Privacy Policy of BURG Translations

1. Introduction

BURG Translations, Inc. (“BURG,” “we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website https://burgtranslations.com, use our translation services, or interact with us in any other capacity.

Our commitment to information security is demonstrated through our ISO/IEC 27001:2022 certification, which validates our systematic approach to managing sensitive information and maintaining robust security controls.

We are committed to complying with applicable data protection and privacy laws, including:

  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Other applicable state and federal privacy laws

By using our services or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Business Information: Company name, job title, industry, business requirements
  • Account Information: Username, password, account preferences
  • Payment Information: Billing address, payment method details (processed by third-party payment processors)
  • Communication Records: Correspondence, support requests, feedback

Protected Health Information (PHI)

When providing healthcare translation services, we may process Protected Health Information subject to HIPAA regulations. PHI is handled with additional security measures and in accordance with our HIPAA compliance procedures.

Educational Records and FERPA-Protected Information

When providing translation services for educational institutions, we may process educational records and information protected under FERPA. This includes student academic records, transcripts, disciplinary records, and other education-related documents. We handle such information in compliance with FERPA requirements and applicable institutional policies.

Personally Identifiable Information (PII)

We may process various forms of PII in the course of providing translation services, including but not limited to:

  • Government documents and official records
  • Legal documents and court records
  • Immigration and visa documentation
  • Financial and business records
  • Personal correspondence and communications

All PII is handled with appropriate security measures regardless of the specific regulatory framework that may apply.

Technical Information

We automatically collect certain technical information:

  • Usage Data: Pages visited, time spent on site, click patterns, referring websites
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Cookies and Tracking Technologies: See our Cookie Policy section below

3. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

  • Providing translation and interpretation services
  • Managing your account and processing transactions
  • Communicating about your projects and service updates
  • Providing customer support and technical assistance

Business Operations

  • Improving our services and website functionality
  • Conducting internal analytics and research
  • Managing vendor and supplier relationships
  • Complying with legal and regulatory requirements

Marketing and Communications

  • Sending newsletters, promotional materials, and service announcements
  • Providing information about services that may interest you
  • Participating in marketing events and webinars

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and UK, we process your personal information based on:

  • Contract Performance: To fulfill our translation services and contractual obligations
  • Legitimate Interests: For business operations, service improvement, and direct marketing
  • Legal Compliance: To meet regulatory requirements, including HIPAA compliance
  • Consent: Where specifically obtained for certain processing activities

5. Information Sharing and Disclosure

We may share your personal information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in:

  • Payment processing (PayPal/Braintree, Authorize.net)
  • Cloud storage and hosting services
  • Analytics and website optimization
  • Marketing and communication platforms

These providers are contractually required to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose personal information when required by law or to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect our rights, property, or safety
  • Investigate fraud or security incidents
  • Protect the rights and safety of our users and the public


Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to appropriate privacy protections.

PHI and Educational Records Disclosures

  • Protected Health Information: Only disclosed as permitted by HIPAA regulations and our Business Associate Agreements
  • Educational Records: Only disclosed as permitted by FERPA and in accordance with educational institution contracts and consent requirements
  • Other PII: Disclosed only as necessary for service delivery and as permitted by applicable law

6. Data Security

We implement robust security measures to protect your personal information:

Technical Safeguards

  • Encryption: AES-256 encryption for stored data and SSL/TLS for data in transit
  • Access Controls: Role-based access restrictions and multi-factor authentication
  • Regular Monitoring: Continuous security monitoring and vulnerability assessments
  • Secure Infrastructure: Industry-standard data centers with physical security controls

Administrative Safeguards

  • Information Security Management System (ISMS): Comprehensive security framework certified to ISO/IEC 27001:2022 standards
  • Staff Training: Regular security awareness training for all personnel
  • Incident Response: Established procedures for managing security incidents
  • Risk Assessments: Periodic evaluation of security risks and controls
  • Policy Compliance: Adherence to internationally recognized security standards and best practices

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any security breaches as required by law.

7. Data Retention

We retain personal information only as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, regulatory, and contractual requirements
  • Resolve disputes and enforce our agreements

Specific Retention Periods

  • Client Project Data and PHI: Retained for six (6) years following HIPAA guidance
  • Educational Records: Retained according to FERPA requirements and institutional contracts, typically 3-5 years after completion of services
  • Financial Information: Retained for ten (10) years in accordance with financial record requirements
  • General PII: Retained based on the purpose of collection and applicable legal requirements
  • Marketing Data: Retained until you opt out or as required for business purposes
  • Technical Data: Typically retained for 12-24 months for analytics purposes

When personal information is no longer needed, it is securely deleted or anonymized in accordance with NIST and DOD standards.

8. International Data Transfers

BURG is based in the United States. If you are located outside the U.S., your personal information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers involving EU/UK personal data, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Additional security measures to protect transferred data

9. Your Privacy Rights

General Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information in certain circumstances
  • Restriction: Request limitation of processing activities
  • Objection: Object to certain types of processing, including direct marketing
  • Portability: Request your data in a structured, machine-readable format

GDPR Rights (EU/UK Residents)

If you are in the EU or UK, in addition to your general rights, you also have:

  • The right to withdraw consent where processing is based on consent
  • The right to lodge a complaint with your local data protection authority

CCPA Rights (California Residents)

If you are a California resident, you have additional rights including:

  • The right to know what personal information is collected and how it’s used
  • The right to delete personal information
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@burgtranslations.com or our Security Officer (who serves as our Data Protection Officer) at security@burgtranslations.com. We will respond to your request within the timeframes required by applicable law.

10. Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and analyze website usage.

Types of Cookies We Use

  • Essential Cookies: Required for website functionality and security
  • Analytics Cookies: Help us understand how visitors use our website
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used to deliver relevant advertisements

Third-Party Services

We use the following third-party services that may collect information. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (e.g., ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy and Terms web page: https://policies.google.com/privacy?hl=en

Behavioral Remarketing

BURG Translations, Inc. uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy and Terms web page: https://policies.google.com/privacy?hl=en

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/585318558251813

To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices, the Digital Advertising Alliance of Canada in Canada

http://youradchoices.ca or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. For more information about cookies, visit www.aboutcookies.org.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing prominent notice on our website

The “Last Updated” date at the bottom of this policy indicates when the most recent changes were made.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
Email: privacy@burgtranslations.com

Data Protection Officer (Security Officer)
Email: security@burgtranslations.com

HIPAA Related Questions
Email: privacy@burgtranslations.com

FERPA Related Questions
Email: privacy@burgtranslations.com.
________________________________________________________________________________________

Effective Date: August 28, 2025
Last Updated: August 28, 2025