Privacy Policy

thebigword Privacy Policy V5 – April 2024

1               Privacy Policy

This Privacy Policy (“Policy”) sets out how thebigword Group Limited (“we”, “us” or “our”) collects, uses and shares your personal data in the context of our websites, business contacts, job applicants, freelance linguists, suppliers, current and prospective clients who use our services (together referred to as “you”, “your”). It is important that you read this Policy so that you are aware of how and why we are using such personal data and how we will treat it.

2               Who we are

thebigword Group Limited is the data controller of the personal data which we collect about you. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Policy.

You can contact us:

  • by email to thebigword Data Protection Officer –
  • by telephone at 0870 748 8000; or
  • by post at The Compliance Team, thebigword, Unit 4, Royd’s Close, Lower Wortley, Leeds, LS12 6LL

We are committed to protecting and respecting your privacy.

3               Personal Data: collection, purposes and lawful basis

This Policy sets out the basis on which any personal data we collect from you, or that you provide to us, on, and (our “Website”) will be processed by us.

Personal Data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

The type of Personal Data we process differs depending on how you engage with us. The table below provides this information including how we will use the Personal Data and the context for which we use your Personal Data:

Clients and Website Users.

We collect your personal data if you:

  • interact with us via our Website, for example by filling in forms, 
  • communicate with us by email,
  • order any of our services, including if you create an account with us,
  • make payments or modify your account details,
  • provide feedback to us,
  • visit our Websites (for example by cookies, your IP address and other browser- generated information): 

Types of Personal DataPurposesLegal Basis
Basic personal details (e.g., full name); your contact information (including email address and telephone number); your job role / title; system access (e.g. access logs, tracking information); account credentials (e.g., username, password, security questions), residential address, business address, date of birth, payment information (including bank account information and transaction data) and communications/complaints.To provide our translation services or any other services to you, deal with any enquiries you have, receive any feedback from you.  (a) the processing is necessary for performance of a contract with you; and (b) it is in our legitimate interest to review and respond to any correspondence or queries you send to us, and to send service information regarding our translation services that you have bought or requested.
Name, address, payment and card details.Taking credit card payment services through our web portals.(a) the processing is necessary for performance of our contract with you. (b) necessary for our legitimate interests to facilitate payments as part of delivering our Services.
Your first name, surname, email address, residential address, business address.To send you marketing material, newsletters and other related information, including, surveys, and promotions and to send solicited information (e.g. quotes in response to an enquiry).(a) our legitimate interest to send you communications to you, where permitted by privacy laws; or (b) where we have obtained your consent to do so. Please note that you can request that we stop using your personal data for marketing purposes at any time, by contacting us using the details in Section 2 of this Policy.
Names, email addresses, residential addresses, business addresses.To conduct data analytics and market research for statistical and survey purposes and for internal business administration.The processing is necessary for our legitimate interest to measure the use of our services and interaction to inform and improve service direction and development and to enable provision of accurate and reliable reporting.
Information about your visits to our website, your geo-location and IP address, the browser software you use, the top-level domain-name used (for example .ie, .com, .org, .net), the pages visited on the website, i.e., URL’s visited, the previous website address from which the visitor reached us, including any search terms used, clickstream data which shows the traffic of visitors around the website (for example, pages accessed), and the date and time you access the website.To help us to keep the website available and improve your experience when you visit it. This includes: (a) for verification and administration, and for statistical analysis to improve, test and monitor the effectiveness of the website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); and (c) to ensure content on the website is presented in the most effective manner for you and to enhance your use of the website.(a) our legitimate interest to provide and maintain our website through utilising cookies that are strictly necessary; (b)  your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. Important: Website users should also read our Cookie Notice which is also available on our website.

Job applicant and / or freelance linguist personal data.

