Privacy Policy & Terms and Conditions
The website NAATITranslations.com is owned by International Study Solutions Pty Ltd (hereinafter referred to as I.S.S.), an agency specialized in services for Italians abroad to international destinations such as Australia, Canada, New Zealand, United States, United Kingdom, Ireland and Malta.
Founded in 2007 in Sydney, Australia, which is also the location of our head office, it is an Australian law company and as such manages its telematic and multimedia properties in accordance with the Privacy protection rules established in the Australian Privacy Act 1998.
In addition, as of 25/05/18 we also adopt the GDPR measures of the European community for data and privacy management law 2016/679.
The Australian Privacy Act 1998 determines the protection, responsibilities, and obligations that our company has in collecting and managing the personal data of its visitors and customers through our sites and computer systems.
Personal data means information that allows identifying or associating a natural person with their characteristics, habits, lifestyle, expressed opinion, etc...
For more information about the Australian privacy authority, please consult the website of the Office of the Australian Information Commissioner oaic.gov.au.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informative texts displayed before the collection of the data itself.
What are the types of data collected from our sites and computer systems
The IT tools, servers, and software used for the proper functioning of our websites collect some data and information depending on the actions performed, because this data is implicit in the use of internet communication protocols.
This website, either autonomously or through third-party software, collects personal data such as: Cookies, Usage and navigation data, email, phone number, name, and other types of data if communicated by the user in the body of the message in the contact form. This data is freely provided by the user or, in the case of usage data, collected automatically during the use of this website.
The data requested by the contact form is necessary for the use of the requested service. If the user refuses to communicate it, it may be impossible to provide the service. The User assumes responsibility for the personal data of third parties obtained, published or shared through our sites and guarantees to have the right to communicate or disseminate them, releasing the owner of the site from any responsibility towards third parties.
Users who have doubts about which data is mandatory are encouraged to contact the Data Controller of this site. The possible use of Cookies - or other tracking tools - by this Website or by the owners of third-party services used by this Website, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
Methods and place of processing of collected Data
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Controller, in some cases, other subjects involved in the provision of services of this Website may have access to the Data (administrative, commercial, marketing, legal staff, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Controller. The updated list of Processors can always be requested from the Data Controller.
The Controller processes Personal Data relating to the User if one of the following conditions exists:
- The User has given consent for one or more specific purposes; Note: in some jurisdictions the Controller may be authorized to process Personal Data without the User's consent
or another of the legal bases specified below, until the User opposes ("opt-out") such processing. However, this is not applicable when the processing of Personal Data is regulated
by European legislation on the protection of Personal Data;
- Processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures;
- Processing is necessary to fulfill a legal obligation to which the Controller is subject;
- Processing is necessary for the execution of a task of public interest or for the exercise of public powers vested in the Controller;
- Processing is necessary for the pursuit of the legitimate interest of the Controller or third parties;
- It is always possible to request the Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided by a contract
or necessary to conclude a contract.
Data is processed at the Controller's operating offices and in any other place where the parties involved in the processing are located.
For further information we invite you to contact the Controller.
The User's Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section
relating to the details on the processing of Personal Data.
The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or constituted by two or more countries,
such as the UN, as well as about the security measures adopted by the Controller to protect the Data.
If one of the transfers just described takes place, the User can refer to the respective sections of this document or ask the Controller for information by contacting them at the addresses shown at the top.
Data is processed and stored for the time required by the purposes for which it was collected.
Therefore:
- Personal Data collected for purposes connected to the performance of a contract between the Controller and the User will be retained until the performance of such contract is completed.
- Personal Data collected for purposes attributable to the legitimate interest of the Controller will be retained until the satisfaction of such interest. The User can obtain further information about the legitimate interest
pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When processing is based on the User's consent, the Controller may retain Personal Data longer until such consent is revoked. Furthermore, the Controller may be obliged to retain Personal Data
for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.
