BIG Language Solutions – October 30, 2020
Your California privacy rights
California Civil Code Section § 1798.83 permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write to us at 3424 Peachtree Rd NE, Suite 2060, Atlanta, GA 30326.According to standard definitions, an Information Security Policy is a set of rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the regulations regarding the security of data stored digitally within the boundaries where the organization stretches its authority. Attaining this goal involves setting up an Information Security Policy for the organization and ensuring its adherence. The ISP is governing the protection of information, which is an asset that the organization needs to protect. Information may be printed, written, spoken, or visually explained.
The organization has implemented the ISP with the goal of identifying, assessing, and taking steps to avoid or to mitigate risk to the organization’s information assets. Information security is achieved by implementing a suitable set of controls, including policies, organizational structures and software, and hardware functions.
The ISSG has established security objectives to:
The security objectives are monitored and analyzed yearly and recorded IAW the 05M01 CMS. These controls are established, implemented, monitored and controlled to ensure that the specific security and business objectives of the organization are met. The same is executed in conjunction with ISO 9001 and ISO 27001 processes implemented by the organization.
Capital planning and investment requests include the resources needed to implement the security program, employ a business case; and the organization ensures the resources are available for expenditure as planned. The Management Review Meeting captures any additional resources needed and any improvement projects IAW 09P01 Management Review SOP.
Within the Information Security Policy, roles and responsibilities have been defined and assigned to specific individuals or groups within its organization. The Management Team, including the Information Security Officer (ISO), has established an 07F18 Security Management Structure document. Information security responsibilities are clearly defined, maintained, and communicated. These responsibilities include the security of the organization’s information assets and information technology that are accessed, processed, communicated to, or managed by external parties.
The table below uses the RACI (R= Responsible, A= Accountable., C= Consulted, I= Informed) model for identifying roles and responsibilities during an organizational change process
Area of Responsibility | ISSG | ISO | IAO | User |
Establish the Information Security Program (ISP) | A | R | C | N/A |
Implement and Operate the ISP | A | R | C | N/A |
Monitor and Review the ISP | A/R | R | C | N/A |
Maintain and Improve the ISP | A/R | R | C | N/A |
Management Responsibility | A/R | R | C | N/A |
Resource Management | A | R | I | N/A |
Provision of Resources | A/R | C | I | N/A |
Training, Awareness and Competence | A/R | R | C | I |
Internal ISP Audits | A/R | R | C | I |
Establish Controls | A | R | C | I |
Storage of Source Code | N/A | R | N/A | N/A |
Asset Protection from unauthorized access, disclosure, modification, destruction or interference | ||||
Report of security event or risks | A/R | R | R? | I? |
The organization has defined the expectations and principles relating to how system setup and credential privileges should be managed. User accounts and privileges shall be managed correctly to ensure authorized user access to information systems is possible, while unauthorized access is not, including but not limited to:
All Customer requests for support must be submitted to [email protected] and vendor requests are to be submitted to [email protected]. Requests are categorized into three tiers:
All calls received after hours are routed to customer support who are on call. Otherwise during regular business hours the number of staff supporting the service. For all tier 3 requests, a ticket will need to be created with GCP or AWS.
BigLS has deployed a change management process in order to prevent unintended service disruptions and to maintain the integrity of all company services. All changes identified as causing disruption are planned and approved by management, without exception.
All requests are processed per IAW 07P08 IT Service Desk SOP. Rollback procedures are documented in case there is a need to go back to a previous status, even though change plans are mostly related to minimal marketable features (MMF). All MMFs are tested thoroughly after a fully automated deployment in the testing environment, before authorizing the deployment into production. Layers of authorization and logging exist so that production changes are controlled and monitored. Only authorized engineers are able to perform production changes. The organization communicates to different stakeholders when the services might be adversely affected.
The organization supports and manages changes to Workspace in the cloud including their operating system and applications and covers major, minor and patches.
