Privacy Policy

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, request a quote, use our services, apply to work with us, access our platforms or interact with us in any other way.

It has been prepared in line with the principles of the General Data Protection Regulation (GDPR) and Spanish data protection law.

1. Who is responsible for your personal data?

The data controller is:

For any question about this Privacy Policy or the processing of your personal data, you can contact us using the email address above.

2. What personal data do we collect?

We may collect and process different categories of personal data depending on your relationship with us.

Data provided through contact forms or quote requests. This may include: name and surname; company name; professional role; email address; telephone number; country; information about your translation, localisation or language service needs; files or documents you upload or send to us; and any other information you choose to include in your message.

Data related to clients and projects. When we provide language services, we may process: contact details of client representatives; project-related communications; purchase orders, quotes, invoices and billing details; source files, reference materials and translation instructions; terminology, translation memories and project records; and certificate-related information, where applicable.

Data related to translators, reviewers and suppliers. If you apply to collaborate with AbroadLink or provide services to us, we may process: name and contact details; professional profile; CV, qualifications and experience; language combinations and areas of specialisation; rates and availability; tax, payment and invoicing information; and quality records and project history.

Data related to website use. When you visit our website, we may collect: IP address; browser and device information; pages visited; approximate location based on technical data; date and time of visit; cookie preferences; and analytics and usage data, where you have consented to this. For more information, please see our Cookie Policy.

Data related to platforms, portals and technology services. If you access client portals, certificate portals or other digital tools provided by AbroadLink, we may process: login and authentication data; user activity within the platform; project, certificate or document access records; and technical logs used for security and traceability. This may include services such as CertLink, our certificate and traceability portal, and aiHubLink, our controlled AI translation integration layer, where applicable.

3. Why do we process your personal data?

We process personal data for the following purposes:

To respond to enquiries and quote requests — to answer your questions, prepare proposals, provide quotes and communicate with you about our services.

To provide translation, localisation and language services — to manage translation, review, localisation, desktop publishing, terminology, quality assurance, certification and related services.

To manage client relationships — to maintain commercial relationships, manage accounts, follow up on projects, process orders and provide customer support.

To manage supplier and linguist relationships — to assess applications, select providers, manage assignments, process payments, evaluate performance and maintain quality records.

To issue certificates and maintain traceability — where applicable, to issue signed translation certificates, maintain project records and provide evidence of traceability for audits, notified bodies, competent authorities or client quality systems.

To operate and secure our website and platforms — to keep our systems secure, prevent misuse, troubleshoot issues and maintain reliable access to our services.

To improve our website and services — where permitted by law or based on your consent, to understand how visitors use our website and improve our content, navigation and user experience.

To send commercial communications — if you have requested information, are an existing client or have given your consent, we may send you relevant information about our services, resources, events or content. You can unsubscribe at any time.

To comply with legal obligations — to meet tax, accounting, commercial, regulatory, legal or administrative requirements.

4. What is the legal basis for processing your data?

Depending on the purpose, we process your data on one or more of the following legal bases:

Performance of a contract or pre-contractual measures — when we process your data to prepare a quote, respond to a service request, provide services, manage projects or maintain a contractual relationship with you or your company.

Legal obligation — when we must process data to comply with tax, accounting, invoicing, commercial or legal requirements.

Legitimate interest — in managing business relationships, responding to professional enquiries, improving our services, ensuring IT security, preventing fraud, maintaining quality records and defending legal claims.

Consent — for certain activities such as non-essential cookies, some marketing communications and other cases where consent is legally required. You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

5. Who may receive your personal data?

We may share personal data with the following categories of recipients where necessary:

• authorised AbroadLink staff;
• freelance translators, reviewers, editors, interpreters or other language professionals involved in a project;
• technology providers, hosting providers, email providers, CRM providers and cloud service providers;
• accounting, legal, tax or administrative advisors;
• banks and payment providers;
• public authorities, courts or regulators where legally required;
• client representatives or auditors, where certificate, quality or traceability evidence is required and legally appropriate.

When we use external service providers, they are required to process personal data according to our instructions and to apply appropriate security and confidentiality measures.

6. Do we transfer data outside the European Economic Area?

Some technology or service providers may process personal data outside the European Economic Area. Where this happens, we apply appropriate safeguards under the GDPR, such as adequacy decisions, standard contractual clauses or other legally recognised transfer mechanisms.

7. How long do we keep your data?

We keep personal data only for as long as necessary for the purpose for which it was collected and to comply with legal, contractual, tax, accounting or quality obligations. As a general rule:

• enquiry and quote data are kept for the time needed to manage the request and follow-up;
• client and project data are kept for the duration of the commercial relationship and the legally required retention period;
• invoicing and accounting data are kept for the legally required period;
• supplier and linguist data are kept while the professional relationship remains active and for any applicable legal or quality retention period;
• certificate and traceability records may be kept for longer where needed to support client quality systems, regulatory audits or legal evidence;
• cookie consent records are kept according to the configuration of the consent management platform.

Specific retention periods may vary depending on the type of data, the applicable law and the nature of the service provided.

8. How do we protect your data?

We apply technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include:

• access controls;
• confidentiality obligations;
• secure storage systems;
• user authentication;
• backup and recovery measures;
• supplier controls;
• internal quality procedures;
• restricted access to project files;
• security monitoring and technical safeguards.

As a language service provider working with regulated industries, AbroadLink places particular importance on confidentiality, traceability and controlled workflows.

9. What are your rights?

Under the GDPR, you may have the following rights:

• the right to access your personal data;
• the right to rectify inaccurate or incomplete data;
• the right to request erasure of your data;
• the right to request restriction of processing;
• the right to object to processing;
• the right to data portability;
• the right to withdraw consent where processing is based on consent;
• the right not to be subject to decisions based solely on automated processing, where applicable.

To exercise your rights, please contact us at privacy@abroadlink.com. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD), www.aepd.es.

10. Data included in documents sent for translation

Clients are responsible for ensuring that any personal data included in documents sent to AbroadLink is lawful, necessary and appropriate for the requested service. Where possible, clients should avoid sending unnecessary personal data, or should anonymise, pseudonymise or redact information that is not required for the translation or language service.

When client materials include personal data relating to third parties, AbroadLink acts as a data processor on behalf of the client (the data controller), processing such data only for the purpose of providing the requested service and under appropriate confidentiality and security measures. Where required, this processing is governed by a data processing agreement in accordance with Article 28 of the GDPR.

11. Artificial intelligence and language technologies

AbroadLink may use language technologies, translation memories, terminology databases, machine translation, AI-assisted workflows or controlled AI systems as part of its services, where appropriate.

When AI or machine translation is used in a project, AbroadLink applies controlled workflows, human review where required, confidentiality measures and project-specific instructions. For regulated or sensitive content, the use of AI-based workflows may be subject to client requirements, contractual terms, quality procedures and traceability controls.

12. Links to third-party websites

Our website may contain links to third-party websites, platforms or resources. AbroadLink is not responsible for the privacy practices, cookie practices or content of third-party websites. We recommend reviewing their privacy policies before providing personal data.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business changes. When we make changes, we will update the "Last updated" date at the top of this page.

Last updated: June 2025. AbroadLink Translations, S.L. — Paseo de la Castellana 40, 28046 Madrid, Spain.