Privacy

BIG Language Solutions  – April 30, 2024

Sections

Privacy Policy

This Privacy Policy (“Privacy Policy”) is a legal agreement between you or an entity that you are representing (“you,” “your”) and Big Language Solutions, a Delaware corporation (”BIG Language,” “we,” “our” or “us”). This Privacy Policy governs your use of the products and services made available to you directly or indirectly by us and/or by any of our Corporate Entities (as defined below), including websites (including our website available at biglanguage.com.com (the “BIG Language Website”) and other websites made available by any of our other Corporate Entities and that are refenced from the BIG Language Website or that reference this Agreement) (all such websites, collectively, the “Website”), services and functionality providing or facilitating translation of documents or any other data, software, hardware, mobile applications, cloud-based software, systems or services, application programing interfaces (APIs), artificial intelligence (AI) features and functionality, any other technology, products, services and/or content made available by us or by any of our Corporate Entities (collectively, the “Services”). . The Terms and Conditions agreement (the “Agreement”) available at our Website governs your use of the Services, and in connection with that Agreement and as a condition to using the Services, you agree to accept and be legally bound by this Privacy Policy. If you are accessing the Services on behalf of an entity (for example, a company, non-profit entity, university, or other business or organization), you represent to us that you have authority to bind that entity to this Privacy Policy, and that entity accepts this Privacy Policy, and the term “you” or “your” will apply to such entity. This Privacy Policy applies to all of our Services. By using any of the Services, you agree to this Privacy Policy and to any other agreements or policies referenced within this Privacy Policy. If you do not agree to this Privacy Policy, you are not allowed to use the Services. 
  • Collection of Data.
    • In connection with accessing our Services, we may collect information from you which can be used to identify you (“Personal Information”), such as your name, email address, phone number, address, username, password, credit card or other financial information, credit reports about you, and a personal description of you.
    • We collect information relating to you when you register or open an account, sign in, pay a bill, purchase or subscribe to a Service, call us for support, or give us feedback. We may also obtain information relating to you from our Business Affiliates, such as when you sync a third party account or service with our Services. Finally, we also collect content or other information relating to you that you may provide or create when you interact with our Services. For purposes of this Privacy Policy, “Business Affiliate” means any third party that provides to you any portion of the Services on our behalf, or that otherwise helps us provide to you any portion of the Services. Business Affiliates may include our business partners, contractors, consultants, subcontractors, licensor, data providers, vendors, or other service providers (e.g., entities that provide to us technical services, payment processing, delivery services, or other services), data or content providers or licensors (e.g., entities that provide to us Personal Information or other data or content), advertising networks, analytics providers, search information providers, credit reference agencies, and other such third parties.
    • Information you give us. We also collect information about you that you give us by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise. This may include information you provide when you search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site, to the extent that we make available to you such functionality.
    • We may also automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, we may collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services. We may also collect IP addresses from users when they log into the Services as part of our log-in and security features. The information that we collect about you may also include other technical information, your login information, browser type and version, time zone setting, browser plug-in types and versions, and your operating system and platform. We may also collect other information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
    • Information we receive from other sources. We may also collect information about you that we receive if you use any of the other websites we operate or the other services we provide. In this case, we will separately inform you when we collect that data if we intend to share such data internally and combine it with data collected on the Website, and we will also separately tell you for what purpose we will share and combine your data. We may collaborate with our Business Affiliates to provide the Services to you, and we may obtain information about you from such third parties.
    • Our Services may change over time and we may introduce new features that may collect new or different types of information.
    • For clarification, our collection of data about you as described above in this Section 1 will always be subject to all laws, regulations and contractual obligations applicable to such data.
  • Use of Data
    • Unless prohibited by law, regulation, or a contractual obligation, we may use your information, including your Personal Information, for the following purposes:
    • We may use your name, address, phone number, and email address to register your account for certain Services we provide and to communicate important information to you. We may obtain additional Personal Information about you, such as address change information, from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your Personal Information.
    • We may use your information to communicate with you about our Services and to give you offers for third party products and services that we think may be of use to you. Please see Section 3 below for the choices you have regarding these communications.
    • We may use your information to personalize or customize your experience and the Service, develop new features or services, and to improve the overall quality of the Services.
    • We may use your information to operate our business, including providing Services you requested, provide you with support related to our Services, and to help us protect our Services, including to combat fraud and protect your information.
    • We may use your name, address, phone number, email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience. We also offer various Internet chat services, for example, to speak with a support representative or other advisor. Internet transmissions (e.g., chat or other messaging) may be intercepted by third parties, so you should not supply more Personal Information than is reasonably necessary to address your specific issue. We may retain a transcript of any chat session to resolve questions or issues related to our Services.