The User's Data is collected to allow the Controller to provide its Services, as well as for the following purposes: Statistics, Display of content from external platforms,
Remarketing and behavioral targeting, Interaction with social networks and external platforms, Management of User databases, Contact management and sending messages, Contacting the User, Backup saving and management.
To obtain further detailed information on the processing purposes and the Personal Data concretely relevant for each purpose, the User can refer to the relevant sections of this document.
Personal Data is collected for the following purposes and using the following services (click on the items to expand service details):
Through the contact form:
The user, by filling in the contact form with their data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the form heading.
Personal data collected: name, email, phone number and various types of data.
Contact by phone:
Users are contacted only if they have provided a valid phone number in the contact form, and will be contacted for clarifying and commercial matters related to the service.
Personal data collected: phone number.
Mailing list or newsletter: By registering for the mailing list or newsletter, the user's email address is inserted into a contact list to which email messages may be transmitted containing information,
including commercial and promotional information related to the services offered by our parent company I.S.S. and related brands. The user's email address may also be added to this list as a result of a
request through contact form, phone request or after making a purchase.
Personal Data collected: email, name.
This type of service allows the Controller to build user profiles starting from an email address, name or any other information that the User provides to this Website, as well as to track the User's activities through statistical features. This Personal Data may also be cross-referenced with information about the User publicly available (such as social network profiles) and used to build private profiles that the Controller can view and use to improve this Website. Some of these services may also allow the sending of scheduled messages to the User, such as emails based on specific actions performed on this Website. ZOHO CRM (Zoho Corporation Pvt. Ltd.) ZOHO CRM is a User database management service provided by Zoho Corporation Pvt. Ltd. Personal Data collected: email and various types of Data as specified in the service's privacy policy. Place of processing: USA – Privacy Policy: https://www.zoho.com/privacy.html
This type of service allows this Website to manage support and contact requests received
via email or through other tools, such as the contact form.
The Personal Data processed depends on the information provided by the User within the message and the tool used for communication (for example, the email address).
ZOHO CRM Email (Zoho Corporation Pvt. Ltd.) ZOHO CRM Email is a support and contact request management service provided by Zoho Corporation Pvt. Ltd.
Personal Data collected: various types of data as specified in the service's privacy policy.
Place of processing: USA – Privacy Policy: https://www.zoho.com/privacy.html.
This type of service allows managing a database of email contacts, phone contacts or contacts of any other type, used to communicate with the User.
These services may also allow collecting data related to the date and time of message viewing by the User, as well as the User's interaction with them,
such as information about clicks on links inserted in messages.
ZOHO Campaigns (Zoho Corporation Pvt. Ltd.) ZOHO Campaigns is an address management and email message sending service provided by Zoho Corporation Pvt. Ltd.
Personal Data collected: email, name.
Place of processing: USA – Privacy Policy: https://www.zoho.com/privacy.html
The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports
and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads from its advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy: https://policies.google.com/privacy?hl=en – Opt Out: https://tools.google.com/dlpage/gaoptout?hl=en.
Google AdWords conversion tracking (Google Inc.) Google AdWords conversion tracking is a statistics service provided by Google Inc. that links data from the Google AdWords ad network
with actions performed within this Website.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy: https://policies.google.com/privacy?hl=en Privacy Shield participant.
Facebook Ads conversion tracking (Facebook, Inc.)
Facebook Ads conversion tracking is a statistics service provided by Facebook, Inc. that links data from the Facebook ad network with actions performed within this Website.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy: https://www.facebook.com/about/privacy/
Payment management services allow this Website to process payments
via credit card, bank transfer or other instruments. The data used for payment is acquired directly by the manager of the requested payment service without being
in any way processed by this Website. Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.
PayPal (Paypal) PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.
Personal Data collected: various types of Data as specified by the service's privacy policy.
Place of processing: Consult Paypal's privacy policy – Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
The Controller may process usage data collected through this Website to create or update user profiles. This type of processing allows the Controller to evaluate choices, preferences and User behavior for the purposes specified in the respective sections of this document. User profiles can also be created through automated tools, such as algorithms, which can also be offered by third parties. To obtain further information on profiling activity, the User can refer to the respective sections of this document. The User has the right at any time to oppose such profiling activity. To learn more about the User's rights and how to exercise them, the User can refer to the section of this document relating to User rights.
