GDPR Policy

General Data Protection Regulation (GDPR) Policy

What information do we collect and what do we do with it?

1) Information about clients or people who ask us for a quote:

What: Name, email address, institutional affiliation if appropriate, invoice data for previous work with us (date, amount, rate per minute, whether it was paid on time), information used to give quotes. Any personal information about clients that may be included within the recordings we transcribe (though all audio files are deleted after completion of a transcription job).

Why we need this information: In order to run the business smoothly, aid in our filing and accounting responsibilities, and to help us plan the future of our business. 

Legal justification: Contract & Legitimate interest

How do we keep this data safe?

We use password protected files and email. Passwords are not given out to anyone who hasn’t signed a confidentiality agreement where we ensure everyone is aware of the requirements of data protection.

Sharing of data?

None

How long do we keep the data for? 

We will keep this data for a maximum of 3 years from our last transaction. At any point, you can request for this information to be edited or deleted by emailing typeology.coop@gmail.com .

2) Files that we are working on

What: Audio files, including confidential research interviews. Other files if we are doing voice recording or proofreading. Any personal information that may be included within the recordings we transcribe. The information in these files may have different data requirements as set by the client, ie. fully confidential, embargoed until a certain date, or publicly available (e.g. podcasts).

Why we need this information: In order to do the work we’ve been paid to do.

Legal justification: Contract

How do we keep this data safe?

We take information security very seriously and we are aware of the importance of making sure your information remains secure, particularly when we are working for academics researching sensitive topics.. All our transcribers and contractors sign a confidentiality agreement and we make sure everyone is aware of the requirements of data protection. We are also able to sign your own confidentiality agreement specific to your project if requested. The interviews and transcripts are kept on password-protected computers/servers and are only accessed by the people who need to use them for doing the transcription work. This would be for doing the transcription or for checking the lengths of the file and audio quality in order to allocate the work among ourselves. We can use file encryption when emailing documents on request. All audio files are deleted after completion of a transcription job, once you confirm you have received the transcripts.

Sharing of data?

We have reciprocal agreements with a few freelance transcribers to undertake one another’s overflow work in order to meet deadlines. If we do this, all transcribers including contractors from other companies will sign the same confidentiality agreement. If you do not wish to have contractors transcribe your files, please indicate you wish to opt out. 

How long do we keep the data for? 

We will keep audio files and transcripts until you let us know that you have got them OK. After that point, they will be deleted. If you do not let us know you have received them, they will be deleted after 3 years. At any point, you can request for this information to be edited or deleted by emailing typeology.coop@gmail.com .

3) Information about TypeOlogy members and contractors

What: Name, email address, history of hours worked and files completed, payment details, membership status. 

Why we need this information: In order to run the business smoothly, aid in our filing and accounting responsibilities, and to help us plan the future of our business, and pay our members for their labour. 

Legal justification: Contract & Legitimate interest

How do we keep this data safe?

We use password protected email, google drive, and basecamp forum to organise our work flow and activities between members. Passwords are not given out to anyone who hasn’t signed a confidentiality agreement where we ensure everyone is aware of the requirements of data protection.

Sharing of data?

None

How long do we keep the data for? 

We will keep this data for a maximum of 3 years from your last file transcribed. At any point, you can request for this information to be edited or deleted by emailing typeology.coop@gmail.com .

4) Information about potential TypeOlogy members collected during recruitment

What: Name, email address, phone number, information about past work experience and skills. 

Why we need this information: To aid in the recruitment of new members

Legal justification: Legitimate interest

How do we keep this data safe?

We use password protected email, Google Drive, and Basecamp forum to store information about potential members. Passwords are not given out to anyone who hasn’t signed a confidentiality agreement where we ensure everyone is aware of the requirements of data protection.

Sharing of data?

None

How long do we keep the data for? 

We will keep this data for a maximum of 6 months from collection. At any point, you can request for this information to be edited or deleted by emailing typeology.coop@gmail.com .

Breaches

Should this policy be breached, TypeOlogy will follow the Information Commissioner’s Office guidelines on how to proceed. Depending on the severity of the breach, this may involve informing the relevant authorities (usually the Information Commissioner’s Office) and any individuals affected. This should take place in a timely manner, ie. 72 hours from the point that a breach has been notified. TypeOlogy documents all data breaches, regardless of whether they are serious enough to notify authorities or individuals. For more information contact typeology.coop@gmail.com

Key contact:

The named person responsible for data protection in TypeOlogy Co-operative is Simon Bradley, who can be contacted by email at typeology.coop@gmail.com . They are responsible for making sure that the policy is up to date and being followed and that new members are trained in data protection requirements.