RWS Group

(i) When referring to “we” and “us”, we refer to the RWS Group US corporations i.e., SDL Inc and its US subsidiary XYEnterprise LLC, and RWS Life Sciences Inc - together RWS. 

(ii) When referring to the “EU”, we include the countries forming part of the European Economic Area i.e., all 27 EU countries and Iceland, Liechtenstein, and Norway; 

(iii) When referring to “client”, we refer to an EU, UK or Swiss company to which RWS provides its services or an EU, UK or Swiss prospective company; 

(iv) When referring to “employee”, we refer to a current, former or prospective (i.e., job applicant) RWS EU or UK (but not Swiss) employee; 

(v) When referring to “personal data and/or personal information”, we refer to data about an identified or identifiable individual received by us respectively from the EU, UK or Switzerland, and recorded in any form; 

(vi) When referring to “processing of personal data”, we refer to any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction; 

(vii) When referring to “corporate representatives”, we refer to any current, former or prospective individual who represents a client or vendor, and who is located in the EU, UK or Switzerland; 

(viii)When referring to “vendor or supplier”, we refer to an EU, UK or Swiss company that provides products or services to us.

Categories of Personal Data Received	Purposes of Use
Human Resources data (only under EU-US DPF and the UK Extension to the EU-US DPF)
Individual contact information (e.g. name, surname, salutation, address, telephone, email)	Employee information and relationship management  Disaster recovery and business continuity planning
Job application candidate information (e.g. name, surname, salutation, address, telephone, email, CVs)	Recruitment and hiring
Employee information (e.g. job-related information, date and month of birth, absence records)	Employee information and relationship management  Line management  IT support, maintenance and issue resolution
Employee performance reviews and compensation	Line management
Non-Human Resources data (under EU-US DPF and the UK Extension to the EU-US DPF and Swiss-US DPF)
Individual contact information of corporate representatives and visitors of our websites (through Contact Us forms)	Client and vendor relationship management  Marketing communications and preferences
Account login information and account information of corporate representatives	Client and vendor relationship management  IT support, maintenance and issue resolution
Client translation content containing personal information as per client instructions	Provision of our products and services (as service provider to our clients on their behalf and pursuant to their instructions)  IT support, maintenance and issue resolution

We process your personal data in a way that is compatible, i.e., relevant and proportionate with the purposes described above and/or subsequently authorised by you in accordance with DPF Principles. 

We also comply with the DPF Principles by implementing processes described in this Notice to ensure your personal data is accurate, complete, current and reliable for its intended use. 

We also take reasonable and appropriate measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

We share your personal with third parties who act as our agents to perform tasks on our behalf and under our instructions for the purposes described in the table below. We implement processes to conclude written contracts with our third-party agents, which include appropriate data privacy provisions. We require from our third-party agents to provide the same level of protection as the one guaranteed by the DPF Principles. 

We remain liable for the onward transfers to such third parties.

Categories of Personal Data Received	Purposes of Use
• Cloud and application hosting providers (e.g. AWS, AliCloud, ServerBase, Microsoft)	Under EU-US DPF and the UK Extension to the EU-US DPF and Swiss-US DPF:  Data hosting  Only under EU-US DPF and the UK Extension to the EU-US DPF:  Data hosting

We may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

You have a right of access to the personal information we hold about you including the right to obtain rectification or amendment of inaccurate data, and to obtain deletion of your personal data.

We also offer you choices with respect to the use and disclosure of your personal information. 

We offer the right to “opt out” of having your personal information used for direct marketing communications at any time as well as, for sensitive personal information, to explicitly “opt-in” (i.e. consent) to the disclosure and use of this information by RWS. 

When contractually bound to act only on instructions from our clients in the provision of our products and services, typically for the provision of linguistic translations and content to our corporate clients, we will assist them in responding to individuals exercising their rights. 

For further information on your further rights and choices and how to exercise them under applicable laws and regulations, please refer to section 11 of RWS Privacy Policy at: https://www.rws.com/legal/privacy/privacy-notice/

You have a right to inquire about, and access your personal data, as well as submit a complaint in relation to the processing of your personal data. Please go to the ‘How to contact us’ section for information on how to reach us. 

We will endeavour to respond your inquiries, investigate and resolve complaints expeditiously and at the latest within 45 days at no cost to you and by reference to the EU-US DPF Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles. 

You may also submit a complaint to the relevant data protection supervisory authority (DPA) based in the EU, to the UK Information Commissionner’s Office, to the Swiss Federal Data Protection and Information Commissioner. We commit to cooperate in investigations by, and to comply with the advice of relevant DPA. Furthermore, the US Department of Commerce’s International Trade Administration (ITA) has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the relevant DPA within 90 days.

In the case where your complaint was not to be resolved using the recourses described above (referred to as a Residual Claim), you also have the right to invoke binding arbitration by delivering notice to us and following the procedures and conditions set forth in Annex I. Binding Arbitration. 

We commit to refer unresolved Data Privacy Framework complaints to International Centre for Dispute Resolution American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit ICDR/AAA at the location listed below for more information or to file a complaint. The services of International Centre for Dispute Resolution Case Filing Services are provided at no cost to you. For claims and disputes arising under or relating to this Policy, individuals may invoke binding arbitration in a location mutually agreeable to the parties. An award of arbitration may be confirmed in a court of competent jurisdiction. 

ICDR/AAA Contact: 

Address: International Centre for Dispute Resolution American Arbitration Association, 1101 Laurel Oak Road, Suite 100 Voorhees, NJ, 08043, United States
Website: https://go.adr.org/dpf_irm.html
Email: casefiling@adr.org
Phone: +1.856.435.6401
Fax: +1.212.484.4178

For any inquiries or complaints about this Notice or our practices concerning personal data, please contact:

Categories of Personal Data Received	Purposes of Use
Christel Cao-Delebarre Group Head of Global Privacy Email: privacy@rws.com  As applicable:  SDL Inc The Legal Department 101 Edgewater Drive Suite 210 Wakefield MA 01880 United States  RWS Life Sciences 101 East River Drive 2nd Floor East Hartford CT 06108	Christel Cao-Delebarre Group Head of Global Privacy Email: privacy@rws.com  RWS Holdings Plc The Legal Department Europa House Chiltern Park Chiltern Hill Gerrards Cross SL9 9FG United Kingdom