    • We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Services and how we may improve them.
    • We may prepare and share information about our customers (which may include you) with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. This information may be anonymized, such that it does not identify you personally. For example, we may share demographic data that describes the percentage of our customers who use mobile services or who use a particular operating system. We or our third party partners may publicly report the aggregated findings of the research or analysis, but we may do so in a way that would not allow you to be uniquely identified.
    • You may be able to log into our Services using a shared credential pass-through mechanism, where you log into our Services using credentials provided by another party, or where we use your login credentials for the Services to give you access to services operated by other parties. In such cases, we may collect and share with the respective third parties certain information for security purposes in order to verify your authorized access to an account or to reset your password if you cannot access your Services account. Some Services may require added security and you may be asked to provide additional information. The email address or user name, combined with your password that you establish (and that you may update from time to time) in connection with the Services, may be used as your “credentials” to authenticate you with our platform. We may assign a unique ID number to your credentials to track you and your associated information.
    • We may use information, including Personal Information, within the scope of any rights granted to us in the Agreement or as otherwise permitted under the Agreement.
    • From time to time, we may need to share your Personal Information with other parties, as follows:
      • We may share your information, including Personal Information and Usage Data, with our Business Affiliates who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, or performing analytics. Our contracts with these Business Affiliates require them to maintain the confidentiality of the Personal Information we provide to them, only act on our behalf and under our instructions, and not use Personal Information for purposes other than the product or service they’re providing to us or on our behalf.
      • We may share your information with courts, law enforcement agencies, or other government agencies when we have a good faith belief that we are required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect us, or to respond to a court order, subpoena, search warrant, or other law enforcement request.
      • We may share account information, Personal Information and Usage Data when we believe it is appropriate to enforce or apply the Agreement or other agreements; or to protect our rights and property, the Services, our users, or others. This may include exchanging information with our Business Affiliates or other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing Personal Information of our customers for commercial purposes in violation of this Privacy Policy.
      • We may share your information with credit bureaus, consumer reporting agencies, and card associations to the extent not prohibited by applicable laws. Late payments, missed payments, or other defaults on your account may be reflected in your credit report and consumer report. We may also share your information with other companies, lawyers, credit bureaus, agents, government agencies, and card associations in connection with issues related to fraud, credit, or debt collection.
      • We may share your information, including your Personal Information, with and among our Corporate Affiliates, except where prohibited by law, regulation, or a contractual obligation. “Corporate Affiliates” means any companies or other entities related to us by common ownership or control. Corporate Affiliates may include our direct or indirect subsidiaries, our direct or indirect parent entities, other direct or indirect subsidiaries of any of our parent entities, and any other entities that are part of our corporate family.
      • The reasons why we may share your information (including your Personal Information) with our Business Affiliates or Corporate Affiliates include for our everyday business purposes, such as to: process your transactions, maintain your accounts, operate our business, facilitate access to your Services account, otherwise provide the Services to you, and other such activities. We may also share your information in order for us to be able to offer the Services and other products and services to you. We may also share information with our Business Affiliates or Corporate Affiliates about your creditworthiness, your transactions, and/or use of our Services (including your Personal Information) so that we can operate our business effectively, detect and prevent fraud, and improve our Services.
      • If we sell, merge, or transfer any part of our business, we may be required to share or transfer your information, in which case we may share your information with, or transfer your information to the entity that operates the Services relevant to this Privacy Policy after such transaction.
      • When you transmit information to us, your information (including your Personal Information) may be stored or processed by a Business Affiliate (as defined above) working on our behalf or otherwise helping us to provide Services to you. For example, if you communicate with us or otherwise transmit information to us through a chat box, contact form, Service-related form, customer support form, email, SMS, or any other mechanism for data transmission, your information may be processed by one or more Business Affiliates of ours and/or may be stored in one or more platforms or systems operated by one or more Business Affiliates of ours. You expressly consent to us sharing your information (including your Personal Information) with our Business Affiliates and to storing your information (including your Personal Information) in platforms and systems operated by our Business Affiliates in connection with communications that you conduct with us and/or with the Services, and you expressly authorize our Business Affiliates designated by us to receive, process, and store your information (including your Personal Information) in connection with communications that you conduct with us and/or with the Services.
      • Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Information may be shared with other third parties to the extent required by applicable laws and regulations.
