Privacy Policy

Last updated: December 16, 2025

Version: 1.0

This Privacy Policy describes how Gi.Vi. Holdings Ltd processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and UK GDPR.

1. Data Controller

Gi.Vi. Holdings Ltd

Company Number: 15830977

Registered Address: 12-16 Lionel Road, Canvey Island, England, SS8 9DE

Privacy Contact: Submit our contact form

Website: giviholdings.com

2. Personal Data We Collect

2.1 Data You Provide

When you request a quote or translation service, we collect:

Name and surname (required)
Email address (required)
Phone number (required)
Document language (required)
Additional notes and information (optional)
Documents uploaded for translation (required)

Types of documents processed:

Identity documents (passports, ID cards)
Civil status certificates (birth, marriage, death certificates)
Medical certificates
Criminal record certificates
Driver's licenses
Educational certificates and diplomas
Other official documents

Important: These documents contain special categories of personal data (Article 9 GDPR) and may contain judicial data.

2.2 Automatically Collected Data

Through cookies and similar technologies:

IP address (anonymized)
Browser type and device information
Pages visited on the website
Time spent on the website
Referral source
Operating system

For complete details, see our separate Cookie Policy.

2.3 Communication Data

Email exchanges via Zoho Desk
Chat messages via Zoho SalesIQ or WhatsApp Business
Documents attached to communications

3. Legal Basis and Purposes

Purpose	Legal Basis	Retention Period
Provide translation quote	Contract performance (Art. 6.1.b)	Short period if not accepted
Execute NAATI certified translation	Contract performance (Art. 6.1.b) + Explicit consent for special data (Art. 9.2.a)	Duration necessary for service delivery and customer support
Administrative and accounting management	Legal obligation (Art. 6.1.c)	As required by applicable tax and accounting laws
Advertising remarketing (when activated)	Consent (Art. 6.1.a)	See Cookie Policy
Customer support	Legitimate interest + Contract performance	Duration of customer relationship plus reasonable period thereafter
Statistical analysis (GA4, Zoho PageSense)	Legitimate interest (Art. 6.1.f)	As specified in Cookie Policy
CRM profiling for recurring customer discounts	Consent (Art. 6.1.a)	Until withdrawal or prolonged inactivity
Direct marketing (when activated)	Consent (Art. 6.1.a)	Until withdrawal

For specific retention periods applicable to your data, please submit a data access request via our privacy form

4. Data Recipients

4.1 Service Providers (Data Processors)

Provider	Service	Data Location
Zoho Corporation	CRM, Desk, Forms, SalesIQ, PageSense, Books	EU/USA (DPF certified)
Google LLC (Alphabet Inc.)	Google Workspace, Drive, Analytics 4, Fonts, Tag Manager	EU/USA (DPF certified)
Stripe Inc.	Payment processing	EU/USA (DPF certified)
Brizy Cloud (AWS)	Website hosting	EU (AWS data centers)
Cloudflare Inc.	CDN, DNS, security	Global network
Wisernotify	Testimonial widget, WhatsApp button	As per provider policy

4.2 NAATI Certified Translators

Your documents are shared with freelance NAATI certified translators located in Australia to perform the translation service.

Legal basis for transfer:

Necessity for contract performance (Art. 6.1.b GDPR)
Explicit consent for special categories of data (Art. 9.2.a GDPR)

Safeguards:

Translators bound by Non-Disclosure Agreements (NDA)
Contractual data security obligations
Data Processing Agreements with Standard Contractual Clauses (SCCs)
Document deletion after delivery

4.3 Public Authorities

Where legally required, data may be disclosed to:

Tax authorities in applicable jurisdictions
Judicial authorities upon lawful request
Data protection authorities in relevant countries

5. International Transfers

5.1 United States

Recipients: Google LLC, Zoho Corporation, Stripe Inc., Cloudflare Inc.

Legal basis:

EU-US Data Privacy Framework (DPF) - EU Commission Decision 2023/1795
UK Extension to EU-US Data Privacy Framework

These providers are DPF certified and provide adequate level of data protection.

Verify certifications:

5.2 Australia

Recipients: NAATI certified translators (freelance)

Legal basis:

Necessity for contract performance (you cannot receive NAATI certified translation without transfer to Australia)
Explicit consent for special categories of data

Safeguards:

Translators bound by NDA and contractual obligations
Standard Contractual Clauses (SCCs) - EU Commission 2021

Australia does not have an EU adequacy decision but has robust privacy laws (Australian Privacy Act 1988 + Australian Privacy Principles).

6. Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

Data Type	Retention Criteria
Quote requests not accepted	Short period after request
Customer documents and translations	Duration necessary for service delivery and reasonable period for customer support
Communication records	Duration of customer relationship plus reasonable period thereafter
CRM records	Until withdrawal of consent or prolonged period of inactivity
Accounting and tax records	As required by applicable tax and accounting laws (typically 6-10 years)
Analytics cookies	As specified in Cookie Policy

Legal disputes: In case of claims, complaints, or litigation, we may retain data necessary to defend our rights until resolution plus applicable prescription period, pursuant to Art. 6.1.f GDPR (legitimate interest - defense of rights).

For specific retention periods applicable to your data, please submit a data access request via our privacy form

7. Security Measures

Technical measures:

TLS 1.2+ encryption for data transmission (SSL certificates)
Data encryption at rest (Google Workspace/Drive, Zoho)
Multi-factor authentication (2FA/3FA) for admin access
Firewall and DDoS protection (Cloudflare)
Encrypted automated backups (service providers)
Access logging and audit trails

Organizational measures:

Data access limited to authorized personnel (2 persons)
Non-Disclosure Agreements (NDA) with collaborators
Internal data management policies
Ongoing privacy and security training

8. Your Rights

Right	Description
Access (Art. 15)	Obtain a copy of your data and information about processing
Rectification (Art. 16)	Correct inaccurate or incomplete data
Erasure (Art. 17)	Obtain deletion of data ("right to be forgotten") when no longer necessary
Restriction (Art. 18)	Restrict processing in certain cases (e.g., disputing accuracy)
Portability (Art. 20)	Receive data in structured format and transfer to another controller
Objection (Art. 21)	Object to processing based on legitimate interest or for marketing
Withdraw Consent (Art. 7.3)	Withdraw consent at any time without affecting lawfulness of prior processing
Complaint (Art. 77)	Lodge a complaint with the competent supervisory authority

How to Exercise Your Rights

Submit your request using our dedicated privacy request form

Response time: Maximum 1 month from request

Cost: Free (unless requests are manifestly unfounded)

Supervisory Authorities

You have the right to lodge a complaint with the data protection authority in your country of residence.

Company headquarters (UK):

Information Commissioner's Office (ICO)

Website: https://ico.org.uk

For EU/EEA residents:

Contact your national data protection authority. Find your authority at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

For other countries:

Contact the data protection or privacy authority in your country of residence.

9. Cookies

This website uses cookies and similar technologies. For complete information, see our separate Cookie Policy.

Cookie types:

Technical cookies (always active): Consent management, session cookies
Analytics cookies (with consent): Google Analytics 4, Zoho PageSense
Marketing cookies (when activated, with consent): Meta Pixel, Google Ads, LinkedIn Insight Tag

You can modify cookie preferences through the cookie banner on the website or browser settings.

10. Profiling and Automated Decisions

Profiling:

We use limited profiling to:

Identify recurring customers to offer discounts
Aggregate statistical analysis of user behavior

Legal basis: Consent (for discounts) / Legitimate interest (aggregate statistics)

We do NOT use profiling for automated decisions that produce legal effects or similarly significantly affect you.

Automated decisions:

We do NOT use fully automated decision-making systems. All decisions (quote acceptance, pricing, service delivery) involve human evaluation.

11. Minors

The service is exclusively intended for individuals 18 years of age or older.

We do NOT knowingly collect data from individuals under 18 years of age.

Note: We may receive documents relating to minors (e.g., birth certificates, school documents) if provided by parents/legal guardians of legal age who request the service.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy.

In case of substantial changes:

We will publish the new version on the website with updated date
We will inform you via email (if possible)
For changes requiring consent, we will collect new explicit consent

We recommend consulting this page periodically.

13. Contact

For any questions about this Privacy Policy or the processing of your data, please refer to the contact details indicated in section 1. Data Controller

We will respond within 1 month of receiving the request.

N.A.A.T.I. Translations

Naati Translations | Service operated by ISS Education

International Study Solutions division of Gi.Vi. Holdings Ltd

iss-edu.com | giviholdings.com