All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.
Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.
Your data is hosted on Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS). Amazon take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times. Amazon maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.
Submit a support request if you have other security questions and we’ll get back to you as quickly as we can.
Have you noticed abuse, misuse, or experienced an incident with your account? Please visit our security response page for details on how to securely submit a report.
TJY Limited (“We“) are committed to protecting and respecting your privacy.
Information we may collect from you
We may collect and process the following information about you.
Information you give us. If you decide to register with or use the Service you will be asked to provide certain information about yourself. You will voluntarily provide us with Personal Data which includes your name, email address and contact details when you:
Information we collect about you. Each time you use the Service we may automatically collect the following information:
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected via the Service. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
If you are under 16 years of age
If you’re under the age of 16, you may not have an account on the Service. We do not knowingly collect information from or direct any of our content specifically to children under 16. If we learn or have reason to suspect that you are a user who is under the age of 16, we will unfortunately have to close your account. Please see our Customer Terms for information about account termination.
Uses made of Information
We will only use information held about you for the following purposes.
Information you give to us: We will use this information:
Information we collect about you. We will use this information:
By using the Service, you agree that we can access, aggregate and use non-personally identifiable data we have collected from you. This data will in no way identify you or any other individual. We may use this aggregated non-personally identifiable data to:
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive). By using the Service, you consent to Personal Data being collected, held and used in this way and for any other use you authorize.
Disclosure of your information
We may share your Personal Data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Information we share with third parties. We may share your information with selected third parties including:
Personal Data we disclose to third parties. We follow strict guidelines in the storage and disclosure of information which you have given us, to prevent unauthorized access. We comply with the laws of the countries from which we operate. We may disclose your Personal Data to third parties:
In complying with court orders and similar legal processes, we strive for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
Consent. If you wish to subscribe to our marketing communications, we will use your name and email address to send communications to you. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may elect to stop receiving our marketing emails by following the unsubscribe instructions included in such emails.
We send push notifications from time to time in order to update you about any Service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device. If you change your mind about being contacted in the future, please click on the opt out options included in emails or the Service and we will remove you from our mailing lists.
Access to information. You have the right to access information held about you.
Right to deletion, rectification and data export. We permit you to delete, rectify and export information you have provided to us, subject to the conditions of our Customer Terms and our legal obligations set out below.
Retention. We retain Personal Data for as long as we provide the Services to you or your account remains open. However, we may keep some data after your account is closed or you cease using the Service, for the purposes set out below.
After you have closed your account we may retain Personal Data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Customer Terms, offer new features you may be interested in, or fulfil your request to “unsubscribe” from further messages from us. If none of these obligations apply we will delete Personal Data within 12 months of your account being closed.
We will retain de-personalised information after your account has been closed.
Applicable Data Protection Law
For the purpose of the General Data Protection Regulation (EU) 2016/679, the data controller is TJY Limited, a private limited company registered in England with number 7167657 whose registered office is at 105 All Souls Avenue, London, NW10 3AU, UK.
Where we store your Personal Data for EU Customers only
Our Service is accessible via the Internet and may potentially be accessed by any user around the world. Other users may access the Service from outside the EEA. This means that where you chose to upload your data to the Service, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Service, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Service; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The Service may contain links to and from third party websites of our partners, networks, advertisers and affiliate. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for the privacy practices or content of these websites.
Welcome to TranslationProjex, an online project management system designed for LSPs and corporate and organizational language departments
The Website is operated by TJY Limited, a private limited company registered in England with number 7167657 whose registered office is at 105 All Souls Avenue, London, NW10 3AU, UK (“we” or “us” or “our”). These Customer Terms apply to all Customers who access or use the Service.
You may connect to the Service using an Internet browser supported by the Service. You are responsible for obtaining access to the Internet and any equipment necessary to use the Service.
The person signing up for an account will be automatically assigned as a super administrator (“Super Administrator”), the Customer contact who has day-to-day responsibility for the Customer account. Your account is only for use by either a single legal entity (e.g. a company or a partnership) or an individual user. You must provide the Customer legal full name, address, a valid email address, and any other information requested in order to complete the signup process. The Customer acknowledges that, if the Customer allows a third party to open an account on their behalf or designates any of the third party’s personnel as Super Administrators of the Customer’s account, the third party will be able to control account information, including Customer Data, and access to the Customer’s account.
