SDL PRIVACY NOTICE
This Privacy Notice explains why and how SDL PLC and its subsidiaries (“SDL” or “we” together or individually as applicable) processes the personal data we receive over our websites, through Applications and software, through our online services, when we provide services such as support, when we license our products, when we handle enquires about our products and services and any other means, such as, for example, when we obtain your data at a trade show. These are all the situations where SDL is the Data Controller.
SDL is an international group of companies which operate together to provide our products and services. This Privacy Notice applies to all SDL companies. Details of the individual companies are available at SDL Companies.
SDL’s objective when processing any personal data is safeguarding the individual’s privacy. This Privacy Notice is designed to provide transparency on how we process your personal data and enable you to exercise the control available to you.
The SDL Group of companies comply with applicable law. This includes but is not limited to the General Data Protection Regulation in the European Union and the California Consumer Privacy Act in California, so far as they apply to our activity. Our obligations and your rights under this legislation is explained in this Notice.
1. Applicability and Acceptance
This Privacy Notice applies in all our interactions with you when we collect and process your Personal Data:
- When you first visit a SDL website a Privacy message appears informing you SDL will process your personal data. By continuing to use the SDL website you have agreed to SDL processing your personal data and have agreed to the terms of this Privacy Notice, a link to which is provided on the SDL website.
- In all other activity when collecting your personal data we will notify you, provide a link to this Privacy Notice, then you providing your personal data or your continuation to use the SDL service, or your otherwise continuing with an activity, is confirmation that you have read and understood this Privacy Notice. Examples of these activities are when you complete a contact form, create an SDL account or complete a registration form for a Webinar or enter a competition or when you download documents or media files, or shared by you from other social applications, services or websites.
This Privacy Notice does not apply to our shareholder’s personal data, our employees or job applicant’s personal data or our processing when SDL is engaged as a Data Processor or Sub-Data Processor by our customers.
Children under the age of 13 may visit our websites to use our free translation website (SDL freetranslation.com) or our Managed Translation service.
Children you must ask your parent or guardian's permission before you give any personal data or information to us by entering it into forms on our website, or entering it into one of our translation services. Personal information is your name, address, age, telephone numbers, email address and other information which is special to you. If you do not have your parent or guardian's permission you are not allowed to provide us with personal information.
All other SDL websites are not intended for children and SDL does not intentionally collect personal data from children. If we discover we have collected personal data from a child we will delete the information as soon as possible. If you have any concerns please contact email@example.com.
3. Personal Data
Personal Data is data you would recognise such as your name, date of birth and address but also any data from which you can be personally identified.
This list describes the types of data we collect from you and process:
- email address, phone number, telephone number, title/role and IP address to enable us to interact with you in a sales process or when we are providing support;
- data we use to verify your identity username, passwords and answers to any security questions;
- depending on the services you use: financial information, such as bank account details, Payment Card Details, billing and other information you provide to purchase a product or services and content you generate or that relates to your account; and
The above list is not exhaustive but gives you a general picture. If we have to ask you to provide more Personal Data we will explain why when we ask for it.
We may receive information about you from other sources:
- We work with third parties, (for example, payment services providers, credit agencies, sub-contractors in technical services and marketing companies or organisations) and may receive Personal Data from them about you.
- Through marketing initiatives we may receive your personal data from a business or social contact.
- Our Partners which could include Resellers or entities we enter into OEM agreements with, will collect Personal Data from their customers which they pass to SDL to enable SDL to license software to their customers and for SDL to provide support and maintenance.
