EU STANDARD CONTRACTUAL CLAUSES AND THE PRIVACY SHIELD
INTRODUCTION AND OVERVIEW
Generally, in the course of its business, Lionbridge will have access to Personal Data consisting of personnel information related to its Personnel and business contact information of its Business Contacts and Contractors (“Business Contact Information”) or any such information that is contained in materials provided to Lionbridge for the purpose of obtaining translation, interpretation, testing or other commercial services.
In addition to adopting the Privacy Shield, Lionbridge has also elected to adopt the EU Standard Contractual Clauses (Processors) with respect to the transfer of Personal Data from the European Union to the United States of America.
INDEPENDENT RESOURCES FOR PRIVACY COMPLAINTS
In compliance with the Privacy Shield Principles, Lionbridge commits to resolve complaints about our collection and use of personal information. To register complaints, submit access requests, or address any other issues arising under this Policy, EU and Swiss individuals should first send an email to email@example.com. Lionbridge has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. The services of JAMS are provided at no cost to you.
If the complaint concerns Personal Data that consists of Human Resources data, in accordance with the Privacy Shield Supplemental Policy for HR Data, we resolve to deal with all questions regarding HR Data and potential concerns arising from it in a timely manner. In the event that Lionbridge is unable to accommodate a European Union or Swiss employee’s request regarding HR Data, Lionbridge further commits to working with the EU Data Protection Authorities (“DPA”) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) that cover the jurisdiction from which the HR Data originated, and comply with the advice given by such authorities with regard to HR Data transferred from the EU and Switzerland in the context of the employment relationship. For information on how to contact your jurisdiction’s DPA, visit https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-are-data-protection-authorities-dpas-and-how-do-i-contact-them_en
For information on how to contact your jurisdiction’s FDPIC, visit https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html
As further explained in the Privacy Shield Principles, binding arbitration is available to address residual claims not resolved by any of the other Privacy Shield mechanisms, if any.
This Policy applies to all Personal Data received by Lionbridge in any format, irrespective of country of origin or transfer, or citizenship of the Data Subject.
Lionbridge treats all Personal Data received from any individual, including but not limited to Personnel, Business Contacts and Vendors, as confidential. Lionbridge notifies all identified Data Subjects regarding the types of Personal Data collected and its intended uses. Lionbridge does not use Personal Data for purposes that are incompatible with the Privacy Shield.
Lionbridge works with a global network of freelance Vendors in performance of translation, interpretation, testing, consulting and localization services. These Vendors may be exposed to Personal Data in performance of these services. However, they are at all times subject to confidentiality agreements and are authorized only to use such information within the scope of performance of the services. All Vendors handling Personal Data must also agree to the EU Standard Contractual Clauses.
When Lionbridge handles Personal Data received directly from Personnel in the EEA, it will inform the Personnel regarding the type of Personal Data being collected, the purpose for collecting the information, the types of Personnel and Third Parties likely to be exposed to this information in performance of services, and that individual’s choices in limiting such exposure.
Any Contractor has the right to terminate its working relationship with Lionbridge and request the deletion of Personal Data pertaining to them in accordance with applicable law. However, Lionbridge will continue to maintain Personal Data in accordance with its Privacy Notices and in accordance with Lionbridge records retention policies and local laws and regulations. This practice is in the best interests of both parties so that identifying information relating to a particular matter is accessible but sufficiently discrete so that Lionbridge does not accidentally contact them for projects in the future.
Lionbridge may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Lionbridge’s Personnel and Business Contacts have the opportunity to opt out from allowing Lionbridge to Process Personal Data for a purpose other than its original purpose. Lionbridge will not disclose Personal Data to any Third Party for the purposes of any direct marketing of products or services without permission of Lionbridge’s Personnel or Business Contacts, or providing an opportunity to opt out of receiving the direct marketing.
