Terms & Conditions
The European Union (EU) has introduced the General Data Protection Regulation 2016/679 (“GDPR”), which is a new privacy regulation containing security and privacy requirements to fully protect data belonging to EU based individuals.
GDPR was adopted by the European Parliament in April 2016 and goes into effect on May 25, 2018.
GDPR is applicable for companies based in and out of the EU where data collection and personal data handling from EU-based individuals is in play. Any information which can be used on its own or with other information to locate, contact or identify a single person such as names, identification numbers, online identifiers, location data, or any other factors specific to the individual’s genetic, physical, mental, physiological, cultural, economic, or social identity is considered to be Personally Identifiable Information (PII).
In order to be in compliance with GDPR, any company handling or collecting PII. I pertaining to EU-based individuals needs to ensure their data management protocol adheres to all requirements detailed within GDPR.
Included in the requirements for GDPR are cross-border data flow mechanisms, technical/operational security measures, notice & consent, accountability and data minimization.
For over a year, Protranslating has been re-addressing security at all levels to account for broad changes. The company has carefully assessed all relevant GDPR details, and has ensured they have been appropriately matched with the company’s privacy roadmap and security policies and controls. The company has made the decision to offer the same level of compliance for any user, regardless of their nationality or place of residence, in anticipation of GDPR spreading globally. The company currently holds a SOC2 Type II report and is pursuing ISO 27001/27002 Certifications as part of their commitment to data privacy and security.
Protranslating’s technology and service offerings have pre-established privacy and security features already in place, putting our customers in control. Protranslating’s commitment is to help customers, regardless of location or nationality, maintain stringent controls and accountability for all online and offline offerings through which customer’s personal data may be attainable.
Protranslating’s Cloud-based offering relies on industry-leading partners and data providers, each with SOC 2 reports that are re-issued on an annual basis. Data protection is managed throughout the entire data lifecycle, and our commitment is to continuously improve on data handling throughout our existence as a service provider.
As needed, please contact your Protranslating representative for further clarification.
Disclaimer: This document must not be used as legal advice about any law or regulation. To understand the GDPR, customers must seek their own legal counsel. Copyright © 2018, Protranslating.
Protranslating.com (“Company” or “We“) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit our corporate website www.protranslating.com and our portal portal.protranslating.com (our “Website“) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
It does not apply to information collected by:
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: [email protected]
III. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from and about users of our Website, including information:
We collect this information:
You also may provide information to be published or displayed (hereinafter, “posted“) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions“). Your User Contributions are posted on and transmitted to others at your own risk.
We also may use these technologies to collect information about your online activities on our corporate website (www.protranslating.com) over time and across third-party websites or other online services (behavioral tracking). You may opt out of behavioral tracking on this website by responding to the full site takeover when you first land.
The information we collect automatically may include personal information or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
The technologies we use for this automatic data collection may include:
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
We use information that we collect about you or that you provide to us, including any personal information:
If you chose to opt-in to receive marketing materials from us, possibly when you filled our “contact us” form on our corporate website (www.protranslating.com), be aware that we may use your information to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box to opt-out located on the “contact us” form on our website or at the bottom of any marketing emails you may receive from us. You can also opt-out by sending an email to [email protected]
Legal bases for processing (For EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may also disclose your personal information:
VII. CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
VIII. ACCESSING AND CORRECTING YOUR INFORMATION
We do our best to respect your privacy rights and provide you access and control over your data. You may make any of the following requests regarding your data by contacting us at [email protected]:
Be advised that we use a differential backup system; this means that we cannot delete your specific information from our inactive backups. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.
If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website users. Proper access and use of information provided on the Website, including User Contributions, is governed by our Terms & Conditions.
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: 2850 Douglas Rd., Coral Gables, Florida 33134.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on secure servers behind firewalls. Any payment transactions and all sensitive personal data, will be encrypted using commercially reasonable technology.
We classify your information, but we require your assistance to most capably protect your data. We will ask you to mark data as (1) Unclassified, (2) Confidential, or (3) Sensitive, depending on your classification of any data you submit to us. If you believe that data you send to us contains personal data or other sensitive information, you must notify us by marking that information as Sensitive.
