Privacy Policy

Last updated: December 16, 2025

Version: 1.0

This Privacy Policy describes how Gi.Vi. Holdings Ltd processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and UK GDPR.

1. Data Controller

Gi.Vi. Holdings Ltd

Company Number: 15830977

Registered Address: 12-16 Lionel Road, Canvey Island, England, SS8 9DE

Privacy Contact: privacy[@]giviholdings.com

This Privacy Policy describes how Gi.Vi. Holdings Ltd processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and UK GDPR.

2. Personal Data We Collect

2.1 Data You Provide

When you request a quote or translation service, we collect:

Name and surname (required)
Email address (required)
Phone number (required)
Document language (required)
Additional notes and information (optional)
Documents uploaded for translation (required)

Types of documents processed:

Identity documents (passports, ID cards)
Civil status certificates (birth, marriage, death certificates)
Medical certificates
Criminal record certificates
Driver's licenses
Educational certificates and diplomas
Other official documents

Important: These documents contain special categories of personal data (Article 9 GDPR) and may contain judicial data.

2.2 Automatically Collected Data

Through cookies and similar technologies:

IP address (anonymized)
Browser type and device information
Pages visited on the website
Time spent on the website
Referral source
Operating system

For complete details, see our separate Cookie Policy.

2.3 Communication Data

Email exchanges via Zoho Desk
Chat messages via Zoho SalesIQ or WhatsApp Business
Documents attached to communications

3. Legal Basis and Purposes

Purpose	Legal Basis	Retention Period
Provide translation quote	Contract performance (Art. 6.1.b)	30 days from request
Execute NAATI certified translation	Contract performance (Art. 6.1.b) + Explicit consent for special data (Art. 9.2.a)	1-12 months from delivery
Administrative and accounting management	Legal obligation (Art. 6.1.c)	10 years
Respond to information requests	Legitimate interest (Art. 6.1.f)	30 days
Customer support	Legitimate interest + Contract performance	36 months from last activity
Statistical analysis (GA4, Zoho PageSense)	Legitimate interest (Art. 6.1.f)	26 months
CRM profiling for recurring customer discounts	Consent (Art. 6.1.a)	36 months of inactivity
Direct marketing (when activated)	Consent (Art. 6.1.a)	Until withdrawal
Advertising remarketing (when activated)	Consent (Art. 6.1.a)	See Cookie Policy

4. Data Recipients

4.1 Service Providers (Data Processors)

Provider	Service	Data Location
Zoho Corporation	CRM, Desk, Forms, SalesIQ, PageSense, Books	EU/USA (DPF certified)
Google LLC (Alphabet Inc.)	Google Workspace, Drive, Analytics 4, Fonts, Tag Manager	EU/USA (DPF certified)
Stripe Inc.	Payment processing	EU/USA (DPF certified)
Brizy Cloud (AWS)	Website hosting	EU (AWS data centers)
Cloudflare Inc.	CDN, DNS, security	Global network
Wisernotify	Testimonial widget, WhatsApp button	As per provider policy

4.2 NAATI Certified Translators

Your documents are shared with freelance NAATI certified translators located in Australia to perform the translation service.

Legal basis for transfer:

Necessity for contract performance (Art. 6.1.b GDPR)
Explicit consent for special categories of data (Art. 9.2.a GDPR)

Safeguards:

Translators bound by Non-Disclosure Agreements (NDA)
Contractual data security obligations
Data Processing Agreements with Standard Contractual Clauses (SCCs)
Document deletion after delivery

4.3 Public Authorities

Where legally required, data may be disclosed to:

Tax authorities (UK HMRC, Italian Revenue Agency if applicable)
Judicial authorities upon request
Data protection authorities (UK ICO, Italian Garante Privacy)

5. International Transfers

5.1 United States

Recipients: Google LLC, Zoho Corporation, Stripe Inc., Cloudflare Inc.

Legal basis:

EU-US Data Privacy Framework (DPF) - EU Commission Decision 2023/1795
UK Extension to EU-US Data Privacy Framework

These providers are DPF certified and provide adequate level of data protection.

Verify certifications:

5.2 Australia

Recipients: NAATI certified translators (freelance)

Legal basis:

Necessity for contract performance (you cannot receive NAATI certified translation without transfer to Australia)
Explicit consent for special categories of data

These providers are DPF certified and provide adequate level of data protection.

Safeguards:

Translators bound by NDA and contractual obligations
Standard Contractual Clauses (SCCs) - EU Commission 2021

Australia does not have an EU adequacy decision but has robust privacy laws (Australian Privacy Act 1988 + Australian Privacy Principles).

6. Retention Periods

Data Type	Retention Period
Quote requests not accepted	30 days from request
Client documents (Google Drive)	1-12 months depending on time of year (annual deletion in January)
Email communications (Zoho Desk)	36 months from last activity
Translator emails	30 days after Cost of Goods Sold registration in Zoho Books
CRM records	36 months of inactivity
Administrative/accounting data (Zoho Books, Stripe)	10 years (legal obligation)
Analytics cookies (GA4)	26 months
Analytics cookies (Zoho PageSense)	14 months

Exception for legal disputes: In case of claims, complaints, or litigation, we retain data necessary to defend our rights until resolution + 6 years (ordinary prescription period), pursuant to Art. 6.1.f GDPR (legitimate interest - defense of rights).

7. Security Measures

Technical measures:

TLS 1.2+ encryption for data transmission (SSL certificates)
Data encryption at rest (Google Workspace/Drive, Zoho)
Multi-factor authentication (2FA/3FA) for admin access
Firewall and DDoS protection (Cloudflare)
Encrypted automated backups (service providers)
Access logging and audit trails

Organizational measures:

Data access limited to authorized personnel (2 persons)
Non-Disclosure Agreements (NDA) with collaborators
Internal data management policies
Ongoing privacy and security training

8. Your Rights

Right	Description
Access (Art. 15)	Obtain a copy of your data and information about processing
Rectification (Art. 16)	Correct inaccurate or incomplete data
Erasure (Art. 17)	Obtain deletion of data ("right to be forgotten") when no longer necessary
Restriction (Art. 18)	Restrict processing in certain cases (e.g., disputing accuracy)
Portability (Art. 20)	Receive data in structured format and transfer to another controller
Objection (Art. 21)	Object to processing based on legitimate interest or for marketing
Withdraw Consent (Art. 7.3)	Withdraw consent at any time without affecting lawfulness of prior processing
Complaint (Art. 77)	Lodge a complaint with the competent supervisory authority

How to Exercise Your Rights

Send a request via email to: privacy[@]giviholdings.com

Include:

Your full name
Email address used for the service
Clear description of your request
Copy of identity document (for identity verification)

Response time: Maximum 1 month from request

Cost: Free (unless requests are manifestly unfounded)

Supervisory Authorities

United Kingdom (legal headquarters):

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Phone: +44 0303 123 1113

Website: https://ico.org.uk

Italy (if Italian user):

Garante per la Protezione dei Dati Personali

Piazza Venezia 11, 00187 Roma

Phone: +39 06 696771

Website: https://www.gpdp.it

9. Cookies

How to Exercise Your Rights

This website uses cookies and similar technologies. For complete information, see our separate Cookie Policy.

Cookie types:

Technical cookies (always active): Consent management, session cookies
Analytics cookies (with consent): Google Analytics 4, Zoho PageSense
Marketing cookies (when activated, with consent): Meta Pixel, Google Ads, LinkedIn Insight Tag

You can modify cookie preferences through the cookie banner on the website or browser settings.

10. Profiling and Automated Decisions

Profiling:

We use limited profiling to:

Identify recurring customers to offer discounts
Aggregate statistical analysis of user behavior

Legal basis: Consent (for discounts) / Legitimate interest (aggregate statistics)

We do NOT use profiling for automated decisions that produce legal effects or similarly significantly affect you.

Automated decisions:

We do NOT use fully automated decision-making systems. All decisions (quote acceptance, pricing, service delivery) involve human evaluation.

11. Minors

The service is exclusively intended for individuals 18 years of age or older.

We do NOT knowingly collect data from individuals under 18 years of age.

Note: We may receive documents relating to minors (e.g., birth certificates, school documents) if provided by parents/legal guardians of legal age who request the service.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy.

In case of substantial changes:

We will publish the new version on the website with updated date
We will inform you via email (if possible)
For changes requiring consent, we will collect new explicit consent

We recommend consulting this page periodically.

13. Contact

For any questions about this Privacy Policy or the processing of your data:

Email: privacy[@]giviholdings.com

Subject: "Privacy - [YOUR NAME]"

We will respond within 1 month of receiving the request.

N.A.A.T.I. Translations

Naati Translations | Service operated by ISS Education

International Study Solutions division of Gi.Vi. Holdings Ltd

iss-edu.com | giviholdings.com