We collect your personal data when you apply for a role with us from application forms, CVs, passport or other identity documents, job boards or social media sites, and third parties, such as references supplied by former employers or collected through interviews or other forms of assessment. Depending on the role, we may also collect information from employment background check providers and information from criminal records checks: 

Types of Personal DataPurposesLegal Basis
Basic personal details (e.g., full name; date of birth); address; email address; telephone number; details of qualifications, skills, experience and employment history; information about benefit entitlements and existing remuneration levels; disabilities for reasonable adjustments; identity and entitlement to work verification; education, professional experience and affiliations (e.g., education and training history; photograph; languages; basic HR details (e.g., job title, role; office location; start date); special requirements details; financial details (e.g., bank account information; national insurance number; system access (e.g. access logs, tracking information); account credentials (e.g., username, password, security questions).To respond to requests for vacancies and for recruiting and hiring purposes and to improve our recruitment process and activities.  (a) the processing is necessary for us to administer our contract with you– or take steps to consider entering into a contract with you; (b) necessary to comply with our legal obligations including to check your entitlement to work and to comply with certain payroll and / or tax obligations.   (c) necessary for our legitimate interests to run recruitment processes; and (d) in exceptional cases, with your consent which you are permitted to withdraw at any time.
Background checks (such as copies of DBS checks). For certain client engagements we may also need to carry out enhanced security clearance checks.To undertake background checks of individuals contracted to provide our services to our Clients.We will only collect information about criminal convictions if it is appropriate to do so, given the nature of the role and where we are legally able to do so. You will be notified directly as part of the application process if this is required.

Job applicants, freelance linguists, Clients and Website Users

All Personal Data set out above.In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction.Necessary for our legitimate interests to ensure we can protect and grow our business.
All Personal Data set out above.To perform financial accounting functions including tax reporting to comply with applicable laws and accounting standards that we adhere to.Necessary to comply with relevant legal obligations (for example, relating to tax reporting).
All Personal Data set out above.To help us improve and optimise our services.Necessary for our legitimate interests to maintain our reputation as a leading translation service provider.

In limited circumstances we may process any of the Personal Data we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations.

Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). We will notify you of this at the time.

4               Disclosure of your Personal Data 

Depending on your dealings with us, we may disclose some or all of the Personal Data we collect from and obtain about you to the following:

Other entities within our Group: We may share your Personal Data internally with other members of our group, where required, in order to, for example, deliver our services to you or to facilitate review and appointment of your engagement as a freelance linguist or an employee. In particular, our Indian entity provides dedicated administrative support to us for our purposes as described in this Policy.  

We may also share your data externally where required with:

  • our third party vendors such as IT service providers, marketing fulfilment providers, data analytics providers,
  • our auditors,
  • third parties in the event of a sale or acquisition of any of our business or assets, or as part of some other form of reorganisation.

For freelance linguists only, we may share your data with:

  • our clients and / or prospective clients, and
  • our training partners if you and we agree that you may benefit from attending training sessions and / or obtaining qualifications for your role.

Please see Sections 5 and 7 below for details of the safeguards we have in place when we share your data with third parties.

5               International transfers

Some of the recipients listed above may be based outside the European Economic Area (“EEA”) and/or the United Kingdom (“UK”). In particular, our internal administrative support services are based in India. Whenever we make transfers of your personal data outside of the EEA and / or the UK, we take steps to ensure that there are adequate safeguards in place to protect your privacy rights. This may include:

  • making transfers to countries that have a finding of adequacy by the UK Government; or
  • implementing appropriate contractual arrangements such as the UK Addendum to the EU Standard Contractual Clauses.

If you would like to find out more about our transfers and the safeguards we have in place, please contact us using the details set out in section 2 above.

6               Retention of your Personal Data

We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy. We also retain your Personal Data if needed to establish, exercise or defend a legal claim, or whether otherwise required for legal purposes and legitimate business interests.

7                Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes.

We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

5               Your Rights

Data protection laws provide you with the following rights, to:

  • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
  • request a copy of your personal data which you have provided to us in a structured, commonly used and machine-readable format or request us to transfer it to another controller.

You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

If you consider that the processing of your Personal Data violates applicable data protection laws, you may lodge a complaint with your local supervisory authority for data protection issues, which for example in the UK is the Information Commissioner’s Office (ICO) at: We would, however, appreciate the chance to deal with your concerns before you approach your local supervisory authority, so please contact us in the first instance using the contact details at the start of this Policy. You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Our Website(s) may, from time to time, contain links to and from other websites, which will have their own privacy policies for which we do not accept any responsibility or liability. Please check these policies before you submit any personal data to these websites.

8               Changes to this Policy

We may make changes to this Policy from time to time . Please refer back to our website for any such changes. This Policy is effective as at 9th April 2024.