Purpose

Our Data Privacy Policy aims to establish a comprehensive framework for protecting the privacy and confidentiality of personal and sensitive data entrusted to our organization. This policy seeks to ensure the lawful and ethical handling of personal information, safeguard the rights and privacy of individuals, and maintain the trust and confidence of our customers, partners, and stakeholders. Through robust data protection measures, privacy impact assessments, and ongoing monitoring, we strive to mitigate the risks of unauthorized access, data breaches, and misuse of personal information while fostering transparency, accountability, and compliance in our data handling practices.

Scope

The Data Privacy Policy applies to all our organization’s employees, contractors, vendors, and stakeholders. It encompasses the protection and responsible handling of personal and sensitive information collected and processed by the organization. This policy covers collecting, storing, accessing, transferring, and disposing of personal data in compliance with applicable data protection laws and regulations. It outlines procedures for obtaining consent, implementing security measures to safeguard data, ensuring data accuracy, and responding to data subject rights requests. The policy sets forth guidelines for data breach notification, data sharing agreements, and vendor management to protect the privacy and confidentiality of individuals’ information. Compliance with this policy is mandatory for all individuals within the organization, and any deviations or exceptions require approval from the designated authority responsible for data privacy and cybersecurity governance.

Safeguards

To achieve the organization’s overall mission, and the purpose of this security and privacy policy, the organization shall:

PRV-01 Maintain a transparent, documented privacy program that documents the organization’s safeguards to address data privacy.

PRV-02 Non-disclosure agreements within each team member’s contract, and for specific clients and contracts as required.

PRV-03 Access control measures, data access is restricted on the need-to-know bases, only relevant project managers, translators, and revision personnel see relevant files.

PRV-04 Data Minimization, only essential information is collected from the client and retained for each project.

PRV-05 Document retention and deletion, Documents are securely deleted or archived after a period individually defined by contracts or other circumstances.

PRV-06 Confidential File transfer systems. We use a secure server for the exchange of files with the qualified approved team members.

PRV-07 End – To – End Encryption. All protected data is to be transmitted through encrypted messaging. Or through External drives provided by the client.

PRV-08 Antivirus and antimalware software is installed and regularly updated on the server as well as each workstation.

PRV-09 Regular security audits are conducted by the Canadian Industrial Security to identify and fix potential vulnerabilities.

PRV-10 A Clear chain of Custody for all documents at each stage of processing.

PRV-11 Workstations Security, all stations are secured within industry standards, with auto lock screens, restriction of USB usage, and encryption software as required.

PRV-12 Remote work security policy – each employee has their own secure VPN access with company issued devices.

PRV-13 Incident Response Plan, a document plan in case of data breach or security incident – including protocols for reporting, mitigation, and restitution.

PRV-14 IT Security Policy in place

Policy Sanctions

Non-compliance with this policy may result in disciplinary action in line with our corporation’s human resources procedures. Consequences may range from mandatory refresher training and written warnings to temporary suspension of remote access privileges and, in severe cases, termination of employment or contractual obligations. Individuals could be subject to legal consequences under applicable laws if violations involve illegal activities. These sanctions emphasize the critical importance of security, the individual’s role in protecting our digital assets, and the potential risks associated with policy violations. Enforcement will be consistent and impartial, with the severity of the action corresponding directly to the seriousness of the breach.

This policy is reviewed yearly and updated as required throughout the year to reflect changes in our practices or requirements. Any updates will be communicated in a timely manner and made available to our team members and clients.