You may invite users to access your account (“Users”) by inviting them to register as a User. You confirm that all Users are 16 years old or older.
You shall not upload or enter any personal data, revealing: (i) racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; (ii) data concerning health or sex life or sexual orientation; or (iii) genetic data or biometric data, (“Sensitive Personal Data”) into the Service.
Use of your account shall commence after signup and shall continue until terminated by either party in accordance with the provisions of these Customer Terms.
You are responsible for ensuring that all contact, email and name details used in connection with the Service are accurate and current during the term of this agreement. The Super Administrators control the day to day administration of the Customer account. The Super Administrators can cancel access to the Service, enable or disable third party integrations, manage permissions and export settings. These actions may result in changes to the access, use, disclosure, modification or deletion of certain or all Customer Data.
Invited Users may access the Service and submit content or information (“Customer Data”) subject to the provisions of these Customer Terms. You shall ensure that all Users comply with these Customer Terms and you shall be liable for any breaches of the Customer Terms caused by any acts or omissions of Users as if the Customer had carried out such acts or omissions itself.
Users are not permitted to share their username and password with any other person nor with multiple users on a network.
You are responsible for any and all activities that occur in your account. You will immediately notify us if you become aware of any unauthorised use of your account, passwords or any breach of security. Where a User misuses your Account you are responsible for taking any remedial action to protect your account. The Customer may request our help in providing audit activity to help ascertain any breaches. We shall act with reasonable care in providing audit assistance but shall have no liability for any loss or damage arising as a result of providing such audit assistance
If a person proven to be acting on behalf of the Customer asks us to replace a Super Administrator we will only make the change i. if there is only one Super Administrator on the Account and, ii. if we are lawfully obliged to do so i.e. by court order, or if requested by the Customer in circumstances where the Super Administrator cannot make the change i.e. in the event of their death, on us being provided with acceptable evidence of the Super Administrator’s inability to make the change.
You own all content and data you add to your account and you retain sole ownership of all rights, title and interest in, and to, your Customer Data. You have the sole responsibility for the legality, reliability, integrity, accuracy and quality of your Customer Data.
You grant us the perpetual right to use Customer Data in an anonymized format.
We have no responsibility for the way in which you choose to use your account to store or process your Customer Data. In particular we maintain a directory, (“TranslationProjex Integrations”), where some non-TranslationProjex products are available for integration or you may choose to create your own integration via the application programme interface (“API”). We do not warrant or support these products, and you decide whether or not you wish to enable them. If you choose to use any third party integration and we become aware of excessive requests to your account via the API we reserve the right to suspend access to the API. We shall attempt to email you prior to suspension.
If Customer Data is being passed from, or to, the Service through an API, we will not be responsible for any use, disclosure, modification or deletion of Customer Data that is transmitted, or accessed by, third party products.
For paying accounts, the Customer agrees to provide us with a valid payment card or PayPal account and authorise us to deduct payments of the current monthly fees as published on our Website. The payment card must be registered in the Customer’s name. Payment cards and payments are subject to validation and authorisation checks of the card issuer.
If you sign up for a fee paying account on a 14 or 30 day trial basis and do not cancel that account within 30 days of signup, the Service shall continue until cancelled or terminated and you shall be liable to pay monthly fees for the account. The Customer will be billed monthly in advance on or around the 30th day after your account was created. There will be no refund or credit for partial months of Service. Fees are chargeable and shall be payable until an account is terminated or cancelled, even if you never use the Service.
Free accounts are not required to provide a payment card. If you upgrade from a free account to a fee paying account there is no trial period. You will be charged for the first month immediately following any such upgrade.
All fees are exclusive of all taxes, charges, levies, assessments and other fees of any kind imposed on use of the Service and such amounts shall be the responsibility of, and payable by, the Customer. TJY is not a VAT-registered business so we do not charge VAT on sales.
Only the Customer can ask us to lock all access to your account for any reason.
We reserve the right to suspend access to your account if you fail to provide valid credit card details that enable us to charge the full amount of any outstanding fees and charges due or you fail to pay us any sums owed for the Service for any reason. We will provide your Super Administrator with prior notice by email of our intention to suspend your Customer account. If, within 7 days of suspending your Customer account, the amount of any outstanding fees and charges is not paid to us in full, your Customer account will be cancelled.
