Data Protection Policy

In accordance with the EU General Data Protection Regulation (GDPR)

  1. Preamble
  2. Security policy and responsibilities in the translation company
  3. Legal framework in the company
  4. Legal Disclaimer - Legal Notice
  5. Documentation
  6. Existing technical and organisational measures (TOM)

AP | PORTUGAL - Language Services ("AP | PORTUGAL", "we", "us", or "our") recognizes the importance of privacy. This Data Protection Policy is a summarising document which describes how we collect, use, and disclose information that we obtain about visitors to our websites, (the "Sites"), and the services available through our Sites (collectively, the "Services").

This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance. By visiting the Sites or using any of our Services, you agree that your personal information will be handled as described in this Data Protection Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Data Protection Policy.

1. Preamble

1.1 - AP | PORTUGAL - Language Services is a translation company specialised in technological and language services, which operates at a national and international level. We a translation agency in Lisbon and other translation agency in Oporto. Since 1998, the company has sought to provide high-quality translation and interpretation services, sustained by fair and decent relations. Nowadays, we provide translation, interpreting, transcription and subtitling services for all corporate bodies and individual clients who need language services. AP | PORTUGAL is an active members of several international associations of translation companies.

1.2 - Considering the current legal obligations and the consequences of sensitive data breaches, we are deeply and intrinsically motivated to comply with Data Protection Policy.

1.3 - We do realize the importance of protection and privacy of the information that we receive, handle and store and, actually, way before the start-up of the new GDPR, we either already meet or implement our obligations as a data processor on a very serious way by developing our internal privacy policy in cooperation with our partners, both clients and suppliers.

1.4 - Through this Data Protection Policy, we describe how we use your personal data concerning the set out of the categories of personal data, received directly or from a third part, the purpose for which we may process personal data and the legal bases of the processing.

2. Security policy and responsibilities in the company

2.1 - All processing of personal data, (non-professional and related to individual persons), has the prior and express authorisation of its owner.

2.2 - Regarding the personal data, we may process:
a) Usage Data (data about your use of our website and services) which may include, namely, IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The legal basis for this processing is your consent by accepting this Data Protection Policy and our legitimate interests in monitoring and improving our website and services;

b) Account Data (your account data) which may include your name and email address and source of your account. The legal basis for this processing is your consent by accepting this Data Protection Policy and for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you;

c) Profile Data (information of your personal profile) which may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details, commonly contained on CV's. The legal basis for this processing is your consent by accepting this Data Protection Policy and for the purposes of enabling and monitoring your use of our website and services;

d) Enquiry Data (information contained in any enquiry you submit to us regarding goods and/or services). The legal basis for this processing is your consent by accepting this Data Protection Policy and for the purposes of offering, marketing and selling relevant goods and/or services to you, or simply to define AP | PORTUGAL strategies;

e) Transaction Data (information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website or email) which may include your contact details, your card details and the transaction details. The legal basis for this processing is your consent by accepting this Data Protection Policy and for the purpose of supplying the purchased goods and/or services and keeping proper records of those transactions, as legally mandatory by Portuguese Law;

f) Please do not supply any other person's personal data to us, unless we prompt you to do so.

2.3 - All internal employees at AP | PORTUGAL are obligated and bound by its Personal Data Protection Policy established in accordance with the GDPR (EU Regulation 2016/679 of 27.04.2016), so that all processing of personal data that they have to carry out is done within a professional scope, with exclusively professional purposes, and properly inserted within the scope of their functions foreseen by AP | PORTUGAL.

2.4 - All employees at AP | PORTUGAL are obligated and bound by its Personal Data Protection Policy established in accordance with the GDPR (EU Regulation 2016/679 of 27.04.2016), also with regard to the policy of management and use of electronic mail (e-mail).

2.5 - AP | PORTUGAL have a Data protection team, headed by a Data Protection Officer, and a dedicated privacy team, and will continue to evaluate whether we need to take any additional steps in light of the new requirements.

To know more about our Appointment Certificate Data Protection- DPO - please click
here.


3. Legal framework in the company

3.1 - All partners of AP | PORTUGAL, through which it operates, in particular with regard to its internal and external communication system, reception, use and archiving of data, work tools to provide linguistic and technological services, as well as to its ERP, in particular and citing only a few of the main ones:
- Wordbee;
- Google;

ISO 27001 ISO 27017 ISO 27018 AICPA SOC 2 AICPA SOC 3 EU-US Privacy Shield
ISO 27001 - Information Security Management ISO 27017 - Cloud Security ISO 27018 - Cloud Privacy AICPA - Service Organization Controls 2 AICPA - Service Organization Controls 3 EU-US and Swiss-US Privacy Shield Frameworks


- Workplace;
ISO 27001 AICPA SOC 2 AICPA SOC 3 EU-US Privacy Shield
ISO 27001 - Information Security Management AICPA - Service Organization Controls 2 AICPA - Service Organization Controls 3 EU-US and Swiss-US Privacy Shield Frameworks

- PHC;
They are also linked to the GPRD, through their respective Data Protection Policies.

3.2 - AP | PORTUGAL has prepared a DPA in order to safeguard the protection of the privacy of the personal data which it handles, due to the necessity of transferring this same treatment to some of its external service providers in the course of its activity.

3.3 - Regarding the above mentioned in 3.2, and protected by the referred DPA, we may disclose:
a) The personal data described in 2.2, to our suppliers or subcontractors insofar as reasonably necessary for the purposes of the AP | PORTUGAL's business object, namely Languages and Technological services;

b) Financial transactions relating to AP | PORTUGAL's business object, handled by our payment services providers and/or external bookkeeper. We will share transaction data with our payment services providers and/or external bookkeeper only to the extent necessary for the purposes of, namely, processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find more information about the payment services providers' privacy policies and practices by contacting our DPO referred in this Data Protection Policy;

c) In addition to the specific disclosures of personal data set out in this Section 3.3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

3.4 - AP | PORTUGAL is a language services company certified by the ISO 17100:2015 international standard and within the scope of its legal provisions, it is in compliance with the need to have all of its projects as well as its respective content fully referenced and traceable as such. These maximum security channels contained in the ISO 17100:2015 also allow for greater agility in intervention whenever necessary, since all the documents included in the translation projects and their personal data are permanently under control.


4. Legal Disclaimer - Legal Notice

Under the terms of the GDPR and in order to obtain legal authorisation for the processing of their personal data by their employees, partners, customers and simple users, AP | PORTUGAL presents legal notices on its website, cookies and E-mails.

4.1 - Website
AP | PORTUGAL guarantees, for all users, the maximum confidentiality and privacy about personal data that is provided in the scope of the visit to this website, according to the legal requirements.

By supplying your personal data via an electronic form, the user authorises the processing of said data by AP | PORTUGAL for professional purposes and in accordance with the present policy of processing personal data. This policy may change, so we recommend that you consult it regularly.

According to the GPRD in force, the user of AP | PORTUGAL may, at any time, exercise the rights of access, rectification, limitation, portability, opposition and erasure under the terms established in said law and other regulations. For this, the user must communicate it in writing to the email dpo@apportugal.com.

AP | PORTUGAL commits to complying with its obligation to protect personal data and its duty to keep it confidential and will take the necessary measures to prevent its alteration, loss and processing or unauthorised access.

4.2 - Cookies
We use our own cookies and third-party cookies to enhance your experience. While continuing to browse consider accepting our policy on cookies.

A) Cookies are small text files with distinct information that is stored on the User's hard disk by accessing a web page or Internet portal and that are sent to the web server in the following connection to the server.

B) AP | PORTUGAL may use cookies on its Website. The information collected will only refer to the pages of the Site that the User has browsed. The purpose is statistical, as well as to get to know the tastes and preferences of the users of the Website. If you have configured your browser in a way that prevents the creation of cookies or that warns you of this fact, this will not prevent the User from accessing the website but may impede the correct operation of it.

4.3 - Requests for Quotes (via email and Form) and Quote Proposals
By sending us a request for a quote, either by completing the form on our website or by sending an email, you are accepting our Personal Data Privacy Policy and therefore validate the processing of your data.

All data entered in the fields included in the forms available on our website will be subject to data processing, namely:
-Name and Surname;
-Telephone number and e-mail address;
-Billing Data;
-Target and Source Languages;
-Document(s) to be translated or any supporting material enclosed;

The prior authorisation granted at the time the quote request is sent also extends to the consequent quote proposals implemented by AP | PORTUGAL, in particular the data contained and processed therein.

If you do not carry out the requested validation, AP | PORTUGAL will consider that it has not been granted your authorisation and therefore the quote request will not be sent or considered, if it is a form request or via e-mail, respectively, all in strict compliance with the new GDPR.
Please feel free to ask us any questions that you consider appropriate regarding the new GDPR at dpo@apportugal.com.


5. Documentation

5.1 - All processing of personal data by AP | PORTUGAL and its respective adequacy to the GDPR is subject to regular and periodic internal inspections, and is also open to external inspections, although strictly within the legal terms of the GDPR.

5.2 - All documentation handled by AP | PORTUGAL is filed in accordance with the current Policy of the Protection of Data, that is, as Normal or without requiring protection or Classification, or requiring protection.


6. Existing technical and organisational measures (TOM)

6.1 - In addition to all of the previously described methods in this Data Privacy Policy, through its DPO, AP | PORTUGAL guarantees access to the rights legally conferred in the GDPR, namely:
- Right of Access;
- Right of Rectification;
- Right of Limitation;
- Right of Portability;
- Right of Opposition and;
- Right to Erase (Oblivion) of all personal data that ceases to be useful after 5 years.
By any holder of any personal data that has been processed by it, within 30 days from the request of said rights, or from the moment they are no longer necessary for the purpose that motivated their collection.

6.2 - Appropriate technical and organisational measures were implemented and substantiated by AP | PORTUGAL, taking into account, inter alia, the purpose of the processing, the state of the technology and the implementation costs, as described on this Data Protection Policy, namely:
a) Physical and environmental-related security for end users like:
- Permissible use of values;
- Guideline for information transfer based on the work environment and screen locks;
- Mobile devices and telecommuting;
- Restriction of software installation and use.
b) Data backup;
c) Information transfer;
d) Protection against malware;
e) Handling technical weak points;
f) Cryptographic measures;
g) Communication security;
h) Privacy and protection of personal information;
i) Supplier relationships.
Noting regular inspection and evaluation of data processing, especially the efficacy of the implemented technical and organisational measures.

6.3 - AP | PORTUGAL, through this Policy as well as its internal procedures, establishes a protection of personal data from its design and default according to article 25 of the GDPR, also comprising an Impact Assessment in the terms of articles 35 and 36 of the GDPR.

6.4 - AP | PORTUGAL, by means of this Policy as well as its internal procedures, establishes a system of Notification of a violation of personal data to the competent Control Authority as well as the Communication of said violation to the data subject, pursuant to articles 33 and 34 of the GDPR, respectively.