Legal, Data Privacy, and Codes of Conduct

Lionbridge complies with the applicable laws and regulations protecting the privacy of Personal Data in the jurisdictions in which we operate.

Lionbridge Technologies, Inc.

Global Personal Data Privacy Policy

Overview:

Lionbridge Technologies, Inc. (“Lionbridge”) recognises and supports the need for reasonable protections regarding the privacy of the personally identifiable information of Personnel and Business Contacts collected by or through Lionbridge, including any such information that is contained in materials provided to Lionbridge for the purpose of obtaining translation, testing or other commercial services. For this reason, Lionbridge has developed and adopted this policy (“Policy”) regarding the protection of personally identifiable information of Personnel and Business Contacts (hereinafter referred to as “Personal Data”). This Policy applies to all Personal Data that is processed by Lionbridge or its subsidiary companies. In addition, all Personnel and Agents working on behalf of Lionbridge whose responsibilities include the processing (e.g. collection or storage) of Personal Data are expected to assist in the protection of that Personal Data by adherence to this Policy, even if local law is less restrictive.

In adopting and complying with this Policy, Lionbridge complies with the applicable laws and regulations protecting the privacy of Personal Data in the jurisdictions in which Lionbridge or its subsidiary companies operate. Where appropriate, laws within specific jurisdictions may require supplemental terms to comply with local laws.

Scope:

PRIVACY PRINCIPLES

This Policy applies to Personal Data about Data Subjects that is Processed by Lionbridge in the course of daily business activity. Nothing in this Policy is intended to form a contract of employment or otherwise.

In furtherance of its commitment to privacy compliance, Lionbridge has executed the EU and Swiss Model Clauses with respect to EEA and Swiss human resource personal data (e.g. data pertaining to employees or temporary workers of Lionbridge or of Lionbridge’s customers or prospective customers) Processed as part of its Human Resources activities, and with respect to EEA and Swiss business contact information (e.g., name, business address, telephone, email address and other social media based contact information) Processed as part of its commercial activities or in connection with services delivered to the Business Contact.

Policy:

GLOBAL POLICY PRINCIPLES

1. Processing and Notice

Lionbridge Processes Personal Data in a reasonable and lawful manner for relevant and appropriate purposes. Lionbridge notifies all identified Data Subjects regarding the types of Personal Data collected and its intended uses. Lionbridge provides this notice pursuant to this Policy and when Lionbridge collects Personal Data, as well as when Personal Data is Processed for a purpose other than originally or later authorised. Lionbridge does not use Personal Data obtained from Data Subjects for purposes that are incompatible with those purposes stated in Lionbridge notices to Data Subjects.

From time to time, Lionbridge may analyze or utilise data derived from Data Subjects in an anonymous manner, such that the names of the Data Subjects are not known by data processors within Lionbridge. In these cases, Data Subjects do not need to be notified.

Types of Data Collected

Lionbridge Processes Personal Data about Personnel which may include but not be limited to the following types of Personal Data: Details about education and training, employment, family, financial matters, personal matters, physical or mental health conditions; racial or ethnic origin; religious or other beliefs of a similar nature; business contact information. As described further below, it is necessary for Lionbridge to Process these types of Personal Data in order to provide insurance and benefits coverage to Personnel and their families as well as to comply with terms of particular customer engagements which require information on workforce composition. The Personal Data relates to all Personnel, as well as relatives and associates of the Data Subject, to the extent that such information is provided to Lionbridge by Personnel. For Contractors and directors, such Personal Data may include business contact data and information necessary for Lionbridge to pay such Contractors and directors for rendered services.

Lionbridge Processes Personal Data about Business Contacts which may include but not be limited to the following types of Personal Data: name, title, and general business contact information (including business address, telephone, email address and other social media based contact information). As described further below, it is necessary for Lionbridge to Process these types of Personal Data in order to provide services to its Business Contacts and to Process customer materials that may be embedded with Personal Data. The Personal Data relates to all Business Contacts to the extent such information is provided to Lionbridge by the Business Contact or to the extent such information is embedded in materials that are provided to Lionbridge by the Business Contact.