We may terminate these Customer Terms immediately by giving you written notice if you or a User commit any breach of these Customer Terms. We may terminate these Customer Terms for any other reason upon giving you 7 days written notice.
Termination of these Customer Terms for any reason shall not affect the accrued rights of the parties arising under these Customer Terms and all rights which by their nature should survive the expiry or termination of these Customer Terms shall remain in full force and effect.
Your Super Administrator may cancel your Customer account with immediate effect by sending an email to email@example.com. Your recurring billing schedule will be ended upon cancellation. If you reactivate an Account after cancellation or suspension, you will be billed in accordance with the original billing cycle.
Except for paying accounts, we reserve the right to cancel and delete your account if you haven’t accessed the Service for more than 3 consecutive months. We will provide prior notice by email to the Super Administrator before we do so. Each account will be considered as an independent and separate account for the purpose of calculating the inactive period. Any one user accessing the account will keep the account active.
When an account is terminated or cancelled, the account and any content left behind in the account will be made inaccessible. For a period of 14 days after any account has been cancelled you may request that we restore your account. After this period, your account and all Customer Data contained within it will be permanently deleted and the agreement between us as set out in these Customer Terms will automatically terminate. Please be aware that partial data may reside in our backup and/or archive systems for a period of up to 50 days.
Each party undertakes to comply with its obligations under relevant applicable data protection laws, principles and agreements.
To the extent that personal data is processed by us on your behalf when you or Users use the Service, you acknowledge that we are a data processor and the Customer is a data controller. The terms of the Data Processing Agreement shall apply to all Customer Data that we process on your behalf.
If a third party alleges infringement of its data protection rights, we shall be obliged to take measures necessary to prevent the infringement of a third party’s rights from continuing.
We will endeavour to make the Website and Service available to the Customer and Users 24 x 7, however we shall not be liable if for any reason the Website or Service is unavailable at any time or for any period.
We may suspend access to your account temporarily and without notice in the case of system failure, maintenance or repair or due to a Force Majeure Event (defined below).
We will provide technical support to you by email only. Technical support will only be provided for bugs or errors that are reproducible by us. You agree to provide us with full and accurate details of all bugs and errors, on request. You acknowledge that we provide no warranty that all or any bugs or errors will be corrected.
Neither our staff nor our third party service partners will access any user passwords and are therefore unable to access the organization’s account or data without the permission of the Super Administrator. We reserve the right to access your system in order to provide support for technical issues or training purposes.
All intellectual property rights and title to the Service and materials on the Website, including without limitation photographs and graphical images (save to the extent they incorporate any Customer Data or third party owned item) shall remain owned by us and our licensors and no interest or ownership in the Service or Website is transferred to the Customer. Nothing in these Customer Terms shall be construed to mean, by inference or otherwise, that the Customer has any right to obtain source code for the software comprised within the Service or Website.
No part of the Website or Service may be reproduced or stored in any other website or included in any public or private electronic retrieval system or service without our prior written permission.
We may take and maintain technical precautions to protect the Service and Website from improper or unauthorised use, distribution or copying.
You are prohibited from posting or transmitting to or from the Website and/or the Service any material: (i) that is threatening, defamatory, obscene, indecent, seditious, offensive, pornographic, abusive, liable to incite racial hatred, discriminatory, menacing, scandalous, inflammatory, blasphemous, in breach of confidence, in breach of privacy or which may cause annoyance or inconvenience; or (ii) for which you have not obtained all necessary licences, consents and/or approvals; or (iii) which constitutes or encourages conduct that would be considered a criminal offence, give rise to civil liability, or otherwise be contrary to the law of or infringe the rights of any third party, in any country in the world; or (iv) which is technically harmful (including, without limitation, computer viruses, logic bombs, Trojan horses, worms, harmful components, corrupted data or other malicious software or harmful data).
You must not use the Website or the Service: (i) in any way that breaches any applicable local, national or international law or regulation; (ii) in any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect; (iii) for the purpose of harming or attempting to harm minors in any way; or (iv) to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
We shall fully co-operate with any law enforcement authorities or court order requesting or directing us to disclose the identity or locate anyone posting any material in breach of the above rules on acceptable conduct.