    • We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third-party services with the Services. Sometimes we may let you know about the service or product, or another company may let you know about a service or product offered by us. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your information, including your Personal Information, as well as information about how you interact with each company’s service or product. This exchange of information will be necessary to maintain business operations and to provide the ongoing service you request. By requesting or accepting these products or services, you are permitting us to provide your information, including your Personal Information, to the other party.
  • Managing Your Privacy.
    • You can view and edit information that identifies you online through your account on the Services, or to the extent not available there, you may ask us for a copy of your information that we hold. How you can access and control information that identifies you will depend on which Services you use. You have a choice about the use of information that identifies you, marketing communications you receive from us, and our use of cookies and other tracking technologies.
    • We will honor your choices when it comes to receiving marketing communications from us. You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:
      • Click the “unsubscribe” link in the email or newsletter you received.
      • Adjust your settings in your Services account.
      • For SMS messages, if applicable, reply “STOP” or follow the instructions in the message or settings to discontinue those communications.
      • If applicable, our Services may send notifications to your mobile device. If you are receiving notifications from us on a mobile device and no longer wish to receive these types of communications, you may turn them off at the device level.
    • Even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.
    • Some of our Services may use social media features provided or shared with other parties (e.g., Facebook, LinkedIn, etc.). These features may collect your IP address and which page you are visiting within our Service, and may set a cookie to enable the feature to function properly. Social media features may be hosted by another party or may be hosted directly on our Services. Your interactions with these features are governed by the privacy statement of the party providing the relevant social media features.
  • Updating Your Personal Information.
    • In connection with your right to manage your Personal Information you provide to us, you may access, update, change, correct or request deletion of your information either through the Service or through our customer support team. You can reach our customer support team by using the contact information available on our Website or within the Services, or otherwise provided to you.
    • If you have created an online account with us and would like to access, update, change, correct or delete the Personal Information you have provided to us, you may be able to access your account to view and make changes or corrections to your Personal Information directly through your account.
  • Cookies and Tracking Technologies.
    • The following is a high-level summary of our practices and your controls for cookies and other tracking technologies.
    • In accordance with applicable law, we and our service providers may use commonly-used tools to recognize your visit and track your interactions with our Services such as cookies, web beacons, pixels, local shared objects, and similar technologies (collectively, “Cookies”). Sometimes this tracking is necessary in order for us to provide you the Service you requested. Other times, we combine Usage Data collected from Cookies with that of other customers to improve your and other customers’ experience. You have control over some of the Usage Data we collect from Cookies and how we use it. Information on changing your browser settings to opt out of Cookies can be found in your browser settings.
    • We may use advertising networks and other third parties to display advertising on our Website or to manage our advertising on other sites. Our Business Affiliates or other third-party partners may place Cookies on our Services and unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests, and to determine the effectiveness of such advertisements. If you wish to opt out of interest-based advertising, please use the appropriate settings on our Website or within the Services (if we make any such settings available to you), or otherwise please contact us at the customer support link available on our Website.
    • You may also have the additional choices to opt-out of certain tracking by other parties through Cookies for such purposes, in which case you may use the tools available to you by such parties.
    • Please note that even if you opt-out of such Cookies or otherwise opt-out of interest-based advertising, you may still receive advertisements, but they may not be tailored to your interests. Also, if you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.
    • Like many other companies, our Services may not be configured to respond to browsers’ “Do Not Track” signals because at this time no formal “Do Not Track” standard has been adopted.
  • Data Retention.
    • In accordance with and as permitted by applicable law and regulations, we may retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, as otherwise needed to operate our business to the extent permitted by applicable laws and consistent with the Agreement and this Privacy Policy, or as required by applicable laws. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications.
    • We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones. We will retain and use your information as required by applicable regulations and by our records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.
    • In general, to determine the appropriate retention period for your Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal requirements.
    • In general terms, we will retain your Personal Information for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards; however, we may maintain different retention periods for different types of Services. There are also certain types of information which are required to be retained for a certain period by applicable laws and regulations. In some cases, our Services may allow you to establish specific retention periods for particular classes of Personal Information, in which case we will apply your retention periods for purposes of this Section 6.
  • Security of Your Information
    • Keeping your Information safe is important to us. We provide reasonable and appropriate security measures in connection with securing Personal Information we collect. For example, we:
      • Work on an ongoing basis to update our security practices to implement accepted best methods to protect your Personal Information, and review our security procedures.
      • Comply with applicable laws and security standards.
      • Securely transmit your sensitive Personal Information.
      • Train our staff and require them to safeguard your data.
      • Transmit, store, protect, and access (or engage another party to transmit, store, protect, and access) your payment information (e.g., credit or debit card information) in compliance with the Payment Card Industry’s Data Security Standards (PCI DSS) if we are handling payments for you using credit or debit cards or other forms of payment governed by the PCI DSS standard.