4. Why we collect your Personal Data and the lawful basis for our processing?
SDL processes your Personal Data either to perform our contractual obligations with you or for legitimate interests associated with the delivery of our business, including sale of products and provision of the services (both free of charge and charged). We may also specifically ask for your consent for processing of your Personal Data in some cases. The table below describes our processing and explains the lawful basis we rely upon to process your data:
|To provide you with information on products and services that you request from us and provide further information. This information can be provided by Live Chat and other communication methods as described below.||SDL considers this is necessary for our legitimate interest of responding to your enquiry and providing details of our products and services.|
|To receive your personal data from a business or social contact who considers you may be interested in our products or services.||SDL considers this is necessary for our legitimate interest of contacting you to enquire if you would be interested in receiving details of our products and services.|
|To enable you to partake in SDL Communities activity.||SDL will ask for your consent to process your Personal Data for this purpose. You can withdraw your consent at any time.|
|To enable you to partake in other activity on our websites.||SDL considers this is necessary for our legitimate interest of enabling you to benefit from additional services we offer. When this occurs you will be informed and can decline such offer or withdraw at any time.|
|To enable you to partake in SDL Certification programmes on our websites, including publication of your certification.||SDL will ask for your consent to process your Personal Data for this purpose. You can withdraw your consent at any time.|
|If you enter into a contract with SDL to receive products or services to enable SDL to fulfil our obligations to you, bill you and process the payment.||SDL will process your Personal Data which is necessary to perform the contract including the provision of support and maintenance if applicable.|
|When you enter into a specific support and maintenance agreement with SDL. SDL has the autonomy to determine the manner in which personal data is processed and is responsible for controlling how such personal data is processed in order to fulfil its obligations under the agreement.||If SDL has a contract with you to provide support and maintenance we will process such personal data as is necessary to perform the contract.|
|If you enter into a contract with SDL to provide products or services to SDL to fulfil our obligations to you, pay you and process the payment.||SDL will process such Personal Data as is necessary to perform the contract.|
|Provide an enhanced and personalised user experience when visiting our websites to ensure that content from our site is fully accessible and presented effectively for your computer and you.||SDL considers this is necessary for our legitimate interest of providing you with enhanced and personalised service to provide you with pertinent information.|
|Provide you with information by post, telephone, fax, SMS or by email about other goods and services we offer that are similar to those that you have already purchased or enquired about.||SDL relies upon our right to direct market to you in these circumstances. We provide you with the option to unsubscribe from this service at any time.|
|Administer your user account and keep you informed about changes or developments to the websites.||SDL considers this is necessary for our legitimate interest of responding to your enquiry and providing details of changes to our websites.|
|Administer any correspondence with you or complaints you make.||SDL considers this is necessary for our legitimate interest of responding to your correspondence or complaint.|
|Receive Personal Data of users of our software from Partners etc. for the purpose of licensing our software and/or providing support and maintenance||
Where SDL enters into a contract directly with the end user SDL will process such Personal Data as is necessary to perform the contract.
If SDL does not have a direct relationship with the end user then SDL considers we have a legitimate interest in processing the user’s Personal Data to enable their use of our software and protection of SDL’s intellectual property.
SDL uses the Personal Data we automatically collect to:
- Enable you to participate in interactive features of our sites;
- Ensure that content is presented in the most effective manner for you and for your computer;
- Maintain the security of our sites and services;
- Deliver relevant advertising to you about our products and services and measure the effectiveness of our marketing; and
- Administer our sites through data analysis, testing and support.
SDL considers this automatic processing of your data lawful and consistent with our legitimate interest to administer our site and provide you with relevant information about our products and services.
5. If your use of our Products or interaction with SDL is as an employee or consultant of a SDL customer
If you use SDL products licensed to your employer, or organisation you are engaged by, or use an email address provided by the organisation you will be identified in our records as affiliated with that organisation. Similarly if your organisation obtains services from SDL such as support and maintenance or localisation services and you are a point of contact for your employer, your records will be affiliated with that organisation. Your use of the products or services will be subject to that organisation’s policies and the contract between your organisation and SDL. Other users in your organisation or authorised third parties may monitor some or all of your activity with the products and services, configure the product including security and privacy settings and access any data you enter. All privacy questions in respect of the products and services licensed to your organisation ought to be directed to the organisation.
If we have a contract to provide support and maintenance to an organisation of which you are an employee, or you are engaged by such company as a consultant, the organisation can provide your personal data so far as necessary for us to interact with you for the purposes of the services we are providing. We consider we have a legitimate interest in processing your data for this purpose. In the event of any conflict between this Privacy Notice and any contract or Data Processing Agreement (“Agreements”) between SDL and a customer the terms of the Agreements will prevail.
7. Who will have access to your Personal Data and who do we share it with?
Within the SDL Group of companies:
Your personal data will be processed by our staff in the SDL group of companies which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, to complete the purposes for which we collect your data.
Outside the SDL Group of companies: We may share your Personal Data with these third parties:
- Partners etc. appointed in countries in which SDL does not have offices, who sell our products. If we identify you are logging into our website from such a country we will pass your personal data to our Partner etc. to provide you with an ability to obtain information about our products;
- Industry or solution specialist Partners etc. appointed by SDL to sell our products in an industry sector or as a total solution. If we identify you are involved in or interested in an industry sector or in a total solution offering we will pass your personal data to our Reseller or OEM partner who may contact you to provide you with details etc. about our products and their services;
- Organisations such as agents or sub-contractors with which we engage to perform functions on our behalf, such as sending customer communications, analysing data, providing marketing assistance, processing payments and providing customer service. These organisations will have access to Personal Data needed to perform their functions, but may not use it for any other purposes;
- Internet telephony service providers, hosting centre providers or providers of SAAS such as Microsoft or any other provider of IT services or applications ancillary to the Service which SDL offers or use in the ordinary course of our business;
- If SDL sells any business or assets, we may disclose your Personal Data to the prospective buyer of such business or assets and your Personal Data may be one of the transferred assets;
- If SDL is acquired by a third party, your Personal Data will be one of the transferred assets;
- To any other business entity into which SDL enters into a joint venture or other arrangement;
- To address security or technical issues;
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation, or in order to enforce or apply our legal rights. This includes exchanging information with other companies and organisations for the purposes of fraud protection or credit risk reduction; and
- Law enforcement or regulatory agencies, if required to do so by law, or by an order of a Court.
We will not otherwise share or distribute any of the information you provide to us without your consent.
We will not sell, trade or rent Personal Data to unaffiliated third parties except if we have obtained your express permission.
Our site may contain links to other websites that are outside our control and are not covered by this Privacy Notice. If you access other websites using the links provided, the operators of those websites may collect information from you which will be used by them in accordance with their applicable policies, which may differ from ours.
8. International Transfers
The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the country you are resident in or the country in which you provided it to us. It may be processed by staff operating in another country who work for SDL or for one of our suppliers. By submitting your information, you agree to this transfer, storing and or processing. We will take all steps reasonably necessary to ensure that your information is processed securely.
In particular for citizens of the European Union (“EU”), European Economic Area ("EEA") and United Kingdom (“UK”). The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the EU, EEA or UK. It may also be processed by staff operating outside the EU, EEA and UK who work for us or for one of our suppliers. By submitting your information, you agree to this transfer, storing and or processing. We will take all steps reasonably necessary to ensure that your information is processed securely.
A copy of the applicable documentation ensuring the necessary safeguards, where required, can be obtained from SDL using the Contact details below.
9. How long do we keep your data?
We will retain your information for various different periods of time, depending upon our relationship with you and the purposes for which we have collected your data. We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
However, if you wish to have your Personal Data removed from our databases, you can make a request using the Contact details below.
10. Your rights
You are in control of the Personal Data SDL processes and you can:
- Withdraw your consent if SDL has obtained your consent to processing your Personal Data at any time;
- Request confirmation your Personal Data is being processed and a copy of the Personal Data being processed. SDL will respond to any request to the extent required by law and may charge a reasonable fee as provided by applicable law;
- Obtain rectification of any inaccurate Personal Data;
- Obtain the erasure of any Personal Data as provided by applicable law and SDL will erase unless required or entitled to preserve the Personal Data;
- Request SDL to temporarily restrict its processing of your Personal Data while we are investigating a complaint you have;
- Object to processing by SDL as provided by applicable law including profiling of you; and
- Object to your Personal Data being used for direct marketing services to you.
If you believe that Personal Data we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it or you want SDL to stop processing your Personal Data you can inform us of your request by either:
- Using the SDL Preference Centre available at https://info.sdl.com/preferences.html. you will be able to change your own preferences and details in respect of marketing communications.
- Contacting your normal contact at SDL.
- Emailing your request to firstname.lastname@example.org
We will comply with all lawful requests but can refuse such requests in certain circumstances which you will be informed of if they apply.
There are some circumstances where SDL may be a Joint Controller of your personal data with another Data Controller, such as, for example, where we are working with a Partner etc. Where SDL is a Joint Controller we will be responsible for the Personal Data we hold and process. In respect of the Personal Data SDL holds you can exercise the rights we have explained above, such as requesting deletion etc., by asking SDL using the contract details below. If you wish to exercise your rights against the other Joint Controller you may do so by contacting them.
11. How SDL protects your information
- SDL ensures that its Privacy Notice is in compliance with all applicable privacy laws and regulations.
- SDL complies with the EU-US Privacy Shield and Swiss-US Privacy Shield as set by the U.S Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, Switzerland and United Kingdom. SDL INC. has certified that it adheres to the EU-US and Swiss-US Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the EU-US and Swiss-US Privacy Shield program and to view SDL INC’s certification, please visit https://www.privacyshield.gov/list. Please see our specific Privacy Shield notices at https://www.sdl.com/about/privacy/
- SDL and its subcontractors will maintain appropriate security procedures and practices to safeguard the product and your data against unauthorized access and to maintain the confidentiality of your data in accordance with the applicable law. We employ strict physical, electronic and administrative security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both on-line and off-line. The data is encrypted when in transit between your device and the SDL system and our products are hosted in third party data centres with industry leading security.
- The Internet is an inherently open and insecure means of communication, any data a user transmits over the Internet may be susceptible to interception and alteration. SDL makes no guarantee regarding, and assumes no liability for, the security and integrity of any data you transmit over the Internet, including any data transmitted via any server designated as "secure". You should not have an expectation of privacy in any content, including accounts of files transmitted through the internet.
No website can be completely secure. If you have concerns your Sdl.com account may have been compromised please contact SDL using the Contact information below.
12. California Consumer Privacy Act
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
As the SDL Group of companies are an international group of companies it is necessary for us to have the ability to be able to process personal data in our offices throughout the world. Consequently, any personal data we collect may be disclosed for our business purposes to those of our worldwide companies as required. All processing, wherever it takes place, is undertaken utilising appropriate security and organisational measures. We may engage third party organisations to perform specific processing activities on behalf of an SDL company. Personal data is not sold to such organisations and we ensure appropriate security and organisational measures are utilised.
SDL confirms we do not sell any personal data we collect to third parties.
We have explained in section 9 above how you can exercise your rights and in section 15 below we explain how you can contact us. In addition to the rights in Section 9 above a California resident may also:
- Request disclosure of personal information sold or disclosed for a business purpose.
- Not face discrimination for exercising a right under the CCPA.
- Opt out of the sale of personal information, (as explained above SDL does not sell personal information).
13. Changes to our Privacy Notice
14. Governing Law and Jurisdiction
If you are unhappy with the way SDL is processing your Personal Data please contact either the centralised privacy response (email@example.com). You may wish to contact an individual SDL company but please be aware all responses are handled centrally through firstname.lastname@example.org.
In the EU and EEA countries and other countries you have the right to lodge a complaint with the relevant Supervisory Authority responsible for overseeing the processing of Personal Data. In the list of SDL Companies are details of the relevant Supervisory Authorities for each of our companies.
If you have any questions, comments or concerns about the Privacy Notice, please contact our centralised privacy response contact as follows:
Email at: email@example.com
FAO: Privacy Officer (Legal Department)
New Globe House
Vanwall Business Park
TEL: + 44 (0) 1628 760610
Fax: +44 (0) 1628 760611
For all California Consumer Privacy Act enquires and Consumer Rights Requests:
Please either email to firstname.lastname@example.org or phone: +1 888 351 2210
SDL PLC is a company registered in England with registered number 02675207 of New Globe House, Vanwall Road, Vanwall Business Park Maidenhead, Berkshire, SL6 4UB, United Kingdom. Details of all our subsidiary companies is available at SDL Companies and SDL contact details.
Last updated: January 2020