Lionbridge Privacy Policy: Privacy Shield

EU STANDARD CONTRACTUAL CLAUSES AND THE PRIVACY SHIELD

INTRODUCTION AND OVERVIEW

As a global provider of language and translation services, Lionbridge Technologies, Inc. (“Lionbridge”) is trusted by its customers and employees to safeguard the confidentiality and integrity of their content in any language and locale. Lionbridge has deployed a variety of measures to ensure that this content is protected appropriately and is transferred in accordance with applicable law. When that content consists of “personally identifiable information” or “Personal Data”, Lionbridge has implemented special procedures for processing, storage and transfer of Personal Data that are designed to meet the requirements of the EU-US Privacy Shield Framework. These procedures are detailed in this Privacy Policy, and applies to all Personal Data that Lionbridge processes, transfers or stores, whether from employees, vendors or customers.

Generally, in the course of its business, Lionbridge will have access to Personal Data consisting of personnel information related to its Personnel and business contact information of its Business Contacts and Contractors (“Business Contact Information”) or any such information that is contained in materials provided to Lionbridge for the purpose of obtaining translation, testing or other commercial services.

In addition to adopting the Privacy Shield, Lionbridge has also elected to adopt the EU Standard Contractual Clauses (Processors) with respect to the transfer of Personal Data from the European Union to the United States of America.

In adopting and complying with the Privacy Shield, Lionbridge adheres to the guidelines outlined in the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. Furthermore, Lionbridge has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. In the event of any conflict between this Privacy Policy (the “Policy”) and the Privacy Shield Principles, the terms of the Privacy Shield Principles shall govern. For additional information about the Privacy Shield, and to view our certification, please visit https://www.privacyshield.gov. Lionbridge’s practices with respect to the Privacy Shield are self-certified and reflect the current guidelines as outlined in the Privacy Shield Framework. In the event of any changes to the Privacy Shield Framework, Lionbridge undertakes to update and circulate this policy.

INDEPENDENT RESOURCES FOR PRIVACY COMPLAINTS

In compliance with the Privacy Shield Principles, Lionbridge commits to resolve complaints about our collection and use of personal information. To register complaints, submit access requests, or address any other issues arising under this Policy, EU and Swiss individuals should first send an email to the Lionbridge Legal Department at Privacy@lionbridge.com. Lionbridge has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. The services of JAMS are provided at no cost to you.

If the complaint concerns Personal Data that consists of Human Resources data, in accordance with the Privacy Shield Supplemental Policy for HR Data, we resolve to deal with all questions regarding HR Data and potential concerns arising from it in a timely manner. In the event that Lionbridge is unable to accommodate a European Union or Swiss employee’s request regarding HR Data, Lionbridge further commits to working with the EU Data Protection Authorities (“DPA”) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) that cover the jurisdiction from which the HR Data originated, and comply with the advice given by such authorities with regard to HR Data transferred from the EU and Switzerland in the context of the employment relationship. For information on how to contact your jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

For information on how to contact your jurisdiction’s FDPIC, visit https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html

SCOPE

This Policy applies to all Personal Data received by Lionbridge in any format, irrespective of country of origin or transfer, or citizenship of the Data Subject.

NOTICE

Lionbridge treats all Personal Data received from any individual, including but not limited to Personnel, Business Contacts and Vendors, as confidential. Lionbridge notifies all identified Data Subjects regarding the types of Personal Data collected and its intended uses. Lionbridge does not use Personal Data for purposes that are incompatible with the Privacy Shield.

Lionbridge works with a global network of freelance Vendors in performance of translation, testing, consulting and localization services. These Vendors may be exposed to Personal Data in performance of these services. However, they are at all times subject to confidentiality agreements and are authorized only to use such information within the scope of performance of the services. All Vendors handling Personal Data must also agree to the EU Standard Contractual Clauses.

When Lionbridge handles Personal Data received directly from Personnel in the EEA, it will inform the Personnel regarding the type of Personal Data being collected, the purpose for collecting the information, the types of Personnel and Third Parties likely to be exposed to this information in performance of services, and that individual’s choices in limiting such exposure.

Any Contractor has the right to terminate its working relationship with Lionbridge and request the deletion of Personal Data pertaining to them. However, Lionbridge will continue to maintain its historical business records in such a way so that Lionbridge may retain its historical knowledge and relationships concerning any legal or regulatory inquiries which may later arise. This practice is in the best interests of both parties so that identifying information relating to a particular matter is accessible but sufficiently discrete so that Lionbridge does not accidentally contact them for projects in the future.