This type of service allows this Website and its partners to communicate, optimize and serve advertisements based on the past use of this Website by the User.
This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to which the remarketing and behavioral targeting activity is connected.
In addition to the opt-out possibilities offered by the services listed below, the User can opt out of receiving cookies related to a third-party service by visiting the
Network Advertising Initiative opt-out page: http://optout.networkadvertising.org/?c=1.
Facebook Custom Audience (Facebook, Inc.)
Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that links the activity of this Website with the Facebook advertising network.
Personal Data collected: Cookies and email.
Place of processing: United States – Privacy Policy:https://www.facebook.com/about/privacy/ – Opt Out: http://optout.aboutads.info/?c=2&lang=EN.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that links the activity of this Website with the Facebook advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy:https://www.facebook.com/about/privacy/ – Opt Out: http://optout.aboutads.info/?c=2&lang=EN.
AdWords Remarketing (Google Inc.)
AdWords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. that links the activity of this Website with the Adwords advertising network and the Doubleclick Cookie.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy: https://policies.google.com/privacy?hl=en – Opt Out: https://adssettings.google.com/authenticated?hl=en.
Remarketing with Google Analytics for display advertising (Google Inc.)
Google Analytics for display advertising is a remarketing and behavioral targeting service provided by Google Inc. that links the tracking activity performed by Google Analytics and its Cookies
with the Adwords advertising network and the Doubleclick Cookie.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy: https://policies.google.com/privacy?hl=en – Opt Out: https://www.google.com/settings/ads/onweb/optout
This type of service allows the saving and management of backups of this Website on external servers managed by the service provider itself.
These backups may include both the source code and contents of the same as well as the data provided to this Website by the User.
Google Drive Backup (Google Inc.)
Google Drive is a backup saving and management service provided by Google Inc.
Personal Data collected: various types of Data as specified by the service's privacy policy.
Place of processing: United States – Privacy Policy:https://support.google.com/drive/answer/2450387?hl=en.
This type of service allows viewing content hosted on external platforms directly from the pages of this Website and interacting with them. This type of service may still collect web traffic data for the pages where the service is installed, even when Users do not use it. Google Fonts (Google Inc.) Google Fonts is a font display service managed by Google Inc. that allows this Website to integrate such content within its pages. Personal Data collected: Usage Data and various types of Data as specified in the service's privacy policy. Place of processing: United States – Privacy Policy: https://policies.google.com/privacy?hl=en.
User Rights
Users may exercise certain rights regarding their Data processed by the Controller.
In particular, Users have the right to:
- Withdraw consent at any time. The User has the right to withdraw consent where they have previously given consent to the processing of their Personal Data.
- Object to the processing of their Data. The User has the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. The User has the right to obtain information about the Data being processed by the Controller, about certain aspects of the processing and to receive a copy of the Data being processed.
- Verify and request rectification. The User has the right to verify the accuracy of their Data and request its update or correction.
- Obtain the restriction of processing. When certain conditions apply, the User has the right to restrict the processing of their Data. In this case, the Controller will not process the Data for any purpose other than storing it.
- Obtain the deletion or removal of their Personal Data. When certain conditions apply, the User may request the deletion of their Data by the Controller.
- Receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible,
to obtain its transfer without hindrance to another controller. This provision applies when the Data is processed by automated means and the processing is based on the User's consent, on a contract
of which the User is a party or on contractual measures connected to it.
- File a complaint. The User can file a complaint with the competent data protection supervisory authority or take legal action.
When Personal Data is processed in the public interest, in the exercise of public powers vested in the Controller or to pursue a legitimate interest of the Controller, Users have the right to object to the processing for reasons related to their particular situation. Users are reminded that, if their Data is processed for direct marketing purposes, they can object to the processing without providing any reason. To find out if the Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.