The material on the Website and the Service is provided “as is”, without any conditions, warranties or other terms of any kind. While we endeavour to ensure that the information provided on the Website and the information provided in connection with the Service is correct, we do not warrant the accuracy and completeness of such material. We may make changes to the material on the Website or to the Service, or to the products and prices described on the Website, at any time without notice. The material on the Website may be out of date, and we make no commitment to update such material.
We may share information about our future product plans with you from time to time. Please note that any public statement about our product plans is an expression of intent and should not be relied upon when purchasing the Service. Any decision to purchase the Service should be based on the functionality or features we have made available today and not on the future delivery of any functionality or features.
You warrant and represent that: (i) you have authority to enter into this agreement and to perform your obligations under these Customer Terms; (ii) the execution and performance of your obligations under these Customer Terms does not violate or conflict with the terms of any other agreement to which you are a party and is in accordance with any applicable laws; (iii) you shall respect all applicable laws and regulations, governmental orders and court orders, which relate to use of the Service, or Website, and these Customer Terms; and (iv) you rightfully own the necessary user rights, copyrights and ancillary copyrights and permits required for you to fulfil your obligations under these Customer Terms.
Except as expressly stated in these Customer Terms, all warranties and conditions, whether express or implied by statute, common law or otherwise (including but not limited to satisfactory quality and fitness for purpose), are hereby excluded to the fullest extent permitted by law. No warranty is made regarding the results of usage of the Service or Website or that the functionality of the Service or Website will meet your requirements or that the Service or Website will operate uninterrupted or error free.
We do not exclude or limit our liability to you for fraud, death or personal injury caused by any negligent act, omission or wilful misconduct by us in connection with the provision of the Website or Service, or any liability which cannot be excluded or limited under applicable law.
In no event shall we be liable to you whether arising under these Customer Terms or in tort (including negligence or breach of statutory duty), misrepresentation or however arising, for any indirect or consequential loss or damage which shall include but not be limited to pure economic loss, losses incurred by any client of yours or other third party, loss of profits (whether categorised as direct or indirect loss), losses arising from business interruption, loss of business revenue, goodwill or anticipated savings, losses whether or not occurring in the normal course of business, wasted management or staff time, loss or corruption of data, or inability to use or the results of use of the Website or Service, any websites linked to the Website or the material on such websites.
You acknowledge and agree our total liability to you (whether in contract, tort or otherwise) under or in connection with the provision of the Website or Service under these Customer Terms including any claim for indemnity or contribution shall not exceed one hundred (100) per cent of the total amount (excluding any VAT, duty, sales or similar taxes) paid by you to us during the preceding twelve (12) month period.
The Customer shall defend, indemnify and hold us and our employees, sub-contractors or agents harmless from and against any costs, losses, liabilities and expenses, including reasonable legal costs arising from any claim relating to or resulting directly or indirectly from: (i) any claimed infringement by the Customer, User or third party of any intellectual property rights with respect to use of the Website or Service outside of the scope of these Customer Terms; or (ii) use by us of any Customer Data or Customer or User provided item; or (iii) any access to or use of the Website or Service by a User, Client or a third party in breach of these Customer Terms; or (iv) breaches of data protection law or regulations resulting from the us processing data on behalf of and in accordance with the instructions of the Customer or User.
Each party may use the confidential information of the other party only for the purposes of these Customer Terms and must keep confidential all confidential information of the other party except to the extent (if any) the recipient of any confidential information is required by law to disclose the confidential information.
Each party may disclose the confidential information of the other party to those of its employees and agents who have a need to know the confidential information for the purposes of these Customer Terms but only if the employee or agent executes a confidentiality undertaking in a form approved by the other party.
The obligations of confidentiality under these Customer Terms do not extend to information that: (i) was rightfully in the possession of the receiving party before the commencement of these Customer Terms; (ii) is or becomes public knowledge (otherwise than as a result of a breach of these Customer Terms; or (iii) is required by law to be disclosed.
You may not transfer, assign, charge or otherwise dispose of these Customer Terms or any of your rights or obligations arising hereunder, without our prior written consent.
We may transfer, assign, charge, sub-contract or otherwise dispose of these Customer Terms, or any of our rights or obligations arising hereunder, at any time.
