RWS Group

United States Data Privacy Framework (DPF) Notices

Date of Last Update: 12 June 2024 

SDL Inc and its US subsidiary XYEnterprise LLC, as well as RWS Life Sciences Inc (forming part of the RWS Group US corporations, together RWS), which provide technology-enabled linguistic, content and intellectual property services to its corporate clients, comply with the European Union-United States Data Privacy Framework (EU-US DPF) and the United Kingdom (UK) Extension to the EU-US DPF, and the Swiss-United States Data Privacy Framework (Swiss-US DPF) as set forth by the United States (US) Department of Commerce. 

RWS have certified to the US Department of Commerce that they adhere to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) regarding the processing of personal data received from the European Union (EU) and the UK in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. 

RWS have also certified to the US Department of Commerce that they adhere to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. 

If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles, UK Extension to the EU-US DPF and/or the Swiss-US DPF Principles, the Data Privacy Framework Principles shall govern. 

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-US DPF and the UK Extension to the EU-US DPF and the Swiss-US DPF, RWS commit to cooperate and comply respectively with the advice of the panel established respectively by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance respectively on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF. 

RWS are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). 

The following informs you of the type of personal data received by us and why, the third parties with whom we share your personal data and why, your rights and choices, how to inquire and submit a complaint, and how to reach us. Please scroll further down to view each of our specific notices per RWS entity.

(i) When referring to “we” and “us”, we refer to the RWS Group US corporations i.e., SDL Inc and its US subsidiary XYEnterprise LLC, and RWS Life Sciences Inc - together RWS. 

(ii) When referring to the “EU”, we include the countries forming part of the European Economic Area i.e., all 27 EU countries and Iceland, Liechtenstein, and Norway; 

(iii) When referring to “client”, we refer to an EU, UK or Swiss company to which RWS provides its services or an EU, UK or Swiss prospective company; 

(iv) When referring to “employee”, we refer to a current, former or prospective (i.e., job applicant) RWS EU or UK (but not Swiss) employee; 

(v) When referring to “personal data and/or personal information”, we refer to data about an identified or identifiable individual received by us respectively from the EU, UK or Switzerland, and recorded in any form; 

(vi) When referring to “processing of personal data”, we refer to any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction; 

(vii) When referring to “corporate representatives”, we refer to any current, former or prospective individual who represents a client or vendor, and who is located in the EU, UK or Switzerland; 

(viii)When referring to “vendor or supplier”, we refer to an EU, UK or Swiss company that provides products or services to us.

Categories of Personal Data Received Purposes of Use
Human Resources data (only under EU-US DPF and the UK Extension to the EU-US DPF)
Individual contact information (e.g. name, surname, salutation, address, telephone, email)
  • Employee information and relationship management 
  • Disaster recovery and business continuity planning
Job application candidate information (e.g. name, surname, salutation, address, telephone, email, CVs)
  • Recruitment and hiring
Employee information (e.g. job-related information, date and month of birth, absence records)
  • Employee information and relationship management 
  • Line management 
  • IT support, maintenance and issue resolution
Employee performance reviews and compensation
  • Line management
Non-Human Resources data (under EU-US DPF and the UK Extension to the EU-US DPF and Swiss-US DPF)
Individual contact information of corporate representatives and visitors of our websites (through Contact Us forms)
  • Client and vendor relationship management 
  • Marketing communications and preferences
Account login information and account information of corporate representatives
  • Client and vendor relationship management 
  • IT support, maintenance and issue resolution
Client translation content containing personal information as per client instructions
  • Provision of our products and services (as service provider to our clients on their behalf and pursuant to their instructions) 
  • IT support, maintenance and issue resolution

We process your personal data in a way that is compatible, i.e., relevant and proportionate with the purposes described above and/or subsequently authorised by you in accordance with DPF Principles. 

We also comply with the DPF Principles by implementing processes described in this Notice to ensure your personal data is accurate, complete, current and reliable for its intended use. 