Personnel can ask questions and exercise his or her rights with respect to Personal Data by: (i) if the Personnel has a Lionbridge e-mail address, by going to the Lionbridge support portal, and (ii) if the Personnel does not have a Lionbridge e-mail address, by contacting Lionbridge at firstname.lastname@example.org. Business Contacts can ask questions and exercise his or her rights with respect to Personal Data by contacting Lionbridge at email@example.com. However, Lionbridge will continue to maintain Personal Data in accordance with its Privacy Notices and in accordance with Lionbridge records retention policies and local laws and regulations.
With regard to Personal Data that Lionbridge receives in connection with the employment or business relationship, Lionbridge will use such Personal Data only for the purpose for which it was originally collected. If Lionbridge intends to disclose Personnel Personal Data to a Third Party for any purpose other than its original purpose, Lionbridge will provide the Personnel or Business Contact with an opportunity to opt-out of such uses.
Lionbridge will obtain assurances from Third Parties and Vendors that they will safeguard Personal Data consistent with this Policy. Lionbridge will take all precautions with respect to this Policy to prevent, contain, or stop disclosure contrary to such entity’s confidentiality obligations. Lionbridge will remain liable if a Third Party or Vendor processes such Personal Data in a manner inconsistent with the Privacy Shield Principles, unless Lionbridge proves that it is not responsible for the event giving rise to the damage.
ACCESS AND CORRECTION
Lionbridge will provide individuals with reasonable access to the Personal Data they have provided to Lionbridge and will allow them to review and correct this Personal Data as required by the Privacy Shield Framework. Access to review this Personal Data will be granted in accordance with applicable law, and except where the burden or expense of providing access would be disproportionate to the risks to the Personnel’s privacy or where the rights of others would be violated.
Lionbridge conducts a periodic assessment in order to verify that this Policy is published, accurate, comprehensive, prominently displayed, implemented, accessible and conforms to the principles of the EU General Data Protection Regulation. Lionbridge maintains procedures for training Personnel in the implementation of the Policy and has in place internal procedures for periodically conducting objective reviews of compliance.
Lionbridge ensures that all applicable Personal Data is accurate, complete, current and reliable for its intended use. All Personnel should help Lionbridge meet this objective by updating their information immediately in the event that Personal Data changes, either by notifying the local HR Representative, or other applicable contact person designated by Lionbridge, or updating the information themselves, if applicable. To the extent feasible, Lionbridge restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.
Lionbridge undertakes to protect Personal Data using commercially reasonable organizational, technical and administrative procedures to protect against unauthorized or unlawful access, processing, disclosure, alteration, destruction or accidental loss of your personal data. These precautions include password protections for online information systems and restricted access to Personal Data. Lionbridge may assign different types of data different security levels, with appropriate corresponding security precautions. Lionbridge also restricts access to Personal Data to those Personnel or Agents of Lionbridge that have a legitimate business need for such access.
Lionbridge ensures to internally verify adherence to this Policy once per year as part of its annual review and internal compliance measures. Lionbridge will use its best commercial efforts to ensure that compliance with this policy is followed and that the Policy remains accurate, comprehensive, and in conformance with the Privacy Shield Framework.
In the event that any issues pertaining to this Policy cannot be resolved internally, Lionbridge agrees to adhere to the dispute resolution processes as outlined in the Privacy Shield Framework.
Lionbridge is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
“Agent” means a Third Party that Processes Personal Data solely on behalf of and under the instructions of Lionbridge.
“Business Contact” means a current, past, or prospective customer of Lionbridge or any of its subsidiaries and other individuals with whom it is, has been or may be engaged in commercial relationships.
“Vendor” means an individual who, as a non-employee and under contract with Lionbridge, provides translation and/or other services to Lionbridge.
“Data Subject” is an identified or identifiable natural person.
“Personal Data” is any information that is recorded in any form relating to an identified or identifiable natural person.
“Personnel” refers to any employee, former employee, job applicant, director or Vendor of Lionbridge or its subsidiary companies.
“Process (-ing, -es, -ed)” means to perform any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Third Party” is any natural or legal person, public authority, agency or any other body other than the Data Subject, Lionbridge, Agent or Vendor.
Effective January 2019