The parties are independent contractors and nothing in these Customer Terms will be construed as creating an employer-employee relationship between us.
We will communicate with you in English only.
All notices from you must be given to us by email at firstname.lastname@example.org or by recorded delivery to 2-4 Exmoor Street, London, W10 6BD, United Kingdom. Unless explicitly stated otherwise in these Customer Terms we shall give all notices to you by email to the email address of the Super Administrator. Notices shall be deemed received and properly served 24 hours after an e-mail is sent, or for postal letters on receipt.
New features in the Service, including new tools and resources, will be subject to these Customer Terms.
We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations caused by events outside our reasonable control (a “Force Majeure Event”).
A Force Majeure Event includes any act, event, non-happening, omission or accident beyond our reasonable control and includes but is not limited to: (i) strikes, lock-outs or other industrial action; (ii) civil commotion, riot, invasion, terrorist attack or threat of terrorist attack, war (whether declared or not) or threat or preparation for war; (iii) fire, explosion, storm, flood, earthquake, subsidence, epidemic or other natural disaster; (iv) impossibility of the use of public or private telecommunications networks; (v) the acts, decrees, legislation, regulations or restrictions of any government.
Our performance of our obligations shall be deemed to be suspended for the period that the Force Majeure Event continues, and we will have an extension of time for performance for the duration of that period. We will use our reasonable endeavours to bring the Force Majeure Event to an end or to find a solution by which our obligations under these Customer Terms may be performed despite the Force Majeure Event.
Should a provision of these Customer Terms be invalid or become invalid then the legal effect of the other provisions shall be unaffected. A valid provision is deemed to have been agreed which comes closest to what the parties intended commercially and shall replace the invalid provision. The same shall apply to any omissions.
These Customer Terms, together with all documents referred to in them constitute the whole agreement and understanding between the parties and supersedes all prior agreements, representations, negotiations and discussions between the parties relating to the subject matter thereof.
Nothing contained in these Customer Terms is intended to be enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999 or any other similar law in any jurisdiction.
These Customer Terms shall be governed by the laws of England and Wales. The courts of England shall have exclusive jurisdiction for the settlement of all disputes arising under these Customer Terms.
A sub-processor is a third party data processor engaged by TranslationProjex, including entities from within the group, who has or potentially will have access to or process Service Data (which may contain Personal Data). Further information can be found in the Data Processing Agreement.
TranslationProjex uses the following sub-processors to provide infrastructure and services to assist it in providing Trans Services
Amazon Web Services, Inc
Amazon Web Services (AWS) provides the primary infrastructure used by the Processor to host Service Data submitted to the Services
Google provides email services used by the Processor to facilitate support and other communication with customers
Groove Inc is the Help Desk provider the Processor uses to respond to customer support queries
SendGrid is an email sending service the Processor relies on as a backup service provider for sending emails from the Service
Sparkpost is an email sending service the Processor relies on as a service provider for sending emails from the Service
DropBox is a cloud storage provider that the Processor uses to store files
Mailchimp is a cloud storage provider that the Processor uses to send email marketing campaigns
An integrations platform
This DPA is entered into between us and the Customer and is incorporated into and governed by the terms of the Customer Terms.
Any capitalised term not defined in this DPA shall have the meaning given to it in the Customer Terms.
means the agreement between us and the Customer for the provision of the Services
means the Customer
shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (as amended from time to time, or replaced by subsequent legislation)
means this data processing agreement together with its Schedule 1 and the Security Documentation
shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (as amended from time to time, or replaced by subsequent legislation)
means the security documents located at https://www.translationprojex.com/security as amended from time to time, or as otherwise made available by the Processor to the Controller
“Standard Contractual Clauses”
means the EU model clauses for Personal Data transfer from controllers to processors c2010-593 – Decision 2010/87EU
means any entity that directly or indirectly controls, is controlled by, or is under common control of a party. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of a party
means any person or entity engaged by us (including a Subsidiary) to process Personal Data in the provision of the Services to the Customer
The Processor has agreed to provide the Services to the Controller in accordance with the terms of the Customer Terms. In providing the Services, the Processor shall process Customer Data on behalf of the Controller. Customer Data may include Personal Data. The Processor will process and protect such Personal Data in accordance with the terms of this DPA.