Purposes For Which Personal Data May Be Processed

Lionbridge Processes such Personnel Personal Data for activities associated with the management of Human Resources including but not limited to recruitment, work planning and management, appraisal, promotion, training, career development, remuneration and other benefits, health and safety, life, health, and medical insurance, administration of defined benefit (401(d) or pension) plans, succession planning and talent management initiatives, disciplinary procedures, compliance with legislation and company policy, transfer, redeployment, references, audit, corporate and business reorganisations, administrative and security functions and any other Human Resources-related activities. For Contractors and directors, Lionbridge Processes Personal Data for activities associated with the provision of services provided by such Contractors and directors to Lionbridge, and the payment for such services.

Lionbridge Processes such Business Contact Personal Data for activities associated with the procurement and performance of its business activities including but limited to translation, testing, localisation, content development and interpretation services.

2. Choice

Lionbridge gives each Data Subject the opportunity to opt out from (i) allowing Lionbridge to disclose his or her Personal Data to a Third Party unless the disclosure is required by law or for the fulfillment of a contractual obligation (e. g. employment contract) and (ii) allowing Lionbridge to Process Personal Data for a purpose other than its original purpose or the purpose authorised subsequently by the Data Subject.


Personnel can ask questions and effectuate his or her opt-out as applicable, by sending an email to the local HR Representative, or other applicable contact person designated by Lionbridge, or by accessing the appropriate system, as applicable. Business Contacts can ask questions and effectuate his or her opt-out as applicable by sending an email to the applicable business contact at Lionbridge, other applicable contact person designated by Lionbridge, or by accessing the appropriate system.

With regard to Personal Data that Lionbridge receives in connection with the employment or business relationship, Lionbridge will use such Personal Data only for the purpose for which it was originally collected. If Lionbridge intends to disclose Personnel Personal Data to a Third Party for any purpose other than its original purpose, Lionbridge will provide the Personnel or Business Contact with an opportunity to opt-out of such uses.

Prior to disclosing Sensitive Data to a Third Party or processing Sensitive Data for a purpose other than its original purpose or the purpose authorised subsequently by the Data Subject, Lionbridge will obtain each Data Subject’s explicit consent (opt-in consent).

Where consent of the Data Subject or a representative of Data Subject for the Processing (mainly collection, use, or disclosure) of Personal Data is required by law or contract, Lionbridge will comply with the law or contract.

3. Onward Transfer (Transfers to Third Parties)

Lionbridge does not transfer Personal Data provided by Personnel or Business Contacts to Agents or Third Parties unless those Parties commit to provide that Personal Data, at a minimum, with the equivalent level of protection that Lionbridge provides and to refrain from uses or disclosures that are not authorised by Lionbridge. Where local law requires a (written) agreement for the transfer of Personal Data to a Third Party, Lionbridge complies with local law.

Prior to making Personal Data available to any Agent or Third Party, Lionbridge will first ascertain that the Agents and Third Parties provide sufficient protection of the Personal Data. Specifically, Lionbridge will determine if the Agent or Third Party either subscribes to or complies with this Policy or is subject to the EU Data Protection Directive or another adequacy finding. This requirement may also be satisfied if the Agent or Third Party enters into a written agreement requiring that it provide the same level of privacy protection as required by the relevant Policy Principles articulated in this Policy.

Disclosure of Personal Data beyond the Personnel or Agents of Lionbridge may be made pursuant to an agreement, for a legitimate business need, as required by law or legal process or for another lawful purpose (e.g. cooperation with local law enforcement authorities).

4. Security

Lionbridge takes reasonable precautions to protect Personal Data from loss, misuse, and from unauthorised access, disclosure, alteration, and destruction. These precautions include password protections for online information systems and restricted access to Personal Data. Lionbridge may assign different types of data different security levels, with appropriate corresponding security precautions. To the extent feasible, Lionbridge restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.

5. Data Integrity

Lionbridge takes reasonable steps to ensure that all applicable Personal Data is accurate, complete, current and reliable for its intended use. All Personnel should help Lionbridge meet this objective by updating their information immediately in the event that Personal Data changes, either by notifying the local HR Representative, or other applicable contact person designated by Lionbridge, or updating the information themselves, if applicable. To the extent feasible, Lionbridge restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.

6. Access

Lionbridge will provide Data Subjects with reasonable access to the Personal Data they have provided to Lionbridge and, when appropriate, will allow Data Subjects to review and correct this Personal Data as required by law or by Lionbridge policies. Access by Data Subjects to review this Personal Data will be granted except where the burden or expense of providing access would be disproportionate to the risks to the Personnel’s privacy or where the rights of others would be violated.

7. Enforcement

All Personnel whose responsibilities include the Processing of Personal Data are required to adhere to this Policy. Adherence to this Policy will be audited periodically by appropriate resources. Failure to comply with this Policy may be grounds for discipline up to and including termination.

