- 1. Glossary
- 2. Personal Data Process
- 3. Disclosures of personal data
- 4. Data retention
- 5. Data access, rectification, objection and restriction
- 6. Data deletion
- 7. Data export and portability
- 8. Other rights
- 9. Data Security
- 10. Personal Data Breach
- 11. International Transfers
- 12. GDPR, CCPA, and ISO 27001
- 13. EU-U.S. Data Privacy Framework
- 14. Data Protection Officer
- 15. Independent Recourse mechanism for data subjects
- 16. Liability for Onward transfers
- 17. Changes to this Policy
- 18. Contact us
Last updated December 2024
This Privacy Policy is meant to help you understand what information we collect, why we collect it and how you can access, export or delete your information. This Privacy Policy applies to Unbabel Inc. group of companies.
1. Glossary
- 2FA – Two Factor Authentication means that an authentication requires a token that the user, and only the user, has on them at a given time
- Data Controller (or Controller) – the entity that determines the purposes and means of the processing of Personal Data
- Data Processor (or Processor) – the entity that processes Personal Data on behalf of the Data Controller
- Data Protection Authority – the independent national public authority responsible for the monitoring and enforcement of the data protection regulations within the European Union
- Data Protection Officer – a person or an entity with expert knowledge of data protection law and practices that assists the controller or processor to monitor internal compliance with data protection laws and regulations
- Data Subject – an identified or identifiable natural person whose Personal Data is processed by a controller or processor
- DPA – Data Processing Agreement is a legal binding document that governs the processing made by a Data Processor
- Encryption – set of technological measures that ensure that the data is only readable by those with specified access
- NDA – Non-Disclosure Agreement is a legal binding document in which the parties involved can restrict the use and dissemination of information
- Personal Data (including Personal Information) – any information related to a ‘Data Subject’, that can be used to directly or indirectly identify the Data Subject
- Processing – any operation or set of operations performed on Personal Data, hether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Personal Data Process
2.1. Personal data
Personal Data means any information related to a ‘Data Subject’, that can be used to
directly or indirectly identify the Data Subject.
2.2. Personal data processed by Unbabel
Community (Editors, Evaluators and Annotators): Unbabel uses Personal Data to connect each editor, evaluator and annotator (“Community”) with the tasks they are more likely to achieve a better end result, including to monitor the usability of our platform during the provision of such tasks. Unbabel may use their Personal Data to communicate with its Community if there is an inaccuracy or complaint related to an assigned translated work. Unbabel may also require our Community’s payment details to perform and register payment over work provided on the platform. The following Community Personal Data is collected by Unbabel: – Email address – First name – Last name – Country – Birthdate – Language skills – Clickstream and access times
Clickstream and access times are used by Unbabel to provide general statistics regarding use of the platform and compliance with terms of service. For this purpose, we do link this automatically collected data with other Personal Data, such as First and Last name and Email address.
Prospects: Unbabel uses Personal Data to provide information or demos about our products and services to potential clients (“Prospects”), to communicate with them and answer to their requests as well as to keep them updated about such products and services, by means of periodical emails or messages. For the above purpose, Unbabel collects the following Personal Data from the Prospects (related to individuals):
- Last name
- Job Title and department
- Company name
- Postal address of the Company
- Professional Email address
- Professional Phone number
- Corporate website URLs
Clients: In order to provide reporting, e-mail communications and billing to its
clients, Unbabel collects the following Personal Data from its Clients’ accounts
(related to individuals):
- Email address
- First Name
- Last Name
- IP address
- Country/city
- Billing Details (in case of individual Clients)
- Taxpayer number (in case of individual Clients)
Clickstream, URL referral and access times of Clients’ agents are used by Unbabel to provide general statistics regarding use of the platform. This information will not be used to identify any individual, being stored and visualized in an aggregate, de-identified format.