When classifying your data, you should consider the following definitions:
Your data is processed in our system as either Confidential or Restricted, depending on your classification. If you fail to classify your data, we will consider that data Confidential. Both Unclassified and Confidential data is Unrestricted. Our secure portal uses commercially reasonable technologies, processes and procedures to maintain the confidentiality, integrity, and availability of all Confidential and Restricted data. While we still make commercially reasonable efforts to protect Unrestricted data, such data is not subject to our most expensive and stringent controls.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
XII. CONTACT INFORMATION
Terms & Conditions
Last Modified: May 11, 2018
Acceptance of the Terms & Conditions
These Terms & Conditions are entered into by and between You and Professional Translation Services, Inc., doing business as Protranslating (“Company“, “we” or “us“). The following terms and conditions, together with any documents they expressly incorporate by reference (collectively, these “Terms & Conditions”), govern your access to and use of Protranslating.com, including any content, functionality and services offered on or through www.protranslating.com and portal.protranslating.com (the “Website“), whether as a guest or a registered user. In order to request and obtain our translation and localization services (our “Services”), you must agree to these Terms & Conditions.
This Website is offered and available to users who are 18 years of age or older, competent to enter into contracts, and authorized to provide us with all necessary information to perform any Services you request from us. By using this Website, you represent and warrant that you are of legal age to form a binding contract with the Company and meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use the Website.
Changes to the Terms & Conditions
We may revise and update these Terms & Conditions from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website thereafter. However, if you have a registered account with us, you will be given an opportunity to stop accessing and using the Website if you do not agree to our revisions or updates. Additionally, any changes to the dispute resolution provisions set forth in Governing Law and Jurisdiction will not apply to any disputes for which the parties have actual notice on or prior to the date the change is posted on the Website.
Your continued use of the Website following the posting of revised Terms & Conditions means that you accept and agree to the changes. You are expected to check this page from time to time so you are aware of any changes, as they are binding on you. However, we will make commercially reasonable efforts to notify you of any material changes if you are a registered user of the Website.
Accessing the Website and Account Security
We reserve the right to withdraw or amend this Website, and any service or material we provide on the Website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Website, or the entire Website, to users, including registered users.
You are responsible for:
If you choose, or are provided with, a user name, password or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
We have the right to disable any user name, password or other identifier, whether chosen by you or provided by us, at any time if, in our opinion, you have violated any provision of these Terms & Conditions.
Intellectual Property Rights
The Website and its entire contents, features and functionality (including but not limited to all information, software, text, displays, images, video and audio, and the design, selection and arrangement thereof), are owned by the Company, its licensors or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.
The Company name, the Company logo and all related names, logos, product and service names, designs and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs and slogans on this Website are the trademarks of their respective owners.
You may use the Website only for lawful purposes and in accordance with these Terms & Conditions. You agree not to use the Website:
Additionally, you agree not to:
The Website includes access to your customer portal, which contains chat functionality, file upload and download systems, and access to our Services, and may include other interactive features (collectively, “Interactive Services“) that allow users to post, submit, publish, display or transmit to other users or other persons (hereinafter, “post“) content or materials (collectively, “User Data“) on or through the Website, including User Data you ask us to translate or localize.
All User Data must comply with the Data Classification & Content Standards set out in these Terms & Conditions.
Any User Contribution you post to the site will be considered non-confidential and non-proprietary unless you properly comply with the Data Classification & Consent Standards set forth below. By providing any User Contribution on the Website, you grant us and our affiliates and service providers, and each of their and our respective licensees, successors and assigns the right to use, reproduce, modify, perform, display, distribute and otherwise disclose to third parties any such material for the purpose of providing you with any requested Services.
You represent and warrant that:
You understand and acknowledge that you are responsible for any User Data you submit or contribute, and you, not the Company, have fully responsibility for such content, including its legality, reliability, accuracy and appropriateness.
We are not responsible, or liable to any third party, for the content or accuracy of any User Data posted by you or any other user of the Website.
Monitoring and Enforcement; Termination
We have the right to:
Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone posting any materials on or through the Website. YOU WAIVE AND HOLD HARMLESS THE COMPANY AND ITS AFFILIATES, LICENSEES AND SERVICE PROVIDERS FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY ANY OF THE FOREGOING PARTIES DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER SUCH PARTIES OR LAW ENFORCEMENT AUTHORITIES.
However, we cannot review all material before it is posted on the Website, and cannot ensure prompt removal of objectionable material after it has been posted. Accordingly, we assume no liability for any action or inaction regarding transmissions, communications or content provided by any user or third party. We have no liability or responsibility to anyone for performance or nonperformance of the activities described in this section.
Data Classification & Content Standards
These data classification and content standards apply to any and all User Data and use of Interactive Services, including our translation Services. User Data must in their entirety comply with all applicable federal, state, local and international laws and regulations. Without limiting the foregoing, User Data must not:
Your data is processed in our system as either Unrestricted or Restricted, depending on your classification. If you fail to classify your data, we will consider that data Unrestricted. Both Unclassified and Confidential data is Unrestricted. Sensitive data is Restricted. Our secure portal uses commercially reasonable technologies, processes and procedures to maintain the confidentiality, integrity, and availability of all Confidential and Restricted data. While we still make commercially reasonable efforts to protect Unrestricted data, such data is not subject to our most expensive and stringent controls.
