Here at Academic Audio Transcription (AAT), we take privacy rights seriously. We respect the privacy of all individuals we deal with, including our website visitors, clients who use our services, freelancers and suppliers, enquirers and anyone else we encounter in our business;
This Policy sets out information about how we use, store and transfer personal data which we receive in connection with our services or otherwise.
We or us means Academic Audio Transcription Ltd, a company registered in the United Kingdom under number 10923862 whose registered offices are at Suite 43, 1 Rockley Road, London, United Kingdom, W14 0DJ.
Full details are set out in the relevant sections of this Policy below, but keeping it brief:
- we are a data controller in relation to much of the personal data that we hold. That means we determine how we will use and look after it;
- we offer a transcription service to academics and researchers. The material we transcribe may contain personal data. When we provide transcription services to our clients, we act as a data processor in relation to personal data contained in transcriptions. That means that they are data controller and responsible for determining how we handle that data (which we normally agree with them in our terms of service);
- we normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted (e.g. other users of our services who have introduced you to us); we use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
- we only provide your personal data to third parties for our business purposes or as permitted by law. We don’t share your data with third party advertisers;
- we store personal data for specified periods;
- you have legal rights in relation to your personal data which you can exercise on request;
- you can contact us to enquire about any of the contents of this Policy.
- Our roles as Data Controller and Data Processor
- a data controller determines the purposes for which personal data is to be collected and used, and the means of handling of that personal data. When we hold your data for our own purposes, we act as a data controller. In particular, when we collect and use contact information of our clients and suppliers, for our business purposes, we are acting as a data controller;
- a data processor handles personal data on the instructions of and for the purposes of a data controller. When we store, transmit or transcribe personal data for our clients we are acting for their purposes as a data processor.Importantly, clients and researchers who send us interviews or material for transcription are data controllers in their own right. For information on how they will use and handle your data, you will need to review their own privacy notices or policies.
2. Personal Data we Collect
In this Section we have set out the kinds of personal data that we may collect, use, store and transfer. We have grouped that data together into different categories based on their subject matter, and based on the kinds of individuals to whom they relate.
Data relating to almost everyone we deal with: e.g. website users, enquirers, suppliers
- 2.1 We may process data about your use of our website (usage data), which we obtain through our analytics tracking systems. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
- 2.2 We may process information contained in or relating to any enquiry or communication that you send to us or that we send to you (correspondence data). This could for example include support queries from our clients, enquiries from journalists or any other correspondence. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us such as your name, email address, phone number, job title, address or social media username.
Data relating to clients
2.3 In addition to your contact details, which we’ll count as correspondence data, we might process some additional business-related data in connection with our clients, which we’ll call client data. This might include, for example, payment details (if you choose to make payments through an individual rather than an institutional account), or account details if we provide you with any account log-in as part of our services (e.g. for file transfer purposes).
Data relating to freelancers
2.4 If you are a freelancer or consultant who works for us to provide transcription services, then in addition to correspondence data we may process a few other kinds of personal data relating to you. This might include:
- Identity data such as your full or legal name, copies of ID documents (like a passport or driver’s licence), proof of address (like a utility bill) or a photograph;
- financial data such as your bank account details, or tax registration details;
- onboarding data, which is a catch-all for any other information which we request or which you choose to disclose to us as part of the onboarding process. We pride ourselves on providing fairly paid, accessible work to disabled, chronically ill, neurodivergent and other marginalised individuals, so it’s possible that as part of the onboarding discussion you might tell us about your physical or mental health, racial/ethnic identity, gender identity or sexuality. You might also be asked to provide a criminal record check, or to allow us to conduct one. This sort of information is a special category of personal data under data protection law, and subject to additional protections, and if you choose to share it with us we will ensure that it is treated with sensitivity; and
- other freelancer data such as data around your availability to work or any other information compiled or shared with us in the context of our relationship with you.
2.5 If we have some commercial relationship with you or with your employer (for example, a supply, purchase, or referral relationship) then we may handle your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, POs and invoices, proposals and so on). We call all of this partner data, and we process it for the purposes of administering our commercial relationship with you.
Personal data we obtain from others
2.6 Your personal data may be provided to us by someone other than you. We might be introduced to you in correspondence by a mutual acquaintance or another user of our services, for example. Normally this data will be correspondence data or partner data as described above.
3. Our purposes and legal bases of processing
3.1 We have set out below, in table format, a description of all the ways we may use your personal data. We’re also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the basis of our legitimate interests then we also need to identify those legitimate interests and have done so below.