Unbabel proceeds to the pseudonymization, via a software tool called “Eraser”, of any Personal Data that may be included in the original works subject to translation. This pseudonymization occurs prior to any disclosure of data to our Community. Once translated works are received back from the Community, the Personal Data is re-inserted by Unbabel for secure transmission to the Client. Afterwards Personal Data might be permanently deleted from Unbabel systems. Where a translation is used for the retraining of machine learning engines, data is retrained in an anonymized format.
Sources: All Personal Data processed by Unbabel regarding its Community, Prospects or Clients is either contributed/uploaded by them or, regarding Prospects, collected by our search technology while scanning the web or through market research surveys.
Purposes: Unbabel will collect and use Personal Data solely for fulfilling the above specified purposes and for ancillary purposes of the same.Personal Data should not be further processed in a manner that is incompatible with the purposes that governed the processing, and, to the extent necessary for those purposes, it should be accurate, complete, and up-to-date. Unbabel does not sell any Personal Data.
Legal basis for the processing: Unbabel processes the Personal Data of its Community either to perform their contractual relationship (or taking steps before entering into a contract) or to pursue its legitimate interest of ensuring the quality of assigned translated work.Unbabel processes the Personal Data concerning its Prospects either based upon their consent or relying in its legitimate interest to communicate news or updates on its products and services, without prejudice to their right to object at any time to processing of Personal Data for marketing purposes. We promptly honor such opt-out requests.
Finally, Unbabel processes the Personal Data related to its Clients pursuant to their contractual relationship (or taking steps before entering into a Contract) or in order to achieve its legitimate interest of providing a top-notch service, namely, to respond to enquiries, to send administrative information or to provide customer service.
Should you not provide us with all the Personal Data mentioned above, we may not be able to enter into or execute a contract with you.
3. Disclosures of personal data
To support the delivery of our services, Unbabel relies on service providers. Any service provider engaged by Unbabel that might have access or process data that may contain Personal Data is considered a Processor. Despite the Unbabel translation pipeline was designed taking in consideration privacy and security measures, Unbabel still performs a security and privacy review of the practices of any Processors before engaging with them.
Below follows a list of our current Processors:
- Amazon Web Services – Cloud service provider – United States
- ChurnZero – Customer success management – United States
- Cloudflare – Content distribution, security services and DNS services – United States
- Databricks – Store data from several Unbabel microservices – United States
- DeepL – Neural Machine Translation Service – Germany
- DocuSign – Contract manager – United States
- Fullstory – Support services – United States
- Google Cloud – Cloud service provider – United States
- Gong – Call recording software – United States
- Hubspot – Marketing and analytics services – United States
- Hotjar – Survey – Behavioural Analytics and Feedback – Malta
- Intercom – Editor’s contact manager – United States
- Logz.io – Infrastructure and security monitoring – United States
- Microsoft Azure – Cloud computing services provider / machine translation – United States
- Mine Privacy Ops – Data inventory and mapping, Record of Processing Activities (ROPA) – Israel
- MongoDB – Cloud management services – United States
- Open AI – Machine translation and other AI applications – United States
- Payoneer – Cloud-based payment services – United States
- Paypal – Cloud-based payment services – United States
- Pusher – Notification manager – United Kingdom
- Salesforce – Client relationship manager – United States
- Stripe – Cloud-based payment services – United States
- Unbabel, Lda – Service provider – United States
- Zendesk – Integration manager – United States
Contractual safeguards & due diligence for our Processors: Any processor and subprocessor used by Unbabel are put under a rigorous scrutiny to assess their security, confidentiality and privacy policies, as well as the adoption of adequate safeguards. We require all our Processors to have signed a DPA with us, similar to the DPA that our Clients sign with us, including but not limited to the requirements to:
- process Personal Data as defined on their DPA
- restrict data access only to trusted and contractually bounded staff to assure data privacy and security
- train the staff who has access to Personal Data on data privacy and protection issues
- implement processes which take privacy into account throughout all their data processing activities
- inform Unbabel about any actual or potential data breach
- cooperate with Data Protection Authorities or Data Controllers when enquired
Unbabel only discloses Personal Data to service providers where the disclosure is absolutely necessary to provide the services that our Clients request. Unbabel will not sell any kind of Personal Data.
