Privacy Policy
At a glance (TL;DR)
iConic Translation World Pvt Ltd operates iTranslationWorld.com (Corporate India), IconicTranslations.com (Corporate Global), and ProzWorld.com (Individuals India).
To provide services, manage accounts, comply with law, secure our systems, and—where permitted—send B2B updates. We do not sell or rent personal data.
You can access, correct, delete, or object, and manage cookies. See Your Privacy Rights.
1) Scope & Scope of Responsibility
This Policy applies to personal data processed by iConic Translation World Pvt Ltd through our websites, forms, email, and offline service delivery.
- iTranslationWorld.com — corporate/enterprise India
- IconicTranslations.com — corporate/enterprise global
- ProzWorld.com — individuals in India (certified translations)
2) Our Roles: Controller vs Processor
Controller
For websites, sales, billing, customer support, and B2B marketing, we act as a data controller. For ProzWorld.com, we act as controller for B2C order intake and delivery.
Processor
For client-provided content (source files, TMs, glossaries, briefs), we typically act as a data processor and process personal data only per your documented instructions (e.g., under DPA/NDA).
3) What We Collect
Contact & business data
- Identity/contact (name, email, phone, company, role, billing; GST/CIN for India).
- Account/usage (IP/device logs for security/performance).
- Marketing preferences for B2B updates (opt-out anytime).
Project content
- Files for translation, glossaries, style guides, TMs; reviewer comments.
- B2C certified jobs: personal identifiers on official documents you provide.
Sensitive/special categories
We do not seek special category data; if present in your documents, we process it solely to deliver the service or comply with law.
Sources
- You/your organization (forms, email, SSO, integrations).
- Public business sources (for B2B contact verification).
- Vendors assisting delivery (couriers, secure cloud), under contract.
4) Why & How We Use Data (Legal Bases)
Purposes
- Provide/price/deliver services and support.
- Project governance: LQA, termbase/TM management, invoicing.
- Security/fraud prevention; audit trails.
- Compliance (tax, lawful requests).
- Analytics/service improvement.
- B2B communications where permitted.
Legal bases
- Contract — to perform the services.
- Legitimate interests — to run and secure our business (balanced with your rights).
- Consent — where required (e.g., certain cookies/marketing/B2C flows).
- Legal obligation — where we must keep records or respond to authorities.
6) Security & Confidentiality
- ISMS aligned with ISO/IEC 27001; vendor screening.
- TLS in transit; encrypted-at-rest where supported; secure file transfer links.
- Least-privilege access; role-based permissions; logging & review.
- Segregation of projects; reviewer independence for ISO 17100.
- Change/vulnerability management; patching.
- BCP/DR plans.
- Secure deletion & anonymization on request/expiry.
- Training on confidentiality & data protection.
No system is 100% secure; we apply layered controls and improve continuously.
7) Retention & Deletion
We keep personal data only as long as necessary for the purposes described or as required by law/contract. Standard periods (unless your contract states otherwise):
| Data Category | Typical Retention | Notes |
|---|---|---|
| Sales & enquiry records (B2B) | 24 months | Reset if a new engagement starts |
| Project files & working copies | 180 days post-close | Re-issues/quality checks; shorter on request |
| Certified translation records (B2C) | Up to 24 months | For re-issuance/attestations where permitted |
| Invoices & accounting | 7–8 years | As per tax laws |
| Security logs | 90–180 days | Fraud/incident investigation |
8) International Transfers
Where data is processed or transferred cross-border, we use appropriate safeguards such as the EU Standard Contractual Clauses (with UK addendum as applicable) and apply supplementary measures.
10) AI / Machine Translation (MT) Usage Policy
- Default: human-only for enterprise and certified work (two-linguist review when contracted).
- No public model training on client content.
- MT by approval only: enterprise engines with data-processing terms that disable retention/training; human post-editing and QA applied.
11) Your Privacy Rights
India (DPDP Act)
- Access, correction, erasure
- Grievance redressal & nominee
- Consent management
Grievance Officer: grievance@itranslationworld.com
EEA/UK (GDPR/UK GDPR)
- Access, rectification, erasure, restriction, portability, objection
- Withdraw consent anytime (without affecting prior lawful processing)
- Lodge complaints with a supervisory authority
We will identify our controller/processor role before fulfilling a request.
California (CPRA)
- Right to know, delete, correct; non-discrimination
- Opt-out of “sale”/“sharing” (we do not sell personal data)
- Limit use of sensitive data
How to submit a request
Email privacy@itranslationworld.com with subject Privacy Request. We may verify identity/authority.
12) Children’s Data
Our services are not directed to children. For certified translations involving minors, we process data only from parents/legal guardians and only as needed for the service or law.
13) Incident & Breach Notification
If we become aware of a personal data breach likely to pose a risk, we assess and notify affected clients/users and regulators as required.
14) Changes to this Policy
We may update this Policy for legal, technical, or business changes. The “Effective” date will be revised and material changes highlighted.
15) How to Contact Us
© 2007–2025 iConic Translation World Pvt Ltd. This page is informational and does not create additional contractual terms.
Appendix A — Certificates (publish IDs/PDFs)
| Standard | Certificate No. | Scope (short) | Issued by | Valid Until | Link |
|---|---|---|---|---|---|
| ISO 17100 | 17100-XXXX-YYYY | Translation services (corporate & certified) | Certifier | DD MMM YYYY | |
| ISO/IEC 27001 | 27001-XXXX-YYYY | Information Security Management | Certifier | DD MMM YYYY | |
| ISO 9001 | 9001-XXXX-YYYY | Quality Management System | Certifier | DD MMM YYYY |
Appendix B — Sub-processor Register (core services)
| Category | Provider | Jurisdiction | Typical Data | Transfer Mechanism | Notes |
|---|---|---|---|---|---|
| Web hosting / infra | (Your hosting) | IN/(other) | Logs, IPs | N/A / SCCs | Firewall/CDN as applicable |
| Email (business) | (Workspace/Zoho) | IN/EU/US | Business comms | SCCs / Addendum | Access-controlled |
| Payments | Cashfree | IN | Billing name, contact, txn refs | N/A | PCI handled by provider |
| Payments (if used) | Razorpay | IN | Billing name, contact, txn refs | N/A | PCI handled by provider |
| Analytics (if enabled) | GA4 | Global | Usage metrics | SCCs | Loads on consent |
| File delivery (if used) | (S3/Drive/SharePoint) | Region-based | Client files | SCCs / Regional | Access-controlled |
| Ticketing (if used) | (Freshdesk/Zoho Desk) | IN/EU/US | Support conversations | SCCs | |
| Courier | (Your courier) | IN | Name, address, phone | N/A | For certified docs |
We notify clients of material changes to this register per our DPA.