Lionbridge may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

CHOICE

Lionbridge’s Personnel and Business Contacts have the opportunity to opt out from (i) allowing Lionbridge to disclose his or her Personal Data to a Third Party and (ii) allowing Lionbridge to Process Personal Data for a purpose other than its original purpose.

Personnel can ask questions and effectuate his or her opt-out as applicable, by sending an email to the local HR Representative, or other applicable contact person designated by Lionbridge, or by accessing the appropriate system, as applicable. Business Contacts can ask questions and effectuate his or her opt-out as applicable by sending an email to the applicable business contact at Lionbridge, other applicable contact person designated by Lionbridge, or by accessing the appropriate system. However, Lionbridge will continue to maintain its historical business records in such a way so that Lionbridge may retain its historical knowledge and relationships concerning any legal or regulatory inquiries which may later arise and retain information for legitimate business purposes.

With regard to Personal Data that Lionbridge receives in connection with the employment or business relationship, Lionbridge will use such Personal Data only for the purpose for which it was originally collected. If Lionbridge intends to disclose Personnel Personal Data to a Third Party for any purpose other than its original purpose, Lionbridge will provide the Personnel or Business Contact with an opportunity to opt-out of such uses.

ONWARD TRANSFER

Lionbridge will obtain assurances from Third Parties and Vendors that they will safeguard Personal Data consistent with this Policy. Lionbridge will take all precautions with respect to this Policy to prevent, contain, or stop disclosure contrary to such entity’s confidentiality obligations.

ACCESS AND CORRECTION

Lionbridge will provide individuals with reasonable access to the Personal Data they have provided to Lionbridge and will allow them to review and correct this Personal Data as required by the Privacy Shield Framework. Access to review this Personal Data will be granted except where the burden or expense of providing access would be disproportionate to the risks to the Personnel’s privacy or where the rights of others would be violated.

Lionbridge conducts a periodic assessment in order to verify that this Policy is published, accurate, comprehensive, prominently displayed, implemented, accessible and conforms to the principles of the EU Data Directive. Lionbridge maintains procedures for training Personnel in the implementation of the Policy and has in place internal procedures for periodically conducting objective reviews of compliance.

DATA INTEGRITY

Lionbridge ensures that all applicable Personal Data is accurate, complete, current and reliable for its intended use. All Personnel should help Lionbridge meet this objective by updating their information immediately in the event that Personal Data changes, either by notifying the local HR Representative, or other applicable contact person designated by Lionbridge, or updating the information themselves, if applicable. To the extent feasible, Lionbridge restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.

DATA SECURITY

Lionbridge undertakes to protect Personal Data from loss, misuse, and from unauthorized access, disclosure, alteration, and destruction. These precautions include password protections for online information systems and restricted access to Personal Data. Lionbridge may assign different types of data different security levels, with appropriate corresponding security precautions. Lionbridge also restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.

ENFORCEMENT

Lionbridge ensures to internally verify adherence to this Policy once per year as part of its annual review and internal compliance measures. Lionbridge will use its best commercial efforts to ensure that compliance with this policy is followed and that the Policy remains accurate, comprehensive, and in conformance with the Privacy Shield Framework.

In the event that any issues pertaining to this Policy cannot be resolved internally, Lionbridge agrees to adhere to the dispute resolution processes as outlined in the Privacy Shield Framework.

Lionbridge is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

GENERAL DEFINITIONS

"Agent" means a Third Party that Processes Personal Data solely on behalf of and under the instructions of Lionbridge.

"Business Contact" means a current, past, or prospective customer of Lionbridge or any of its subsidiaries and other individuals with whom it is, has been or may be engaged in commercial relationships.

"Vendor" means an individual who, as a non-employee and under contract with Lionbridge, provides translation and/or other services to Lionbridge.

"Data Subject" is an identified or identifiable natural person.

"Personal Data" is any information that is recorded in any form relating to an identified or identifiable natural person.

"Personnel" refers to any employee, former employee, job applicant, director or Vendor of Lionbridge or its subsidiary companies.

"Process (-ing, -es, -ed)" means to perform any operation upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

"Third Party" is any natural or legal person, public authority, agency or any other body other than the Data Subject, Lionbridge, Agent or Vendor.

Effective January 2018