To exercise User rights, Users can address a request to the Controller's contact details indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
This Website uses Cookies. The details of the applications are already expressed in this document. In addition, the User can manage Cookie preferences directly within their own browser and prevent - for example - third parties from installing them. Through browser preferences it is also possible to delete Cookies installed in the past, including the Cookie in which consent to the installation of Cookies by this site may have been saved. The User can find information on how to manage Cookies with some of the most popular browsers for example at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer. With reference to Cookies installed by third parties, the User can also manage their settings and revoke consent by visiting the related opt-out link (if available), using the tools described in the third party's privacy policy or by contacting the third party directly. Without prejudice to the above, the User can make use of the information provided by EDAA (EU), Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. With these services it is possible to manage the tracking preferences of most advertising tools. The Controller therefore recommends that Users use these resources in addition to the information provided by this document. Since the installation of Cookies and other tracking systems operated by third parties through the services used within this Website cannot be technically controlled by the Controller, every specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information, the User is invited to consult the privacy policy of any third-party services listed in this document. Given the objective complexity of identifying Cookie-based technologies, the User is invited to contact the Controller should they wish to receive any further information regarding the use of Cookies through this Website.
Additional information on processing
The User's Personal Data may be used by the Controller in court or in the preparatory stages for its possible establishment for defense against abuse in the use of this Website or related Services by the User. The User declares to be aware that the Controller may be obliged to disclose Data by order of public authorities.
At the User's request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.
For needs related to operation and maintenance, this Website and any third-party services used by it may collect system logs, i.e. files that record interactions and may also contain Personal Data, such as the User's IP address.
This Website does not support "Do Not Track" requests. To find out whether any third-party services used support them, the User is invited to consult their respective privacy policies.
The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website as well as, where technically and legally feasible, by sending a notification to Users through one of the contact details in the Controller's possession. Please therefore regularly consult this page, referring to the date of last modification indicated at the bottom. Should the changes affect processing whose legal basis is consent, the Controller will collect the User's consent again, if necessary.
I.S.S. guarantees that data will be kept with care and confidentiality as an archive in our Cloud-based software. The security protocols used ensure that every data transmission is encrypted using TLS 1.2 protocols and SHA 256 certificates on a CA basis that ensures a secure browser connection to our servers. The latest and most powerful data encryption algorithms are also used such as AES_CBC/AES_GCM with 256 bit/128 bit encryption keys, SHA2 for authentication communications and ECDHE_RSA as key exchange mechanism.
If the customer purchases the service, unless otherwise requested, the translated documentation is kept on our servers for one year, to allow the customer to obtain additional free copies.
If the customer only requests a quote, the documentation obtained is deleted within 14 days from the date of last communication with the customer, and never beyond 30 days from the date of communication of the translation cost.
Definitions and legal references
Any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
Information collected automatically through this Website (also from third-party applications integrated in this Website), including: IP addresses or domain names of computers used by the User connecting to this Website, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful outcome, error, etc.) the country of origin, the features of the browser and operating system used by the visitor, the various time characteristics of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and to the User's IT environment.
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural person, legal person, public administration and any other entity that processes personal data on behalf of the Controller, as set out in this privacy policy.
The natural or legal person, public authority, service or other body which, alone or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.
The hardware or software tool through which Users' Personal Data is collected and processed.
The Service provided by this Website as defined in the related terms (if present) on this site/application.
Unless otherwise specified, every reference to the European Union contained in this document is intended to extend to all current member states of the European Union and the European Economic Area.
Small portion of data stored within the User's device.
This privacy notice is drawn up on the basis of multiple legislative systems, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this privacy policy applies exclusively to this Website. Last modified: June 12, 2019.
International Study Solutions Pty Ltd Level 24 - 300 Barangaroo Avenue, Sydney NSW 2000, Australia. You can access, update your data, request removal, and report a violation at any time by sending us an email to: privacy[@]naatitranslations.com (removing the square brackets).
Please note: use this email only for privacy-related requests, any other non-privacy related requests will be ignored without receiving a response.