3.2 Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data. Feel free to contact us for further information.
|Type of Data||Purpose/Activity||Legal Basis for Processing|
|Usage Data||Analyzing the use of, and improving, our site and services, security monitoring and fraud detection and to ensure our website is presented in the most effective manner.||Our legitimate interests (Art 6.1(f) GDPR), namely delivering and improving our website and ensuring its security.|
|Correspondence Data||To communicate with you. If you have indicated your interest in our services then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time).||Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries. Where correspondence data relates to marketing, our legitimate interests in developing our business.Where correspondence relates to any contract or potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Art 6.1(b) GDPR).|
|Client data||Providing our services, verifying logins, and communicating with you.||Performance of a contract with you (i.e. delivering our services).Our legitimate interests, namely properly administering our business, services and communications.|
|Freelancer identity data||Confirming the suitability of freelancers to provide services to us.||Compliance with our legal obligations (Art 6.1(c) GDPR)Performance of a contract with you.Our legitimate interests, namely providing assurance of a safe user experience to our clients.|
|Freelancer financial data||Making payment to our freelancers.||Performance of a contract with you.|
|Criminal record information contained in freelancer onboarding data||Confirming the suitability of freelancers to provide services to us.||Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR)|
|Special category data contained in freelancer onboarding data||Confirming the suitability of freelancers to provide services to us, ensuring we can make adjustments where appropriate, ensuring our commitment to diversity.||Compliance with our legal obligations (Art 6.1(c) GDPR)Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR)|
|Freelancer data, partner data||Administering our commercial relationship with those with whom we do business.||Performance of a contract with you.Our legitimate interests, namely properly administering our business and communications, and developing commercial relationships.|
|Any personal data||For the purposes of legal compliance (e.g. maintaining tax records)||Compliance with our legal obligations (Art 6.1(c) GDPR)|
|Any personal data||For the purposes of bringing and defending legal claims||Our legitimate interests, namely being able to conduct and defend legal claims to preserve our rights and those of others.|
|Any personal data||Record-keeping and hosting, back-up and restoration of our systems.||Our legitimate interests, namely ensuring the resilience of our IT systems and the integrity and recoverability of our data.|
4. Providing your personal data to others
4.1 Our advisors. We may disclose your personal data to our insurers and/or professional advisers to takeprofessional advice and manage legal disputes.
4.2 Disclosures on your instructions. We may disclose your personal data to third parties if you instruct us to do so.
4.3 Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:
(a) any personal data in our possession to suppliers which host the servers on which our data is stored, or to freelance staff whose duties involve handling the relevant personal data;
(b) correspondence data to providers of email or email marketing services;
(c) data relating to payment to our payment processing service providers (such as PayPal) or to our accountants;
(d) usage data to providers of analytics services; and
(e) partner data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
4.4 We do not allow our processors to use your data for their own personal purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
4.5 Compliance. We may also disclose your personal data where necessary to comply with law.
4.6 Restructuring. If any part of our business is proposed to be sold or transferred, your personal data maybe disclosed to the new owner or in connection with the relevant negotiations.
5. International transfers of your personal data
Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an “adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.
6. Data security
6.1 We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.
6.2 Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.
7. Retaining and deleting personal data
7.1 We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not be kept for longer than is necessary for the relevant purposes. In particular:
(a) client, partner and freelancer data will be retained for seven years after the end of the relevant contractual relationship;
(b) correspondence data will be retained for the period of the enquiry or chain of correspondence and then deleted after twelve months (unless it relates to a contractual relationship with client, partner or freelancer in which case it may be retained longer as set out above);
(c) usage data will be retained for twelve months;
(d) any data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Typically this will be derived from usage data.
7.2 We maintain system backups for disaster recovery purposes and may retain those backups for up to six months. That means that information which is deleted from our live systems may still remain in backup for up to six months.
7.3 We may retain your personal data longer than set out above where necessary to comply with law or in connection with any legal claim.
7.4 Where we act as a data processor for a client, then the period during which we will retain transcription data will be agreed with that client.
8. Your rights
8.1 You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at www.ico.gov.uk for a fuller explanation of your rights. In summary, though:
(a) the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information;
(b) the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
(c) the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes);
(d) the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
(e) the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law;
(f) the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.
9.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
9.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
9.3 Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.
9.4 We may use these kinds of cookies:
(a) Strictly Necessary Cookies: these cookies are essential to provide you with services available through our website and to enable you to use some of its features. For example, they allow you to log in to secure areas of our website and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
(b) Functionality Cookies: These cookies allow our website to remember choices you make when you use our website, such as remembering your login details and remembering the changes you make to other parts of our website which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our website.
(c) Analytical/Performance Cookies: These cookies are used to collect information about traffic to our website and how users use our website. We use this information to help operate our website more efficiently, to gather broad information about visitors to our site (such as geographical location, visit times and bounce rates).
d) Google Analytics: The Sites use Google Analytics (an analytical/performance cookie) to help analyse how users use our websites, collecting standard internet log information and visitor behaviour information in an anonymised form from which no user is identifiable. This information is transmitted to Google and processed to compile statistical reports on activity on our websites. These reports allow us to optimise our user experience. Google provide a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/.
9.5 You can choose which cookies are set or rejected through a pop-up which will appear on our website when you first visit. Strictly Necessary Cookies cannot be rejected.
9.6 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages made available by your browser operator.
10. Third Parties
The Site may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on our websites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.
We may update this Policy from time to time by publishing a new version on our website. You should check occasionally to ensure you are happy with any changes to this Policy, although we may notify you of significant changes to this Policy using the contact details you have given us.
12 Data protection registration
We are registered as a data controller with the UK Information Commissioner’s Office. Our dataprotection registration number is ZA558598.
13. Contact Us
Last updated: 25.10.19