The Management team meets every month to discuss any upcoming change. This meeting is known as the Replenishment Meeting.
Risk assessments shall identify, quantify, and prioritize threats that may become relevant to the organization. The results shall guide and determine appropriate organization action and priorities for managing information security risks and for implementing controls needed to protect information assets.
The organization protects its devices at all times by access controls, usage restrictions, connection requirements, encryption, virus protections, firewalls and physical protections.
Please see 04M06 Password Policy
Policy may be made available upon signing a non-disclosure agreement.
10.2.1 Policy
The sensitivity of applications/systems is explicitly identified and documented. The organization’s solution to the Translation Industry is a security-first approach to the handling of any request. The classification of the data of our infrastructure, architecture and home grown software development is carefully selected to handle the most sensitive information available. The following information provides guidance and sets the expectation for the processing and classification of information and customer data:
Data Classification
Type | Description |
Restricted Information | Highly sensitive data that should not leave managed systems. It includes any information that is extremely sensitive in nature such as, but not limited to, Personally Identifiable Information (PII); Payment Card Industry (PCI) and Intellectual Property (IP) is classified as Restricted. Its unauthorized disclosure could seriously and adversely impact the organization, its customers, its business partners, and its external providers. |
Confidential Information | Sensitive data that could leave managed systems over secure communications channels only. Its unauthorized disclosure could adversely impact the organization, its customers, its business partners, and its external provider. An example of confidential information may include knowledge regarding systems or processes used by the company that is not considered IP, secret, or a threat to the company’s security. |
NOTE: Any information not explicitly classified as Confidential or Restricted shall be considered as Confidential and treated as outlined in this document.
Please see 04M07 Data Classification Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.
The following information sets the rules and expectations for the security and accessing of information:
Resources (employee, external provider, and consultant) shall understand the sensitivity of their data and treat them accordingly per IAW 04M07 Data Classification Policy. Even if technical security mechanisms fail or are absent, every user should still attempt to maintain data security commensurate with its sensitivity.
The organization shall provide resources with access to the information they need to carry out their responsibilities in as effective and efficient a manner as possible.
The organization places reasonable restrictions on removal media. The use of removable media is prohibited on all equipment owned by the organization. Exceptions are managed IAW 07P10 Antivirus and Malware SOP and the 07P08 IT Service Desk SOP and must be approved by the ISO. Restricted Workspaces are prohibited to use removable media, no exceptions.
Please see 04M08 Information Access Control Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.
1 Policy
2 Requirements
Please see 04M10 Remote Access Control Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.
2 Software Use
3 Software from Other Sources
Please see 04M12 Acceptable Use Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.
Please see 04M16 Intellectual Property Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.
details of our selected controls and how they have been implemented and measured are considered confidential information and restricted to the organization. the following sections have been removed to make this document available to the public: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management, and compliance
Effective Date: January 1, 2020
Last Reviewed on: January 31, 2020
This Privacy Notice for California Residents supplements the information contained in Big Language Solutions’ Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, Big Language Solutions’ Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
Personal information does not include:
BIG IP obtains the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
Big Language Solutions will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
Big Language Solutions may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category H: Sensory data.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties:
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that BIG IP disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that Big Language Solutions delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We currently do not provide financial incentives.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: Big Language Solutions, 3424 Peachtree Rd, NE, Suite 2060, Atlanta, GA 30326
Changes to Our Privacy Notice
Big Language Solutions reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which Big Language Solutions collects and uses your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 800-642-6290
Website: https://biglanguage.com#contact/
Email: [email protected]
Postal Address:
Big Language Solutions
Attn: Compliance
3424 Peachtree Rd, NE
Suite 2060
Atlanta, GA 30326
Our family of companies includes BIG IP, ISI Language Solutions, Protranslating, Language Link, DWL, and Lawlinguists, bringing over 160 years of combined expertise with offices in 29 locations worldwide. Through our portfolio, we customize and deliver language services in more than 300 languages and dialects.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |