GDPR Statement

Introduction

On 25 May 2018, the General Data Protection Regulation (GDPR) became effective. The GDPR aims to protect the right to privacy of every EU resident giving them a greater say over how their personal data is used. It also details how EU personal data laws are applied outside the EU. The GDPR, therefore, has important implications for how organisations handle confidential data.

Border Transcription Services has never used your data in the past. Now we need to let you know Border Transcription Services is classified under GDPR as a data controller and we are taking every step to ensure that we comply with the new legislation. As we have always complied rigorously with the Data Protection Act, we won’t need to make many changes.

Border Transcription Services’ Commitment

Border Transcription Services honour our clients’ rights to data privacy and protection. Border Transcription Services does not use its clients’ personal information beyond what is required for the functioning of its services.

Border Transcription Services has demonstrated its commitment to data privacy and protection by:

• Operating a secure connection to communicate between our website and browsers (https);
• There is only one person – the founder/owner of Border Transcription Services - who has access to any client information;
• We use our file upload area for all uploading and their daily security comprises: - Third-party firewall and security scans - AES 256-bit encryption with SSAE 16 certification.

How is Border Transcription Services preparing for GDPR?

As a data controller, we understand our obligation to our clients and their personal data. We have thoroughly analysed the GDPR requirements and are working through several initiatives to ensure that we are only holding the minimum information required to provide the contracted services to our clients, that we allow clients to manage the data that is held and easily be able to provide access to the data and removal wherever possible. This includes identifying personal data.

We are undertaking a systematic review of the personal data that is being stored, managed, retained, collected, processed and disposed of across our various systems. Assessment of this data will review information flow, any data transfers, risk, and structural position in relation to lawfulness, purpose, minimisation, accuracy, consent, limitation, integrity and confidentiality, record keeping and accountability.

Providing visibility and transparency

The most important aspect of GDPR is how the collected data is used. As a data controller, we are committed to allowing clients to manage their personal data. Some of these details do filter through to Border Transcription Services’ back end systems which are not publicly visible for certain applications (such as billing or support), but all this data can be retrieved or removed on request where appropriate.

Enhancing data integrity and security

Border Transcription Services has always taken the privacy and security of its clients' data seriously. All files (audio, video and transcription files) are securely removed from the system as soon as invoices have been paid. Recordings and transcriptions are held only on one PC, which is accessible by the founder/owner of Border Transcription Services and no other person. There are no other people working in the office of Border Transcription Services and work is not outsourced under any circumstances.

Portability and transferability of data

GDPR gives end users the right either to receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, we have been implementing new internal procedures and policies to improve the efficiency of the data exporting process and are happy to transfer files, where needed, via whichever method is preferable to each individual client.

Supplier & Partner relationships

Border Transcription Services is currently using all reasonable endeavours to ensure that their upload area and server hosts are complying with the GDPR.

What does this mean for Border Transcription Services clients?

There will be no difference to the service that Border Transcription Services clients receive. We are simply making sure that we are fully compliant with the GDPR by May 2018 through improved access controls, procedures and policies for data subjects rights, regular data audits, restricting retained data and enhanced security of client data. Border Transcription Services will continue to monitor the GDPR programme up to the target date in May 2018 and beyond.

FAQ

Can we search our personal data on your systems?

The data that you have provided to Border Transcription Services can be found in your online control panel in the file upload area, or on any third party ftp sites you have chosen in order to share files. Any other data stored on the back end system (i.e. your name, company name and contact information) can be retrieved and sent to you upon request.

Can we delete our personal data from your systems?

By updating or closing your account, your personal data will be removed from Border Transcription Services’ systems. Any data that has filtered through to the back end systems can also be requested to be deleted where applicable. Data can only be removed once payment has been received and after the first day of the month preceding your project completion.

Can we export our personal data from your systems?

On request, Border Transcription Services will be able to provide a full export of an individual’s personal data. Transcripts/recordings will only be available until the relevant invoice has been paid.

Do your standard contract terms include the new GDPR mandatory provisions?

The contract terms have been updated to include the new GDPR mandatory provisions to be in place before May 25th, 2018.

Can you confirm our right to have perennial data deleted or returned upon termination of contract at no extra cost?

Any personal data that is not legally required to be kept for longer periods will not be retained for more than 12 months and upon request can be deleted on termination of contract. Data can only be removed once payment has been received and after the first day of the month preceding your project completion.

What is your geographical location?

Blackpool, Lancashire, UK.

What is the geographical location of your data systems?

Coventry, UK Dedicated Servers and Seren Web LLC – UK

Donna Hampshire
Founder & Owner
May 2018