Privacy Policy

Overview

Trust is one of the pillars on which our company was founded on. Likewise, your trust in our service is invaluable and feeling that you can trust us with your data is paramount. We are responsible for ensuring that not only the personal data from over 50.000 Unbabelers (our community of Editors, Evaluators and Annotators) are protected, but also that our clients’ data privacy and security are safe.

Glossary

  • 2FA — Two Factor Authentication means that an authentication requires a token that the user, and only the user, has on them at a given time
  • Data Controller — the entity that determines the purposes, conditions and means of the processing of personal data
  • Data Processor — the entity that processes data on behalf of the Data Controller
  • Data Protection Authority — the independent national public authority responsible for the monitoring and enforcement of the data protection regulations within the European Union
  • Data Subject — an identified or identifiable natural person whose personal data is processed by a controller or processor
  • Encryption — set of technological measures that ensure that the data is only readable by those with specified access
  • NDA — Non-Disclosure Agreement is a legal binding contract in which the parties involved can restrict the use and dissemination of information
  • Personal Data — any information related to a ‘Data Subject’, that can be used to directly or indirectly identify the Data Subject
  • Processing — any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal Data Process

Personal data

Under the light of GDPR, personal data means any information related to a ‘Data Subject’, that can be used to directly or indirectly identify the Data Subject.

Personal data processed by Unbabel

Community (Editors, Evaluators and Annotators): Unbabel uses Personal Data to connect each editor with the tasks they are more likely to achieve a better end result, such as e-mail, web and push notifications. Unbabel may use their Personal Data to communicate with its Community if there is an inaccuracy or complaint related to an assigned translated work. Unbabel may also require our Community’s payment details to perform and register payment over work provided on the platform. The following Community personal data is collected by Unbabel:

  • Email address
  • First name
  • Last name
  • Country
  • Birthdate
  • Language skills

Clients: In order to provide reporting, e-mail communications and billing to its clients, Unbabel collects the following personal data from its Clients’ accounts:

  • Email address
  • First Name
  • Last Name
  • Billing Details
  • Taxpayer number (in case of individual Clients)

Unbabel proceeds to the encryption of any personal data that may be included in the requested works (i.e.: Names, Credit Card Numbers, Social Security, e-mails, etc.).

Purposes: Unbabel will collect and use Personal Data solely for fulfilling the above specified purposes and for ancillary purposes of the same, unless it obtains the consent of the individual concerned or as required by law. Personal Data should not be further processed in a manner that is incompatible with the purpose for what it has been collected, and, to the extent necessary for those purposes, it should be accurate, complete, and up-to-date.

Personal data ownership

From Unbabel’s perspective, Personal Data is owned and controlled by the Data Subject to whom it relates.

Processors

To support the delivery of our services, Unbabel relies on service providers. Any third-party engaged by Unbabel that might have access or process data that may contain Personal Data is considered a processor. Despite the Unbabel translation pipeline was designed taking in consideration privacy and security measures, Unbabel still performs a security and privacy review of the practices of any processors before engaging with them. Below follows a list of our current processors:

  • Amazon Web Services — Cloud service provider
  • Cloudflare — Content distribution, security services and DNS services
  • Filestack — File Upload
  • FullStory — Support services
  • Google Cloud — Cloud service provider
  • Intercom — Editor’s contact manager
  • HubSpot — Marketing and analytics services
  • Juro — Contract manager
  • LogDNA — Log manager
  • MailChimp — Email services
  • Paid — Payment manager
  • Payoneer — Cloud-based Payment Services
  • PayPal — Cloud-based Payment Services
  • Pusher — Notification manager
  • Salesforce — Client relationship manager
  • Unbabel, Lda — Services provider
  • Zapier — Integration manager
  • Zendesk — Contact Manager

Contractual safeguards & due diligence for our processors: Any processor and subcontractor used by Unbabel are put under a rigorous scrutiny to assess their security, confidentiality and privacy policies. We require all our processors to have a signed Data Protection Agreement (DPA) with us, similar to the DPA that our clients sign with us, including but not limited to the requirements to:

  • process Personal Data as defined on their DPA
  • restrict data access only to trusted and legal contractually bound personnel to assure the data privacy and security
  • training ensures that personnel whom access to data that may contain Personal Data was granted, have data privacy and protection
  • implemented processes which took privacy into account throughout all their data process activities
  • inform Unbabel about any actual or potential security breach
  • cooperate with Data Protection Authorities or data controllers when enquired

Information requests

Unbabel considers that Community and Clients privacy and data security is of the utmost importance, with that in mind we do not disclose Personal Data except when necessary to provide our services or when lawfully requested by an accredited authority.