You must properly classify your data as required under these Terms & Conditions for us to leverage our technical and organizational measures designed to protect the confidentiality, integrity, and availability of your User Data. If you do not use portal.protranslating.com to send us User Data, we make no guarantees or warranties related to the security or safety of such improperly submitted User Data. To request access to portal.protranslating.com please write to us at [email protected].
Changes to the Website
We may update the content on this Website from time to time, but its content is not necessarily complete or up-to-date. Any of the material on the Website may be out of date at any given time, and we are under no obligation to update such material.
Information About You and Your Visits to the Website
Linking to the Website and Social Media Features
You may link to our homepage, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part without our express written consent.
This Website may provide certain social media features that enable you to:
You may use these features solely as they are provided by us, solely with respect to the content they are displayed with, and otherwise in accordance with any additional terms and conditions we provide with respect to such features. Subject to the foregoing, you must not:
You agree to cooperate with us in causing any unauthorized framing or linking immediately to cease. We reserve the right to withdraw linking permission without notice.
We may disable all or any social media features and any links at any time without notice in our discretion.
Links from the Website
If the Website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. This includes links contained in advertisements, including banner advertisements and sponsored links, if applicable. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to this Website, you do so entirely at your own risk and subject to the terms and conditions of use for such websites.
The owner of the Website is based in the state of Florida in the United States. We provide this Website for use only by persons located in the United States and any other location where accessing this Website is legal. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws, except for laws relating to privacy rights and responsibilities, including the GDPR.
You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Website will be free of viruses or other destructive code, except for files that Protranslating has provided for you to download using our Restricted security option via our Portal. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to our site for any reconstruction of any lost data. WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.
YOUR USE OF THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
Limitation on Liability
IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE.
THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
You agree to defend, indemnify and hold harmless the Company, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of these Terms & Conditions or your use of the Website, including, but not limited to, your User Data, any use of the Website’s content, services and products other than as expressly authorized in these Terms & Conditions or your use of any information obtained from the Website.
Governing Law and Jurisdiction
All matters relating to the Website and these Terms & Conditions and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of Florida without giving effect to any choice or conflict of law provision or rule (whether of the State of Florida or any other jurisdiction).
Any legal suit, action or proceeding arising out of, or related to, these Terms & Conditions or the Website shall be instituted exclusively in the federal courts of the United States or the courts of the State of Florida in each case located in the City of Miami and County of Miami-Dade although we retain the right to bring any suit, action or proceeding against you for breach of these Terms & Conditions in your country of residence or any other relevant country. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.
Waiver and Severability
No waiver of by the Company of any term or condition set forth in these Terms & Conditions shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms & Conditions shall not constitute a waiver of such right or provision.
If any provision of these Terms & Conditions is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms & Conditions will continue in full force and effect.
Your Comments and Concerns
This website is operated by Professional Translation Services, Inc. located at 2850 Douglas Rd., Coral Gables, FL 33134.
All other feedback, comments, requests for technical support and other communications relating to the Website should be directed to: [email protected]
According to standard definitions, an Information Security Policy is a set of rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority. Attaining this goal involves setting up an Information Security Policy for the organization and ensuring its adherence. This policy should cover things like acceptable uses of technology, risk reviews at a senior level, operational security procedures, and other general administrative tasks.
An ISP is governing the protection of information, which is an asset the organization needs to protect. Information may be printed, written, spoken, visually explained. In addition, it can be mailed, sent electronically, visually or verbally transmitted. Information should be appropriately secured regardless of its nature, transmission or storage.
The organization has implemented the ISP with the goal of identifying, assessing and taking steps to avoid or to mitigate risk to Protranslating information assets. Information security is achieved by implementing a suitable set of controls, including policies, organizational structures and software and hardware functions. These controls are established, implemented, monitored and controlled to ensure that the specific security and business objectives of the organization are met. Such is executed in conjunction with the 9001 Quality Management System (QMS) processes implemented by the organization.
To implement and properly maintain a robust information security function, the organization recognizes the importance of:
This policy and all related documentation apply to all information, information systems, networks, applications, locations and users of Protranslating or external providers.