We also take reasonable and appropriate measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

We share your personal with third parties who act as our agents to perform tasks on our behalf and under our instructions for the purposes described in the table below. We implement processes to conclude written contracts with our third-party agents, which include appropriate data privacy provisions. We require from our third-party agents to provide the same level of protection as the one guaranteed by the DPF Principles. 

We remain liable for the onward transfers to such third parties.

Categories of Personal Data Received Purposes of Use
• Cloud and application hosting providers (e.g. AWS, AliCloud, ServerBase, Microsoft)

Under EU-US DPF and the UK Extension to the EU-US DPF and Swiss-US DPF: 

  • Data hosting 

Only under EU-US DPF and the UK Extension to the EU-US DPF: 

  • Data hosting

We may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

You have a right of access to the personal information we hold about you including the right to obtain rectification or amendment of inaccurate data, and to obtain deletion of your personal data.

We also offer you choices with respect to the use and disclosure of your personal information. 

We offer the right to “opt out” of having your personal information used for direct marketing communications at any time as well as, for sensitive personal information, to explicitly “opt-in” (i.e. consent) to the disclosure and use of this information by RWS. 

When contractually bound to act only on instructions from our clients in the provision of our products and services, typically for the provision of linguistic translations and content to our corporate clients, we will assist them in responding to individuals exercising their rights. 

For further information on your further rights and choices and how to exercise them under applicable laws and regulations, please refer to section 11 of RWS Privacy Policy at: https://www.rws.com/legal/privacy/privacy-notice/

You have a right to inquire about, and access your personal data, as well as submit a complaint in relation to the processing of your personal data. Please go to the ‘How to contact us’ section for information on how to reach us. 

We will endeavour to respond your inquiries, investigate and resolve complaints expeditiously and at the latest within 45 days at no cost to you and by reference to the EU-US DPF Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles. 

You may also submit a complaint to the relevant data protection supervisory authority (DPA) based in the EU, to the UK Information Commissionner’s Office, to the Swiss Federal Data Protection and Information Commissioner. We commit to cooperate in investigations by, and to comply with the advice of relevant DPA. Furthermore, the US Department of Commerce’s International Trade Administration (ITA) has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the relevant DPA within 90 days.

In the case where your complaint was not to be resolved using the recourses described above (referred to as a Residual Claim), you also have the right to invoke binding arbitration by delivering notice to us and following the procedures and conditions set forth in Annex I. Binding Arbitration. 

We commit to refer unresolved Data Privacy Framework complaints to International Centre for Dispute Resolution American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit ICDR/AAA at the location listed below for more information or to file a complaint. The services of International Centre for Dispute Resolution Case Filing Services are provided at no cost to you. For claims and disputes arising under or relating to this Policy, individuals may invoke binding arbitration in a location mutually agreeable to the parties. An award of arbitration may be confirmed in a court of competent jurisdiction. 

ICDR/AAA Contact: 

Address: International Centre for Dispute Resolution American Arbitration Association, 1101 Laurel Oak Road, Suite 100 Voorhees, NJ, 08043, United States
Website: https://go.adr.org/dpf_irm.html
Email: casefiling@adr.org
Phone: +1.856.435.6401
Fax: +1.212.484.4178

For any inquiries or complaints about this Notice or our practices concerning personal data, please contact:

Categories of Personal Data Received Purposes of Use

Christel Cao-Delebarre
Group Head of Global Privacy
Email: privacy@rws.com 

As applicable: 

SDL Inc
The Legal Department
101 Edgewater Drive
Suite 210
Wakefield
MA 01880
United States 

RWS Life Sciences
101 East River Drive
2nd Floor East Hartford
CT 06108

Christel Cao-Delebarre
Group Head of Global Privacy
Email: privacy@rws.com 

RWS Holdings Plc
The Legal Department
Europa House
Chiltern Park
Chiltern Hill
Gerrards Cross SL9 9FG
United Kingdom