Notwithstanding, in restricted and signaled circumstances, we may disclose Personal Data to service providers for marketing purposes. We subject the transfer to prior consent of Data Subjects or, at least, we acknowledge that the Data Subjects have the right to object at any time to processing of Personal Data for marketing purposes.
Legal reasons: Unbabel may disclose Personal Data to comply with lawful requests, subpoenas, search warrants or orders by public authorities, including to meet national security or law enforcement requirements. Unbabel may also disclose Personal Data in order to address a violation of the law or to exercise its legal rights or respond to a legal claim.
4. Data retention
Unbabel complies with the principle of data minimization. Therefore, Personal Data shall only be kept while it is adequate, relevant and limited to what is necessary in relation to the purposes of processing.For instance, Personal Data will be stored during the contractual relationship with our Community or with our Clients (“active accounts”) or as long as a valid consent is ensured by our Prospects, notwithstanding the need to preserve data for compliance with legal obligations during the term prescribed by law.
5. Data access, rectification, objection and restriction
Unbabel allows the Data Subjects to access and rectify their Personal Data and also to object to and restrict the processing of their Personal Data in their user’s profile. If you want to make a request regarding the Personal Data that Unbabel holds from you without accessing our platform, follow the procedure below:
- Request data access, rectification, objection or restriction Send us an email from the email upon which you created your Unbabel account to data-requests@stagingunbabel.wpengine.com with subject ‘Data access/rectification/objection/restriction request’, specifying your request. Please note that if you object to or restrict the processing of data that we absolutely need to manage your account, we may have to suspend/block your account. Also note that, according to applicable data protection regulations, the right of objection or restriction are subject to certain limitations, which we will take into account to assess the legitimacy of your request.
- Verify your identity We will send you an email to the address you used to register your account with some steps to verify your identity.
- Data access/rectification/objection/restriction Once we confirm your identity we will proceed with the access/rectification/objection/restriction to/of your Personal Data.
- Opt-out If you no longer wish to receive our newsletter and/or promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by visiting “unsubscribe”. After we receive your request, we will send you an email message to confirm that you have been unsubscribed.
6. Data deletion
To maintain and improve service continuity and quality, data is deleted upon account termination or by explicit request either on our platform or by email, provided and insofar that such deletion does not prevent Unbabel or the Data Subject to comply with their legal or contractual obligations. If you want us to delete your data without accessing our platform, follow the procedure below:
- Request data deletion Send us an email from the email you shared with us to data-requests@stagingunbabel.wpengine.com with subject ‘Data deletion request’.
- Verify your identity We will send you an email to the address you used to register your account with some steps to verify your identity.
- Data deletion Once we confirm your identity and we confirm that the requested deletion is not subject to any legal or contractual limitation or exception, we will proceed insofar with the deletion of your Personal Data.
7. Data export and portability
In compliance with applicable data protection regulations, Unbabel enables Data Subjects to export their data via our platform or by explicit request. If you want to export all the Personal Data that Unbabel holds from you, please follow the procedure below:
- Request data export Send us an email from the email upon which you created your Unbabel account to data-requests@stagingunbabel.wpengine.com with subject ‘Data export request’.
- Verify your identity We will send you an email to the address you used to register your account with some steps to verify your identity.
- Data export Once we confirm your identity, we will export all the Personal Data we have from you and send it by email, in a structured, commonly used and machine-readable format.
8. Other rights
In compliance with applicable data protection regulations, the Data Subjects have always the right to withdraw any provided consent upon any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Also, the Data Subjects may lodge a complaint with a relevant Data Protection Authority regarding any processing carried out by Unbabel.
9. Data Security
In the section below you can find an overview on how we enforce data security at Unbabel.
- Pseudonymization All content passing through Unbabel’s Translation Pipeline from its Clients goes through an automated pseudonymization process which removes Personal Data and restores it before delivery. No Personal Data is shared with Community. Where a translation is used for the retraining of machine learning engines, data is retrained in an anonymized format.
- Access control All access to Unbabel’s products and services is encrypted and protected by firewall. All access credentials are segregated by work-group areas, provided to staff on a need-to-know basis, and audited based on internal security heuristics.
- Two factor authentication Access to administration applications are secured by 2FA on top of standard user account authentication.
- Audits and external validation Unbabel applies internal security policies to increase penetration barriers, from digital to physical, and regularly performs information security audits by third-party vendors to validate their compliance with best practices procedures and performance.
- Encryption Data are encrypted in transit and at rest. More details on this process can be provided on request.
- NDA and security training Both all our employees and Community members are bound by NDA’s and subject to a continuous security awareness training.
10. Personal Data Breach
By data breach we mean a breach of Unbabel’s security that leads to an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed on Unbabel’s systems. We don’t consider a Personal Data breach any unsuccessful attempts or activities that do not compromise data security as unsuccessful log-in attempts, pings, port scans, denial of service attacks or other attacks on our systems.
In the event of a Personal Data breach that is likely to result in a high risk to the rights and freedoms of natural persons, Unbabel commits itself to notify all Data Subjects without undue delay after the incident discovery. Unbabel also commits itself to notify the data protection authority without undue delay and, where feasible, no later than 72 hours after having become aware of it if a breach may result in a risk to the rights and freedoms of natural persons. Finally, Unbabel shall promptly provide the Controller with reasonable cooperation and assistance in respect of a data breach, in accordance with legal and contractual obligations.
11. International Transfers
Whenever your personal data is transferred outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
12. GDPR, CCPA, and ISO 27001
Unbabel aims to comply with General Data Protection Regulation (EU Regulation 2016/679 or “GDPR”) and with the California Consumer Protection of 2018 (“CCPA”). As a result of its commitment to customer security, Unbabel has also been awarded the ISO/IEC 27001:2013 Information Security Management Certification. This Privacy Policy is a direct result of such compliance.
13. EU-U.S. Data Privacy Framework
Unbabel complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Unbabel has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission has jurisdiction over Unbabel’’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
14. Data Protection Officer
Unbabel has a Data Protection Officer (DPO), which (i) monitors compliance of data processing with applicable standards, (ii) is a point of contact with the Data Subjects to clarify questions regarding the processing of your data by Unbabel, (iii) cooperates with the data protection authority, (iv) provides advice about Unbabel’s obligations regarding privacy and data protection.
If you have any inquiries or complaints about our handling of your personal data or about our privacy practices generally, please contact us at: dpo@unbabel.com
In compliance with the EU-U.S. DPF, Unbabel commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Unbabel’s Data Protection Officer.
15. Independent Recourse mechanism for data subjects
In compliance with the EU-U.S. DPF, Unbabel commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
Per the Recourse, Enforcement and Liability Principle, if a complaint has not been resolved satisfactorily through the above redress mechanisms, data subjects can invoke binding arbitration under certain circumstances. Additional information regarding this avenue can be obtained from https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
16. Liability for Onward transfers
Unbabel shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages Unbabel causes the data subject for any breach of the third party beneficiary rights under these Clauses.
Unbabel may not invoke the conduct of a sub-processor to avoid its own liability.
17. Changes to this Policy
Unbabel reserves the right to modify this Privacy Policy from time to time, so please review it regularly. The date of its last update shall always be visible at the top.
18. Contact us
For any enquiries or requests please use the following e-mails according to subject:
- Data Protection – data-protection-officer@stagingunbabel.wpengine.com
- Data Requests – data-requests@stagingunbabel.wpengine.com
- Security – security@stagingunbabel.wpengine.com
- Technical Support – tech-support@stagingunbabel.wpengine.com
Unbabel Inc. is a U.S. based company with registered office at 595 Pacific Ave 4th floor, San Francisco, CA 94133, USA. Should you prefer, you can also contact us via this mail address.