Personal data protection

All the communication involving Unbabel follows high security standards, being transported over an encrypted secure channel. In the same way, data is also encrypted at rest, meaning that data is stored within encrypted databases with appropriate level of access security.

Third-party data disclosure

Unbabel won’t sell, provide or disclose any kind of personal data. All the data we store, are kept in encrypted databases and transported in encrypted secured channels and will not be accessed for any other purpose than provisioning, maintaining and improving our services. We restrict access to personal data to a reduced, privacy protection trained staff that is bound by NDA. Unbabel only discloses data to third parties where the disclosure is absolutely necessary to provide the services that our clients requests or in response to a lawful request from an accredited authority.

Personal data breach

By data breach we mean a breach of Unbabel’s Security that leads to an accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed on Unbabel’s systems. We don’t consider a personal data breach any unsuccessful attempts or activities that do not compromise data security as unsuccessful log-in attempts, pings, port scans, denial of service attacks or other attacks on our systems. In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, Unbabel commits itself to notify all Data Subjects without undue delay after the incident discovery. Unbabel also commits itself to notify the supervisory authority without undue delay and, where feasible, no later than 72 hours after having become aware of it if a breach may result in a risk to the rights and freedoms of natural persons.

Data deletion

To maintain and improve service continuity and quality, data is deleted upon account termination or by explicit request either on our platform or by email, provided and insofar that such deletion does not prevent Unbabel or the user to comply with their legal or contractual obligations. If you want us to delete your data without accessing our platform, follow the procedure below:

  1. Request data deletion Send us an email from the email you created your Unbabel account to data-requests@unbabel.com with subject ‘Data deletion request’.
  2. Verify your identity We will send you an email to the address you registered your account with some steps to verify your identity.
  3. Data deletion Once we confirm your identity and we confirm that the request deletion does not prevent Unbabelor the user to comply with their legal or contractual obligations, we will proceed insofar with the deletion of your personal data.

Data export and portability

In compliance with GDPR, Unbabel enables data subjects to export their data via our platform or by explicit request. If you want to export all the personal data that Unbabel holds from you, please follow the procedure below:

  1. Request data export Send us an email from the email you created your Unbabel account to data-requests@unbabel.com with subject ‘Data export request’.
  2. Verify your identity We will send you an email to the address you registered your account with some steps to verify your identity.
  3. Data export Once we confirm your identity we will export all the personal data we have from you and send it by email.

Data access, rectification and restriction

Unbabel allows their users to access and rectify their personal data and also to restrict the processing of their personal data in their user’s profile. If you want to rectify or restrict the processing of the personal data that Unbabel holds from you without accessing our platform, follow the procedure below:

  1. Request data rectification or restriction Send us an email from the email you created your Unbabel account to data-requests@unbabel.com with subject ‘Data rectification/restriction request’, specifying the rectification/restriction you want us to do. Please note that if you restrict the process of data that we absolutely need to manage your account, we will have to terminate your account.
  2. Verify your identity We will send you an email to the address you registered your account with some steps to verify your identity.
  3. Data rectification/restriction Once we confirm your identity we will proceed with the rectification/restriction of your personal data.

Data security

In the section below we can find an overview on how we enforce data security at Unbabel.

  • Pseudonymization All content passing through Unbabel’s Translation Pipeline from its clients goes through an automated pseudonymization process which removes sensitive, personally-identifiable data (credit cards, social security numbers, URLs and email addresses, etc.) and restores it before delivery. No personal data is shared with the Unbabel or Staff.
  • Access control All access to Unbabel products and services is encrypted and protected by firewall. All access credentials are segregated by work-group areas, provided on a need-to-know basis, and audited based on internal security heuristics.
  • Two factor authentication Access to administration applications are secured by 2FA on top of standard user account authentication.
  • Audits and external validation Unbabel applies internal security policies to increase penetration barriers, from digital to physical, and regularly performs information security audits by third-party vendors to validate its compliance with best practices procedures and performance.
  • Encryption Data is encrypted in transit and at rest. More details on this process can be provided on request.
  • Non-disclosure agreement and security training All our Community members and employees are bound by NDA and subject to a continuous security awareness training.

EU-US Privacy Shield

Privacy shield is a framework for transatlantic exchanges of personal data for commercial purposes that protect the fundamental rights of individuals where their data is transferred to the United States and ensure legal certainty for businesses. Certification Unbabel complies and is certified with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union to the United States. Unbabel has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

GDPR

As of May 25th, 2018 Unbabel is GDPR compliant.

Contact us

For any enquiries or requests please use the following e-mails according to subject: Subject/E-mail address

Facebook Instagram LinkedIn Twitter YouTube Dribbble GitHub Menu Toggle