The Management Team, including the VP of Technology, have established an 07F18 Security Management Structuredocument. The Security Management Team has the following responsibilities and authority assigned:
Information security responsibilities are clearly defined, maintained and communicated. These responsibilities include the security of Protranslating information assets and information technology that are accessed, processed, communicated to, or managed by external parties.
The Information Security Policy has been established, documented and is maintained with the purpose of continuous improvement and assurance that the organization’s information is secure. Within the Information Security Policy, roles and responsibilities have been defined and assigned to specific individuals or groups within its organization.
Information Security Steering Group (ISSG): Responsible for information security in the organization to reduce risk exposure and ensure the organization’s activities do not introduce undue risk. The group is responsible for ensuring compliance with established security policies, processes and security initiatives, and with state and federal regulations.
Information Security Officer (ISO): Responsible for information security at the business level, for reducing risk exposure, drafting policies and for ensuring the organization’s activities do not introduce undue risk to the enterprise. The ISO is responsible for ensuring compliance and adherence to this policy.
Information Asset Owner (IAO): Responsible for approving decisions regarding controls and access privileges, performing periodic reclassification and ensuring regular reviews for value and updates to manage changes to risk.
User: Responsible for complying with the provisions of policies and procedures.
The table below uses the RACI (R= Responsible A= Accountable C= Consulted I= Informed) model, for identifying roles and responsibilities during an organizational change process
|Area of Responsibility||ISSG||ISO||IAO||User|
|Establish the Information Security Program (ISP)||A||R||C||N/A|
|Implement and Operate the ISP||A||R||C||N/A|
|Monitor and Review the ISP||A/R||R||C||N/A|
|Maintain and Improve the ISP||A/R||R||C||N/A|
|Provision of Resources||A/R||C||I||N/A|
|Training, Awareness and Competence||A/R||R||C||I|
|Internal ISP Audits||A/R||R||C||I|
|Storage of Source Code||N/A||R||N/A||N/A|
Managers: Managers ensure employees are aware of the relevance and importance of their activities and how they contribute to the achievement of information security objectives. They also ensure that employees are aware of and comply with all information security policies and procedures of the organization relevant to their role.
IT Team: The team is responsible of the following areas related to information security:
The organization has defined the expectation and principles relating to how system setup and credential privileges should be managed. User accounts and privileges shall be managed correctly to ensure authorized user access to information systems is possible while unauthorized access is not, such as but not limited to:
The IT Team has established procedures to ensure a consistent and effective approach to the management of information security incidents and IT requests, including communication on security events and weaknesses. It enables the efficient and effective management of information security incidents by providing structure for the reporting and management of such incidents.
Information security incidents and IT requests shall be reported promptly and responded to in a quick, effective and orderly manner in order to reduce the negative effect of incidents, to repair damage and to mitigate future risks. Tickets are to be submitted to IT Help Desk IAW 07P08 IT Service Desk SOP.
Weekly reports will be generated by the IT Service Desk system for all tickets labeled ‘security’. Trends will be analyzed to determine if any discernible patterns require further investigation.
The IT team has daily meetings where, if necessary, post-mortem and trend analysis is discussed. Any serious incidents should be recorded in the Non-Conformance log, and a CAR may be originated IAW 10P01 Corrective Action Request SOP, if deemed necessary.
Protranslating has deployed a change management process in order to prevent unintended service disruptions and to maintain the integrity of all company services. There is segregation of duties, and all requests go through a workflow process consisting of request, approval, implementation and review IAW 07P08 IT Service Desk SOP. Rollback procedures are documented in case there is a need to go back to a previous state, even though change plans are related to minimal marketable features (MMF) most of the time. Layers of authorization and logging exist so that production changes are controlled and monitored. Only authorized engineers are able to login to central configuration management machines from where production changes can be applied. Protranslating communicates to different stakeholders when the services might be adversely affected.
Risk assessments will identify, quantify and prioritize threats that may become relevant to the organization. The results will guide and determine appropriate organization action and priorities for managing information security risks and for implementing controls needed to protect information assets.
Risk management will include the following steps:
Details of our selected controls and how they have been implemented and measured are considered confidential information and restricted to Protranslating. The following sections have been removed to make this document available to the public: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance
Effective Date: January 1, 2020
Last Reviewed on: January 31, 2020
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, Protranslating’s Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
Protranslating obtains the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
Protranslating will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
Protranslating may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category H: Sensory data.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties:
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Protranslating disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that Protranslating delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time. We currently do not provide financial incentives.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: Protranslating, 2850 Douglas Rd., Coral Gables, FL 33134.
Changes to Our Privacy Notice
Protranslating reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Email: [email protected]
2850 Douglas Rd.
Coral Gables, FL 33134