Self-Assessment

Lionbridge conducts a periodic assessment in order to verify that this Policy is published, accurate, comprehensive, prominently displayed, implemented, accessible and conforms to the principles of the EU Data Directive. Lionbridge maintains procedures for training Personnel in the implementation of the Policy and has in place internal procedures for periodically conducting objective reviews of compliance.

Complaints

Any Personnel who feels that Lionbridge is not abiding by this Policy or the principles of the EU Data Directive may contact his or her local HR Representative, or other applicable contact person designated by Lionbridge, in order to register complaints, submit access requests, or address any other issues arising under this Policy. Any Business Contact who feels that Lionbridge is not abiding by this Policy or the principles of the EU Data Directive may contact his or her Lionbridge business contact, or other applicable contact person designated by Lionbridge, in order to register complaints, submit access requests, or address any other issues arising under this Policy. Alternatively, any Data Subject may report concerns confidentially and anonymously through the Convercent Anonymous Hotline (see contact information below). The Convercent Anonymous Hotline will address inquiries and disputes that are not addressed by the applicable contact person designated by Lionbridge.



All complaints and requests submitted pursuant to this Policy will be reviewed promptly. In the event complaints cannot be resolved through the applicable contact person designated by Lionbridge, the complaint must be referred to the General Counsel of Lionbridge. In the event any Data Subject believes a complaint has not been resolved to his or her satisfaction by Lionbridge through the applicable contact person designated by Lionbridge, or the General Counsel of Lionbridge, it may be referred to the appropriate European Data Protection Authority (“DPA”) for resolution at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/files/ussh/complaint_form_20130206_en.pdf. Lionbridge does not retaliate against any Personnel who registers complaints, submits access requests, or addresses any other issues arising under this Policy.



Lionbridge agrees to cooperate with the DPA where the DPA takes the view that the organisation needs to take specific action to comply with the principles of the EU Data Directive. Lionbridge will provide the DPA with written confirmation that such agreed upon actions have been taken.

8. Amendment

From time to time, Lionbridge may amend this Policy, should it become necessary to do so. Any changes to this Policy will be communicated to you.

9. Contact Details

For any questions regarding this Policy or the principles of the EU Data Directive, contact the applicable contact person designated by Lionbridge.

You may contact the Convercent Anonymous Hotline either by telephone or via the internet as follows:

Telephone: The Convercent Anonymous Hotline provides country specific international toll-free telephone numbers which are available on the intranet.

Internet: If you would prefer to access the confidential web page to report your complaint, you can access the web page at:

Lionbridge Technologies Inc. - Ethics & Compliance Portal




GENERAL DEFINITIONS



“Agent” means a third party that Processes Personal Data solely on behalf of and under the instructions of Lionbridge.

“Business Contact” means a current, past, or prospective customer of Lionbridge or any of its subsidiaries and other individuals with whom it is, has been or may be engaged in commercial relationships.

”Contractor” means an individual who, as a non-employee and under contract with Lionbridge, provides translation and/or other services to Lionbridge.

“Data Subject” is an identified or identifiable natural person.

“EEA” refers to the European Economic Area, which covers the countries of the European Union as well as additional non EU-countries (currently Iceland, Liechtenstein, Norway).

“Personal Data” is any information that is recorded in any form relating to an identified or identifiable natural person who is Personnel or a Business Contact. .

“Personnel” refers to any employee, former employee, job applicant, director or Contractor of Lionbridge or its subsidiary companies.

“Process (-ing,-es, -ed)” means to perform any operation upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Sensitive Data” is Personal Data including but not limited to:
•Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life or specifying the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the Data Subject or the disposal of such proceedings, or the sentence of any court in such proceedings.
•Any government issued ID number (employer or taxpayer identification number, Social Security Number, state ID number, driver’s license number, DEA number, passport number, etc.)
•Financial institution account number, payment information, credit or debit card number
•Health insurance identification or account number
•Information derived from a credit report or background check
•Information about physical or psychological state of health, disease state, medical history or medical treatment or diagnosis by a health care professional
•Mother’s maiden name, father’s name
•Rx/Prescription number
•Biometric information (fingerprints, retinal scans)
•DNA profile.



“Third Party” is any natural or legal person, public authority, agency or any other body other than the Data Subject, Lionbridge, Agent or Contractor.

RELATED REFERENCES