LSI follows the Privacy by Design concept and has implemented comprehensive data protection controls based on the following principles:
- Data minimization (we only collect data that is absolutely necessary to conduct our business).
- Access restriction (we only grant data access to those who need to know).
As your language service provider, our role encompasses the following:
We are a data controller: The data we collect and hold from you includes your name, company name, address, contact information, and billing records. Collecting and holding this information is necessary for us to provide you with our language-conversion service. We do not use your data for any other purpose.
We are a data processor: The data we collect and hold from you in the form of source material entrusted to us for language-conversion purposes may/may not include personal identifiable data. Collecting and holding this data is necessary for us to provide you with our language-conversion service. We do not use this data for any other purpose.
We use data sub-processors: The source material we collect and hold from you is submitted to our linguists and external language service providers (LSPs) for language-conversion. Submitting source material to our linguists and LSPs is necessary so the language-conversion tasks can be carried out. We do not submit your source material to any other third party or for any other purpose. Our linguists and LSPs have been carefully vetted, and they have signed a comprehensive Non-Disclosure Agreement (NDA) to protect the data entrusted to them for language-conversion.
Please note: We can customize every aspect of the data flow according to your data privacy preferences and as warranted by the content of the material. When placing an order with us, please make sure you discuss your data security requirements with your LSI Account Manager.
Rights of European Union Clients
Under the General Data Protection Regulation (GDPR), as a European Union resident, you have the following data privacy rights:
- Opt-in consent: When you complete our project agreement (1) or an email marketing opt-in form (2), you understand and acknowledge that we may collect and hold your data for the purpose of communicating with you about your project (1) or about LSI services or offers (2).
- Right to access and data portability: You may request from us a copy of your data.
- Right to rectification/correction: You may request from us correction of your data.
- Right to erasure/right to be forgotten: You may request from us erasure of your data, as permissible by law.
- Right to breach notification: You have a right to be notified by us within 72 hours of a data breach we deem may pose a risk to your rights and freedoms as an individual.
- Right to launch a complaint: You have the right to launch a complaint with your local supervisory authority, if you believe our handling of your data poses a risk to your rights and freedoms as an individual.
Data Security Best-Practices
When your project enters our production process and data processing chain, we require all of our processors to maintain the confidentiality of the data and to follow basic data security best-practices to safeguard the data from unauthorized access and accidental destruction or loss. Basic data security best-practices include the following:
Access control – making sure unauthorized third parties do not have access to the data.
Password protection – making sure the electronic devices where the data is processed and stored are password-protected.
Anti-virus/anti-malware protection – making sure the electronic devices where the data is processed and stored have anti-virus and anti-malware protection.
Clear desk/clear screen policy – making sure that data is not left out in the open for others to see. We recommend a screen/application timeout so that the data is obscured, should a processor step away from their desk unexpectedly, without fully shutting down their device.
Information transfer – making sure that processors observe the data transfer directives we may give them as part of the assignment (for example, not to use regular email).
Data retention/deletion – making sure that processors observe the data retention/deletion directives we may give them as part of the assignment (for example, delete data after task completion).
Incident reporting – making sure our processors are required to let us know immediately of an incident that could compromise the confidentiality and integrity of the data.
View and Update Your Data
We hold your data in our secure and access-restricted LSI databases. You can request access to your data by contacting your LSI account manager, or by sending an email to ClientService@Linguist.com, or by calling us at 1 (617) 528-7410.