In providing the Services to the Controller pursuant to the terms of the Customer Terms, the Processor shall process Personal Data only to the extent necessary to provide the Services in accordance with both the terms of the Customer Terms and the Controller’s instructions documented in the Customer Terms and this DPA.
The Processor may collect, process or use Personal Data only within the scope of this DPA.
The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller
The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any applicable data protection laws.
The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
The technical and organisational measures detailed in the Security Documentation shall be at all times adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA provided that such updates and modifications do not result in the degradation of the overall security of the Services.
Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the Processor; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
The Controller represents and warrants that it shall comply with the terms of the Customer Terms, this DPA and all applicable data protection laws.
The Controller represents and warrants that it has obtained any and all necessary permissions and authorisations necessary to permit the Processor, its Subsidiaries and Sub-Processors, to execute their rights or perform their obligations under this DPA.
The Controller is responsible for compliance with all applicable data protection legislation, including requirements with regards to the transfer of Personal Data under this DPA and the Customer Terms.
All Subsidiaries of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA.
The Controller has their own obligations to implement their own appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
The Controller shall take steps to ensure that any natural person acting under the authority of the Controller who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after termination of the Agreement. The Processor will process the request to the extent it is lawful, and will reasonably fulfil such request in accordance with its standard operational procedures to the extent possible.
The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of data from the Processor, may result in additional fees. In such case, the Processor will notify the Controller of such fees in advance unless otherwise agreed.
The Controller acknowledges and agrees that: (i) Subsidiaries of the Processor may be used as Sub-processors; and (ii) the Processor and its Subsidiaries respectively may engage Sub-processors in connection with the provision of the Services.
All Sub-processors who process Personal Data in the provision of the Services to the Controller shall comply with the obligations of the Processor similar to those set out in this DPA.
Where Sub-processors are located outside of the EEA, the Processor confirms that such Sub-processors: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the Processor; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
The Processor shall make available to the Controller the current list of Sub-processors (at http//www.translationprojex.com/subprocessors/) which shall include the identities of Sub-processors and their country of location. During the term of this DPA, the Processor shall provide the Controller with at least 30 days prior notification, via email (or in-application notice), of any changes to the list of Sub-processor(s) who may process Personal Data before authorising any new or replacement Sub-processor(s) to process Personal Data in connection with the provision of the Services.
If the Controller objects to a new or replacement Sub-processor the Controller may terminate the Customer Terms with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub-processor. The Processor will refund the Controller any prepaid fees covering the remainder of the Term of the Customer Terms following the effective date of termination with respect to such terminated Services.
The limitations on liability set out in the Customer Terms apply to all claims made pursuant to any breach of the terms of this DPA.
The parties agree that the Processor shall be liable for any breaches of this DPA caused by the acts and omissions or negligence of its Sub-processors to the same extent the Processor would be liable if performing the services of each Sub-processor directly under the terms of the DPA, subject to any limitations on liability set out in the terms of the Customer Terms.
The parties agree that the Controller shall be liable for any breaches of this DPA caused by the acts and omissions or negligence of its Subsidiaries as if such acts, omissions or negligence had been committed by the Controller itself.
The Controller shall not be entitled to recover more than once in respect of the same claim.
The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with its processing obligations and allow for and contribute to audits and inspections.
Any audit conducted under this DPA shall consist of examination of the most recent reports, certificates and/or extracts prepared by an independent auditor bound by confidentiality provisions similar to those set out in the Agreement. In the event that provision of the same is not deemed sufficient in the reasonable opinion of the Controller, the Controller may at its own expense conduct a more extensive audit which will be: (i) limited in scope to matters specific to the Controller and agreed in advance with the Processor; (ii) carried out during UK business hours and upon reasonable notice which shall be not less than 4 weeks unless an identifiable material issue has arisen; and (iii) conducted in a way which does not interfere with the Processor’s day-to-day business. The Processor may charge a fee (based on its reasonable time and costs) for assisting with any audit. The Processor will provide the Controller with further details of any applicable fee, and the basis of its calculation, in advance of any such audit.
This clause shall not modify or limit the rights of audit of the Controller, instead it is intended to clarify the procedures in respect of any audit undertaken pursuant thereto.
