Scribe Transcription Ltd – Privacy Policy

Last updated: 17th September 2025

We are registered with the Information Commissioner’s Office.
Download Our ICO Certificate (PDF)

1. Introduction

Scribe Transcription Ltd (“Scribe”, “we”, “our”, or “us”) is committed to protecting the privacy and confidentialityof all personal data entrusted to us. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulations (PECR),and the Data (Use and Access) Act 2025 (DUAA). This Privacy Policy explains how we collect, use, store, and protect your personal data, and outlines your rights under data protection law.

2. Who We Are & Contact Details

Scribe Transcription Ltd, 6 Knightsbridge Court, Bangor, County Down, BT19 6SD.

Email: info@scribetranscription.co.uk

Tel: +44 (0)2891 453105.

3. Roles (Controller & Processor)

Scribe acts as a data controller for our own business, administrative and marketing records. When we handle client transcription files, audio, or transcripts, we act as a data processor and process personal data only under the client’s documented instructions.

4. Personal Data We Collect

We may collect: Communication Data; Customer Data; User Data; Technical Data; Marketing Data;

Medical/Health Data(for medicaltranscriptionservices);and Criminal Offence Data wherenecessaryandlawful, supported by an Appropriate Policy Document.

Where we process criminal offence data, we do so only where necessary and lawful, in accordance with Article 10 UK GDPR and Schedule 1 of the Data Protection Act 2018. We rely on Schedule1 condition(s) for processing criminal offence data, e.g., employment, substantial public interest, legal claims. We have an Appropriate Policy Document (APD) in place, which sets out:

• The categories of criminal offence data processed

• The Schedule 1 condition(s) relied upon

• Procedures for ensuring compliance with the data protection principles (Article 5 UK GDPR)

• Retention and erasure policies for criminal offence data

• How the APD is kept under review and made available on request

Where we obtain your personal data from sources other than directly from you (for example, from our clients or third parties), we will inform you of the source of your data at the time of collection or as soon as practicable.Where the provision of personal data is a statutory or contractual requirement, or necessary to enter into a contract, we will inform you of this and the possible consequences of failing to provide such data.

5. Purposes & Lawful Bases

Our lawful bases are mapped to purposes as follows:

• Provide transcription services → contractual necessity;

• Maintain financial records → legal obligation;

• Improve services → legitimate interests (e.g., service accuracy and efficiency);

• Send marketing → consent or legitimate interests;

Where we process criminal offence data, we also identify a lawful basis under Article 6 in addition to a Schedule 1 condition under the Data Protection Act 2018.

Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing & Processors

We may share data with IT providers, professional advisers, regulators, or in the event of a business transfer.All third parties must protect personal data and act only on our instructions. All processors engaged by Scribe must sign compliant Article 28(3) Data Processing Agreements (DPAs).

7. International Transfers

Where we transfer personal data outside the UK/EEA, we will inform you of the countries or categories of recipients, the safeguards in place (such as adequacy regulations, IDTA, or SCCs), and how to obtain a copy of these safeguards.

8. Security Measures

We implement technical and organisational measures including encryption in transit and at rest, confidentiality agreements, role-based access controls, audit logs, periodic risk assessments, restore capability, and regular testing of controls.

9. Retention

We retain criminal offence data only for as long as necessary for the purposes for which it was collected, in accordance with our Appropriate Policy Document. Specific retention periods or criteria are available on request.

Customer/accounting data is kept for six years for legal/tax purposes.

Client transcription recordings or audio files are retained for 30 days postproduction, to allow for future edits, then securely deleted.

10. Your Rights

You have rights to: be informed; access; rectification; erasure; restriction; portability; and objection. We do notuse automated decision/making or profiling. If this changes, we will notify you and provide the right to human review. Requests will be subject to the data protection legislation’s requirement for searches to be reasonable and proportionate. We may pause the one-month response period while verifying identity or clarifying scope.

We respond within one month, extendable by up to two further months where necessary. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, explaining why. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk, Tel: 0303 123 1113.

Where we process criminal offence data, you have the right to be informed about:

• The lawful basis and Schedule 1 condition(s) relied upon

• The existence of our Appropriate Policy Document

• Your rights in relation to this data, including the right to lodge a complaint with the ICO.11. Data Portability

Portability rights will be honoured in machine-readable formats only i.e. ICO states formats are exclusive to CSV, JSON, or XML.

12. Medical Transcription (Special Category Data)

For medical transcription, we apply enhanced safeguards: trained personnel, encryption, strict access controls, and audit trails.

For special category data (such as health data in medical transcription), we process your data only where necessary and rely on relevant Article 9 condition(s).

13. Criminal Offence Data & Appropriate Policy Document

Where criminal offence data is processed, we do so only where necessary and lawful, supported by an Appropriate Policy Document in line with the DPA 2018.

We do not carry out law enforcement processing as a ‘competent authority’ under Part 3 of the Data Protection Act 2018. If this changes, we will update this notice accordingly.

14. Cookies

Our website uses cookies for functionality and analytics. Some low risk cookies (for analytics or serviceimprovement) may be used without explicit consent, provided users are offered clear opt-out options. You may disable cookies in your browser; some features may not work. See our Cookies Policy for more details.

15. Complaints & Handling

We operate a formal internal complaints procedure. Complaints will be acknowledged within 30 days andresponded to without undue delay.

Any concerns should be sent to: Data Protection Lead, Scribe Transcription Ltd, 6 Knightsbridge Court, Bangor, County Down, Northern Ireland, BT19 6SD.

Email: hello@scribetranscription.co.uk