Terms & Conditions
This website uktranscription.com is operated by UK Transcription Ltd, a company registered in England and Wales, company registration number 06380476, whose registered office is located at 15-17 Middle Street, Brighton BN1 1AL.
The Company is registered with the Information Commissioner as a data controller, with registration number ZA231661.
All UK Transcription employees, contractors, associates and homeworkers are bound by contractual privacy terms at least as strict as defined in this policy, and are full UK residents paid via UK bank accounts.
In some areas of our website we ask you to register and thereby provide personal information. When you do so, we ask you to give us your name, email address, company or affiliation, department, job title and other personal information for the purpose of supplying the Services to you.
We collect statistical information about browsing actions and patterns including the pages on the website that you visit and the functionality of the services of which you make use.
The information you provide will be kept confidential. We will hold, use and disclose your personal information for our legitimate business purposes including:
Under GDPR, the main grounds that we reply upon in order to process personal information of our users are the following:
Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
We will only share your personal information with trusted third parties where we have retained them to provide services that you have requested or for our legitimate business purposes, such as accountancy, IT or professional support services.
Data Processor Obligations
The Processor shall ensure that it and any sub-processor (to be engaged only with the Controller’s consent and on the same terms as below ) identifies the Personal Data as above and –
(a) in processing the Personal Data:
(i) does so only on documented instructions from the Controller;
(ii) does not transfer the Personal Data to a third country or an international organisation , unless the Controller so instructs, or the Processor is required to do so by law;
(iii) if the Processor is required by law to make such a transfer, the Processor shall inform the Controller of that legal requirement before transferring, unless the law prohibits such information being given on important grounds of public interest.
(b) ensures that persons authorised to process the Personal Data are bound by contractual confidentiality obligations which reflect the requirements of these clauses and the need to keep the Personal Data secure and confidential.
(c) ensures appropriate technical and organisational measures are in place (and advises the Controller of the measures) to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(i) the pseudonymisation and encryption of the Personal Data;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(iii) the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident;
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
In assessing the appropriate level of security account may be taken of adherence to an approved code of conduct , and shall be taken of:
(i) the state of the art, the costs of implementation and the nature, scope, context and purposes of processing ;
(ii) the risk of varying likelihood and severity for the rights and freedoms of natural persons) ;
(iii) the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed.
(d) does not engage another processor (a sub-processor) unless the Controller in its absolute discretion gives a specific or general written authorisation; and where such consent is given, the Processor :
(i) shall inform the Controller of any intended changes to a general written authorisation to add or replace processors, thereby giving the Controller the opportunity to object to such changes ;
(ii) shall impose the same data protection contractual obligations as set out in these clauses ;
(iii) acknowledges that the Processor remains fully liable to the Controller for the performance of the sub-processor .
(e) assists the Controller by appropriate technical and organisational measures, so far as possible, to respond to requests for exercising the data subject's rights under Data Protection Legislation, including Chapter III of the GDPR.
(f) assists the Controller with:
(i) its obligations to ensure that appropriate technical and organisational security measures are in place, including the documentation of those measures ;
(ii) notifying any Personal Data breach to the supervisory authority (the UK ICO) and to the data subject ;
(iii) data protection impact assessments and consulting the supervisory authority where an assessment indicates the processing involves unmitigated high risk.
(g) at the choice of the Controller, deletes or returns all the Personal Data to the Controller after the end of the provision of services relating to processing, and deletes existing copies unless Data Protection Law requires storage of the Personal Data.
(h) makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this clause and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller; and immediately informs the Controller if, in its opinion, an instruction infringes Data Protection Legislation.
Data Retention Policy
Data transfer, including audio uploads and transcript downloads, is secure and encrypted with 256 bit SSL. Non encrypted transfer of data is always strictly opt in.
Card payments are processed by Stripe, and no card data is accessible, collected or stored. Prior to July 2016, we did process card data, and PCI DSS compliance was audited quarterly by securitymetrics.com, a 3rd party internet security firm. All customer card data was permanently destroyed on 1st August 2016.
Accounting data such as invoices, contact info, file metadata (e.g. filenames and durations), financial account data and transaction receipts are shared with trusted 3rd parties including Xero, Citrix and Zapier.
Quick Drop audio uploads and file storage is hosted on EU servers operated by Citrix. https://www.citrix.com/en-gb/about/trust-center/privacy-compliance/gdpr-faq.html
Transcript and operational data is processed and stored in a VPS managed by https://krystal.uk/.
Back ups of transcripts are encrypted at rest using AES-256.
We use the data we collect to monitor the effectiveness and performance of the Site and to improve the Services we provide, and to provide relevant content.We only track users' behaviour on our Site and we do not have access to your behaviour on other websites other than in relation to how you were referred to the Site (e.g. through another site or a search term).
The contents of this website and these pages are protected by copyright and no part of them may be reproduced in any form except with our prior written permission.
Phone: 01273 921552
UK Transcription Ltd
15-17 Middle Street
Brighton BN1 1AL
Phone: 01273 921552
Data Protection Act: ZA231661