The Controller will enable the Processor to delete Personal Data using the functionality provided by the Service. For certain deletions, a recovery feature is offered by the Processor to enable recovery from accidental deletions for up to 30 days. This may be overridden by the Processor. After any recovery period, the Controller will permanently delete the Personal Data from the live systems.
On termination, the Controller has the option to request the return or deletion of Personal Data. This request must be made within 14 days of termination. The Processor will make the data available for download by the Controller in a machine readable format. Thereafter the Processor will permanently delete the Personal Data from the live systems in any event.
Following permanent deletion from the live systems, partial data reside on the Processor’s archival systems for a period of up to 35 days. If requested by the Controller, the Processor may be able to assist with recovery of partial data from these archives during this period. A fee will be charged for this service.
The Processor shall notify the Controller without undue delay after becoming aware of (and in any event within 72 hours of discovering) any accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to any Personal Data (“Data Breach”).
The Processor will take all commercially reasonable measures to secure the Personal Data, to limit the effects of any Data Breach and to assist the Controller in meeting the Controller’s obligations under applicable law.
The Processor’s notification of, or response to, a Data Breach under this Section 10 will not be construed as an acknowledgement by the Processor of any fault or liability with respect to the Data Breach.
The Processor will not assess the content of the Controller’s data in order to identify information subject to any specific Controller data breach. Controller is solely responsible for complying with data breach notification laws applicable to the Controller and fulfilling any third party notification obligations related to any Data Breach(es).
In the event that the Processor receives a request from a Data Subject in relation to Personal Data, the Processor will refer the Data Subject to the Controller unless otherwise prohibited by law. The Controller shall reimburse the Processor for all costs incurred resulting from providing reasonable assistance in dealing with a Data Subject request or assisting the Controller in complying with its duties. In the event that the Processor is legally required to respond to the Data Subject, the Controller will fully cooperate with the Processor as applicable.
The Processor will notify the Controller promptly of any request or complaint regarding the processing of Personal Data, which adversely impacts the Controller, unless such notification is not permitted under applicable law or a relevant court order.
The Processor may make copies of and/or retain Personal Data in order to comply with its legal or regulatory requirement including, but not limited to, retention requirements.
The parties acknowledge that it is the duty of the Controller to notify the Processor within a reasonable time, of any changes to applicable data protection laws, codes or regulations which may affect the contractual duties of the Processor. The Processor shall respond within a reasonable timeframe in respect of any changes that need to be made to the terms of this DPA or to the technical and organisational measures to maintain compliance. If the parties agree that amendments are required, but the Processor is unable to accommodate the necessary changes, the Controller may terminate the part or parts of the Services which give rise to the non-compliance. To the extent that other parts of the Services provided are not affected by such changes, the provision of those Services shall remain unaffected.
The Controller and the Processor and, where applicable, their representatives, shall cooperate, on request, with a supervisory data protection authority in the performance of their respective obligations under this DPA.
The parties agree that the Processor will be entitled to charge the Controller additional fees to reimburse the Processor for its staff time, costs and expenses in assisting the Controller, when the Controller requests the Processor to provide assistance pursuant to this DPA. In such cases, the Processor will notify the Controller of its fees for providing assistance, in advance.
The term of this DPA shall coincide with the commencement of the Agreement and this DPA shall terminate automatically together with termination or expiry of the Agreement.
This DPA sets out the entire understanding of the parties with regards to the subject matter herein.
Should a provision of this DPA be invalid or become invalid then the legal effect of the other provisions shall be unaffected. A valid provision is deemed to have been agreed which comes closest to what the parties intended commercially and shall replace the invalid provision. The same shall apply to any omissions.
This DPA shall be governed by the laws of England and Wales. The courts of England shall have exclusive jurisdiction for the settlement of all disputes arising under this DPA.
The Controller transfers Personal Data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.
The Controller is the Customer.
The Processor received data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.
The Processor is: TJY Limited, a private limited company registered in England with number 7167657 whose registered office is at 105 All Souls Avenue, London, NW10 3AU, UK.
The Personal Data transferred includes but is not limited to the following categories of Data Subjects:
The Personal Data transferred includes but is not limited to the following categories of data:
Personal Data transferred includes but is not limited to the following special categories of data:
The Personal Data transferred will be subject to the following basic processing activities: