOC 2 Type II compliance for security controls
• Regular third-party security assessments
• Documented incident response and breach notification procedures

Retention Principles

Business Necessity: Business Necessity: We retain personal information only as long as necessary for legitimate business purposes, legal obligations, and service delivery requirements.

Purpose Limitation: Purpose Limitation: Personal information is retained only for the specific purposes for which it was collected, and is securely deleted or anonymized when no longer needed.

Specific Retention Periods

• Account Information: Retained during the active business relationship and for 7 years after account closure for legal and tax compliance purposes.
• Project Content: Retained according to project requirements and client instructions, typically 3-5 years for warranty and quality assurance purposes.
• Communications: Business correspondence retained for 5 years for customer service and compliance purposes.
• Technical Logs: System and security logs retained for 1-2 years for security monitoring and incident investigation.

Data Deletion and Anonymization

Upon expiration of retention periods or at your request, we securely delete or anonymize personal information using industry-standard data destruction methods.

Access and Control Rights

Information Access:

• Request copies of personal information we hold about you
• Receive information about how your data is processed and shared
• Obtain details about data retention periods and deletion schedules

Data Correction and Updates:

• Correct inaccurate or incomplete personal information
• Update contact details and account preferences
• Modify communication settings and privacy preferences

Data Portability and Deletion:

• Request transfer of your data in a structured, machine-readable format
• Request deletion of personal information (subject to legal obligations)
• Withdraw consent for processing where applicable

Regional Privacy Rights

European Union (GDPR):

• Right of access, rectification, erasure, and portability
• Right to restrict or object to processing
• Right to withdraw consent and lodge complaints with supervisory authorities

California (CCPA/CPRA):

• Right to know about personal information collection and use
• Right to delete personal information and opt-out of sales
• Right to non-discrimination for exercising privacy rights

Other Jurisdictions: Other Jurisdictions: We comply with applicable privacy laws in all regions where we operate.

Cookie Usage and Types

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Service functionality and performance

Analytics Cookies:

• Website usage statistics and performance monitoring
• Service improvement and feature development
• User experience optimization

Preference Cookies:

• Language and regional settings
• Account preferences and customization
• Service configuration and workflow settings

Cookie Management

Browser Controls: Browser Controls: You can manage cookie preferences through your browser settings, though some cookies are essential for service functionality.

Opt-Out Options: Opt-Out Options: Analytics and non-essential cookies can be disabled through our cookie preference center available on our website.

Third-Party Tracking

Limited Third-Party Use: Limited Third-Party Use: We work only with trusted partners who maintain similar privacy standards and do not engage in broad-based tracking or advertising networks.

Global Service Delivery

Cross-Border Processing: Cross-Border Processing: As a global language services provider with offices in 25+ countries, we may transfer personal information internationally to deliver our services effectively.

Transfer Safeguards: Transfer Safeguards: All international transfers are protected by appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Adequacy decisions by competent regulatory bodies
• Binding corporate rules and international privacy frameworks
• Additional security measures as required by applicable law

Regional Data Handling

Local Data Residency: Local Data Residency: Where required by law or client preference, we can maintain data within specific geographic regions.

Cross-Border Compliance: Cross-Border Compliance: All international operations comply with applicable data protection laws in both source and destination jurisdictions.

Regulatory Frameworks

Global Compliance: Global Compliance: We maintain compliance with major privacy regulations including:

• EU General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA/CPRA)
• Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
• Other applicable regional privacy laws

Certification and Standards

Industry Certifications:

• ISO 9001:2015 (Quality Management)
• ISO 17100:2015 (Translation Services)
• SOC 2 Type II (Security Controls)
• Annual compliance audits and assessments

Privacy Program Management:

• Dedicated Data Protection Officer
• Privacy by Design implementation
• Regular staff training and awareness programs
• Incident response and breach notification procedures

Update Process

Regular Review: Regular Review: This privacy policy is reviewed annually and updated as necessary to reflect changes in our practices, services, or applicable laws.

Notification of Changes:

• Significant changes: Direct notification via email and prominent website notice
• Minor updates: Posted on our website with updated "Last Modified" date

Continued Service Use: Continued Service Use: Continued use of our services after policy changes indicates acceptance of the updated terms.

Version Control

Change Documentation: Change Documentation: We maintain records of policy changes and update history for transparency and compliance purposes.

Privacy Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Primary Contact:
Email: it@transfective.com
Subject Line: Privacy Policy Inquiry - Your Name/Organization
Mailing Address: Transfective Language Services, Office 49, 22th Floor, Rolex Twin Towers, Deira, Dubai, UAE

Response Time: Response Time: We respond to privacy inquiries within 30 business days, significantly faster than industry standard 45-day response times.

Regional Privacy Support

Unlike providers with centralized privacy support, we offer regional privacy assistance:

• Chicago - USA: chicago@transfective.com
• Montreal - Canada: montreal@transfective.com
• California - USA: california@transfective.com
• Toronto - Canada: toronto@transfective.com
• Tallinn - Estonia: tallinn@transfective.com
• Paris - France: paris@transfective.com
• New York - USA: newyork@transfective.com
• London - UK: london@transfective.com
• Istanbul - Turkey: istanbul@transfective.com
• Guelph - Canada: guelph@transfective.com
• Dubai - UAE: dubai@transfective.com
• Casablanca - Morocco: casablanca@transfective.com

Emergency Data Incidents

24/7 Security Hotline: it@transfective.com
For immediate data security concerns requiring urgent attention

• Website: www.transfective.com
• General Inquiries: contactus@transfective.com