  • International Data Transfers.
    • In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to wherever we or our Business Affiliates operate.
    • We may transfer your personal information to and process and store your information in other countries in compliance with applicable law. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective). In such cases, we will take appropriate safeguards to require that your personal information remains protected.
  • How to Contact Us.
    • If you have questions or comments about this Privacy Policy, please contact us as follows:
    • Via Email. If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at [email protected].
    • Via Direct Mail. Please write to as the following address: 3424 Peachtree Road NE, Suite 2060, Atlanta, Georgia 30326 USA.
  • Changes to this Privacy Policy and Assignment.
    • From time to time, we may change or update our Privacy Policy. We reserve the right to make changes or updates to this Privacy Policy at any time. More information about how we will notify you is below.
    • If we make material changes to the way we process your Personal Information, we will provide you notice via our Service or by other communication channels, such as by email or community post. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may close your account(s). All changes are effective immediately upon being posted by us, and your use of our Service after a notice of material change or posting of an updated Privacy Policy will constitute your consent to all change.
    • You are not allowed to assign or transfer this Privacy Policy to any other party without our written approval. We have the right to assign or transfer this Privacy Policy at any time, in whole or in part, without notice to you, to any party. If such an assignment or transfer of this Privacy Policy occurs in connection with a corporate reorganization, or in connection with a sale or transfer of any or all of our stock, business or assets that relate to any aspect of the Services, and if any of your data is transferred in connection with any Services that are subject to such corporate reorganization, sale or transfer, then we also reserve the right to transfer your data relating to those Services to the respective assignee or transferee (including any or all of your Personal Information that relates to such Services), without any prior notice to you (in such a case, we would disclose publicly at a later time the respective reorganization, sale or transfer).
  • Children’s Personal Information.
    • We do not knowingly collect information from minors.
    • Our Services are intended for and directed to adults. Our Services are not directed to minors and we do not knowingly collect Personal Information from minors.
  • U.S. state law requirements.
    • Some U.S. state privacy laws require specific disclosures (“Specific US Privacy Laws”). The Specific US Privacy Laws include the following:
      • California Consumer Privacy Act (CCPA);
      • Virginia Consumer Data Protection Act (VCDPA);
      • Colorado Privacy Act (CPA);
      • Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA); and
      • Utah Consumer Privacy Act (UCPA) The following are some of these state privacy laws
    • This Privacy Policy is designed to help you understand how we handle your information for purposes of such Specific US Privacy Laws, as already described above in this Privacy Policy and as further described in this Section 12.
      • We explain the categories of information that we collect and the sources of that information.
      • We explain the purposes for which we collect and use your information.
      • We explain when we may disclose your information. We do not sell your personal information. We also do not “share” your personal information as that term is defined in the California Consumer Privacy Act (CCPA).
      • We explain how we retain your information. We also describe our processes around anonymization of your information. In general, we take measures to avoid the possibility that data that we anonymized can be processed to recover your identity and once again uniquely identify you.
    • Specific US Privacy Laws also provide the right to request information about how we collect, use, and disclose your information. And such Specific US Privacy Laws give you the right to access your information, sometimes in a portable format; correct your information; and to request that we delete that information. Many of these Specific US Privacy Laws also provide the right to opt out of certain forms of profiling and targeted advertising. They also provide the right to not be discriminated against for exercising these privacy rights. Finally, some Specific US Privacy Laws (such as CCPA) treat certain kinds of information, like health data, as sensitive; when you provide this information, we only use it for purposes permitted by the respective Specific US Privacy Laws (e.g., to provide Services that are requested and expected by you).
    • To the extent that we make available to you cloud-based features for managing your privacy settings, those settings and the related documentation that we make available to you through the Services also describe how you can further limit processing and/or retention of your data (including Personal Data) through the Services. Those privacy settings may allow you to access, review, update and delete your information, as well as export and download a copy of it, depending on the specific implementations and features that we provide to you. To the extent that our Services include ads shown to you in connection with your interaction with the Services, you may also be able use those privacy settings to control what information we use to show you ads, or turn off personalized ads. Please refer to those privacy settings and the related documentation that we make available to you through the Services for specifics, as applicable depending on the applicable features and context of the Services that we make available to you.
    • When you seek to change privacy settings that we make available to you through our Services, we may add an additional layer of security checks to validate your request by verifying that you are signed in to your Services account and/or for otherwise validating your identity and confirming that you are indeed seeking to make the respective change. This is to protect you and avoid fraudulent actions by unauthorized parties.
    • If you have questions or requests related to your rights under U.S. state privacy laws, you (or your authorized agent, if you have appointed an agent to act on your behalf) can contact us. And if you disagree with the decision on your request, you can ask us to reconsider it by communicating with us in accordance with this Privacy Policy or by responding to our email (if applicable).
    • Categories of Data. Some U.S. state privacy laws also require a description of data practices using specific categories. The following list identifies specific categories of data to organize the information in this Privacy Policy, to the extent applicable to you in connection with the Services, and to the extent that you provide any such data to us or we collect such data from you in accordance with this Privacy Policy.
    • Identifiers and similar information such as your name and password, phone number, and address, as well as unique identifiers tied to the browser, application, or device you are using. Some of our Services may provide the option to submit a valid ID (such as a driver’s license) to verify your identity to use additional features.
    • Demographic information, such as your age, gender and language. Some aspects of our Services may request and/or allow you to provide additional information, like your gender identity or race and ethnicity.
    • Commercial information such as your payment information and a history of purchases you make on our Services.
    • Internet, network, and other activity information such as your search terms; views and interactions with our Services, browsing or navigation history through our Services, information about the interaction of your apps, browsers, or devices with our Services (like IP address, crash reports, and system activity), and/or activity on third-party sites and apps that use our Services (if applicable). You may be able to review and control in detail activity such data in your Services portal.
    • Geolocation data, such as may be determined by GPS, IP address, and other data from sensors on or around your device, depending in part on your device and account settings. Depending on these settings, this may include precise location data, for example GPS data for your mobile phone when you use it to interact with our Services.
    • Audio, electronic, visual, and similar information, such as voice and audio information, if applicable within the Services.
    • Communications data, such as emails and messages, if you use our Services to send and receive messages (to the extent applicable).
    • Category: Professional, employment, and education information, such as biographical or professional information that you provide to us or that is maintained through an organization using our Services where you study or work.
    • Other information that you create through, process through, receive through, or upload to the Services, or that you otherwise provide to us in connection with the Services (e.g., documents, spreadsheets, images, etc.). Your Services portal allows you to manage such information (to the extent applicable).
    • Inferences that we may make based on the categories of data described above (e.g., areas of interests or preferences that you may have and that we may infer based on how you interact with our Services).
    • Business Purposes. The following are business purposes for which we may use or disclose information in the categories described above:
      • Protecting against security threats, abuse, and illegal activity relating to the Services. We may use and/or disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our Services, we may receive or disclose information about IP addresses that malicious actors have compromised.
      • Auditing and measurement in connection with our Services. We may use information for analytics and measurement to understand how our Services are used, as well as to fulfill obligations to our business affiliates (e.g., publishers, advertisers, developers, or rights holders). We may disclose non-personally identifiable information publicly and with these affiliates, including for auditing purposes.
      • Maintaining our Services. We may use information to ensure our Services are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.
      • Research and development. We may use information to improve our Services and to develop new products, features and technologies that benefit our users and the public. For example, we may use publicly available information to help train our AI models and/or to build products and features included in, or related to our Services.
      • Use of service providers. We may share information with service providers to perform services on your behalf and/or in our behalf, in compliance with this Privacy Policy and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide customer support and/or other services related to or included in the Services.
      • Advertising. We may process information to provide advertising, including online identifiers, browsing and search activity, and information about your location and interactions with advertisements to the extent you view them or interact with them through the Services. Advertisements relating to third party services and products may help us provide some aspects of the Services free of charge or at a reduced cost to you. You can control what information we use to show you ads by visiting your ad settings in My Ad Center.
      • Legal reasons. We may use information to satisfy applicable laws or regulations, and we may disclose information in response to legal process or enforceable government requests, including to law enforcement. We may disclose publicly from time to time the number and/or type of requests we receive from governments to the extent that we are allowed to do so.
    • Parties with Whom We May Share Information. The following are third parties to whom we may disclose information in the categories described above:
      • Third parties with whom you choose to share your information (e.g., recipients of any communications that you initiate or conduct through our Services, such as people or companies that receive messages, comments or emails that you may transmit through our Services).
      • Third parties for which you provide consent, such as services that integrate with our Services and that you choose to use in connection with our Services. You can review and manage third party apps and sites with access to data in your Services portal (to the extent applicable).
      • Business Affiliates that process information on your behalf or on our behalf in connection with the Services. For example, we may engage such S Business Affiliates to provide aspects of the Services to you. When we engage any such Business Affiliates in connection with the Services that we make available to you, we will process your information, and we will instruct such Business Affiliates to process your information in compliance with this Privacy Policy and with any agreements in effect between us and such Business Affiliates (e.g., such agreements will usually include data confidentiality provisions designed to protect your information).
      • System administrators and other representatives of your organization, if you work or study at an organization that uses our Services.
      • Law enforcement or other authorities, to the extent that we are requested to share such data by such entities with applicable jurisdiction over our Services and/or your information.
Effective [03/25/2024]

Privacy Notice for California Residents

Effective Date: January 1, 2020

Last Reviewed on: January 31, 2020

This Privacy Notice for California Residents supplements the information contained in Big Language Solutions’ Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, Big Language Solutions’ Website has collected the following categories of personal information from its consumers within the last twelve (12) months:

Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

BIG IP obtains the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or products and services you purchase.
  • Indirectly from you. For example, from observing your actions on our website.
  • Directly from third parties who engage us to provide services. For example, from parties you have interacted with and who may require translation or localization services to conduct their business with you.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To provide, support, personalize, and develop our website, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites, and via email or text message (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Big Language Solutions’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Big Language Solutions about our Website users is among the assets transferred.

Big Language Solutions will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

Big Language Solutions may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We share your personal information with the following categories of third parties:

  • Service providers.
  • Third-party customers who engage us to provide translation or localization services that may be related to your personal information.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category H: Sensory data.

Category K: Inferences drawn from other personal information.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service providers.
  • Third-party customers who engage us to provide translation or localization services that may be related to your personal information.

Sales of Personal Information 

In the preceding twelve (12) months, Company has not sold personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that BIG IP disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights 

You have the right to request that Big Language Solutions delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546  seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We currently do not provide financial incentives.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: Big Language Solutions, 3424 Peachtree Rd, NE, Suite 2060, Atlanta, GA 30326

Changes to Our Privacy Notice

Big Language Solutions reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which Big Language Solutions collects and uses your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: 800-642-6290

Website: https://biglanguage.com#contact/

Email: [email protected]

Postal Address:

Big Language Solutions
Attn: Compliance

3424 Peachtree Rd, NE

Suite 2060

Atlanta, GA 30326

Privacy Policy for European Residents

This Addendum to Privacy Policy for European Residents (this “European Addendum”) is a part of, and modifies the Privacy Policy found at the following link: https://biglanguage.com/privacy-policy/ (the “Privacy Policy”). This Addendum is a legal agreement between you or an entity that you are representing (“you,” “your”) and Big Language Solutions, a Delaware corporation (”BIG Language,” “we,” “our” or “us”). Capitalized terms used and not defined in this European Addendum are defined in the Privacy Policy. This European Addendum applies to you if you are a resident of the European Economic Area (“EEA”), Switzerland, or of the United Kingdom (“UK”) (collectively “Europe”), or if you otherwise use the Services from Europe. If you are accessing the Services on behalf of an entity (for example, a company, non-profit entity, university, or other business or organization), you represent to us that you have authority to bind that entity to this European Addendum, and that entity accepts this European Addendum, and the term “you” or “your” will apply to such entity.
  • Applicable Agreements. The Privacy Policy, as modified by this European Addendum, applies to your use of the Services. Your use of the Services is further subject to the Terms and Conditions agreement found at the following link: https://biglanguage.com/privacy-policy/ (the “Agreement”). By using the Services, as a resident of Europe, you agree to be legally bound by the Privacy Policy as modified by this European Addendum, and by the Agreement.
  • Definitions and Roles. This Section 2 provides certain definitions and describes certain operational roles that apply to this European Addendum. Other capitalized terms used and not defined in this European Addendum are as defined under GDPR, including the following terms: “Process/Processing”, “Data Subject”, “Personal Data”, “Personal Data Breach” and “Special Categories of Personal Data”.
    • “European Privacy Laws” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) the GDPR as it forms part of UK law by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, “UK Data Protection Laws”); and (v) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance (“Swiss DPA”).
    • Controller Role. If you are a consumer, we will always be the Controller for your Personal Data. If you are a business entity, either we or you will be the Controller depending on which party provides Personal Data to the other party.
    • Data Protection Officer. We have appointed a Data Protection Officer (“Data Protection Officer”) in accordance with the European Privacy Laws. Our Data Protection Officer can be contacted at: [email protected].
  • Legal bases for processing. The European Privacy Laws require us to ensure that we have a legal base for using your Personal Data. The legal bases of our processing of your Personal Data as described in this European Addendum will depend on the type of Personal Data and the specific context in which we process it. In general, the legal bases on which we typically rely are described below in this Section 3. If you have questions about the legal basis that we use to process your Personal Data, contact us at [email protected].
    • Service delivery and operations:
      • Processing purpose: We need to process your personal information to operate the Services, including responding to your requests or inquiries, providing you with access to content or information you requested, etc.
      • Categories of Personal Data:
        • Contact data
        • Demographic data
        • Communications data
        • Online identifiers and account information
        • Payment and transactional data
        • Dietary information
        • Audio, electronic, and visual information
        • Professional or employment-related information
        • Device data
        • Internet activity or electronic network activity information
        • Other data
      • Legal basis: Processing is necessary to perform our functions when providing Services to you, or to take steps that you request prior to signing up for a Service.
  • Research and development:
    • Processing purpose: We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.
    • Categories of Personal Data:
      • Any and all data types relevant in the circumstances
    • Legal basis: These activities constitute our legitimate interests. We do not use your Personal Data for these activities where our interests are overridden by the impact on you.
  • Marketing and advertising purposes:
    • Processing purpose: We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes.
    • Categories of Personal Data:
      • Contact data
      • Demographic data
      • Communications data
      • Device data
      • Internet activity or electronic network activity information
      • Marketing data
      • Other data
    • Legal basis: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
  • Compliance with legal obligations and protection purposes:
    • Processing purpose: We are subject to certain legal obligations that may oblige us to disclose your personal information to courts, law enforcement or regulatory authorities.
    • Categories of Personal Data:
      • Any and all data types relevant in the circumstances.
    • Legal basis: Processing is necessary to comply with our legal obligations. Where compliance with applicable laws (including European Privacy Laws) is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.
  • Further uses:
    • Processing purpose: We may use your personal information for reasons not described in this European Addendum.
    • Categories of Personal Data:
      • Any and all data types relevant in the circumstances.
    • Legal basis:
      • The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the Personal Information was collected.
      • Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.
  • Other purposes:
    • Processing purpose: We may need to process your personal information for additional purposes, such as:
      • To ensure access and maintenance of the Service, and to ensure their proper functioning.
      • For compliance, fraud prevention and safety.
      • For sharing your personal information with third parties as described in this European Addendum.
      • To disclose your Personal Data to a prospective or actual purchaser or seller in the context of a merger, acquisition or other reorganization or sale of our business or assets.
      • For the collection of statistical information about the use of our Services.
      • To protect our interests as a company, for different purposes, such as:
        • Enforcement of the Terms of Service.
        • Assess claims that any content violates the rights of third-parties.
        • For the establishment or exercise our legal rights or defending against legal claims.
    • Categories of Personal Data:
      • Contact data
      • Demographic data
      • Communications data
      • Online identifiers and account information
      • Payment and transactional data
      • Audio, electronic, and visual information
      • Professional or employment-related information
      • Device data
      • Internet activity or electronic network activity information
      • Other data
    • Legal basis: We rely on our legitimate interests to process your personal information when performing these processing activities. We do not use your personal information for these purposes where our interests are overridden by the impact on you.
  • Your rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you may have the following rights under European Privacy Laws:
    • Right of access: You have the right to ask us for copies of your Personal Data.
    • Right to rectification: You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete or augment information in your Personal Data if you think is incomplete.
    • Right to erasure: You have the right to ask us to erase your Personal Data in certain circumstances.
    • Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
    • Right to object to processing: You have the right to object to the processing of your Personal Data in certain circumstances.
    • Right to data portability: You have the right to ask that we transfer the Personal Data you gave us to another organization, or to you, in certain circumstances.
    • Right to withdraw consent at any time: Where we are relying on consent to process your Personal Data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Exercising Your Rights. To exercise any of the rights described in Section 4 above, you may submit a request by email to privacy@[COMPANY].com. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your Personal Data). If we reject any request you may make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any applicable legal restrictions.
  • Your Right to Lodge a Complaint with Your Supervisory Authority. If you are not satisfied with our response to a request you make to exercise your rights described in Section 4 above, or if you are not satisfied with how we process your Personal Data, you can file a complaint in accordance with the applicable European Privacy Laws to the data protection regulator in your main place of residence as follows:
    • If you are a resident of the European Economic Area, the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
    • If you are a resident of the UK, the contact information for the UK data protection regulator is here: The Information Commissioner’s Office, Water Lane, Wycliffe House Wilmslow – Cheshire SK9 5AF. Tel. +44 303 123 1113. Website: https://ico.org.uk/make-a-complaint/
  • Cross-border data transfer. We are headquartered in the United States, and many of our service providers, advisers, partners or other recipients of data are also based in the United States. This means that, if you use the Service, your Personal Data will necessarily be accessed and processed in the United States. It may also be provided to recipients in other countries outside Europe. In such circumstances, those parties’ processing of your Personal Data will involve a transfer of your Personal Data outside of Europe where privacy laws may not be as protective as those in your state, province, or country. Where we share your personal information with third parties who are based outside Europe, we will take steps to transfer your personal information in accordance with applicable European Privacy Laws.
    • You can obtain further information or a copy of or access safeguards under which your European Privacy Laws is transferred outside Europe by contacting us at [email protected].
[Effective: 03/25/2024]

GDPR Customer Statement

Introduction
The European Union (E.U.) has introduced the General Data Protection Regulation 2016/679 (“GDPR”), which is a new privacy regulation containing security and privacy requirements to fully protect data belonging to E.U. based individuals. GDPR was adopted by the European Parliament in April 2016 and goes into effect on May 25, 2018. GDPR is applicable for companies based in and out of the E.U. where data collection and personal data handling from EU-based individuals is in play.  Any information which can be used on its own or with other information to locate, contact or identify a single person such as names, identification numbers, online identifiers, location data, or any other factors specific to the individual’s genetic, physical, mental, physiological, cultural, economic, or social identity is considered to be Personally Identifiable Information (PII). In order to be in compliance with GDPR, any company handling or collecting PII. I pertaining to EU-based individuals needs to ensure their data management protocol adheres to all requirements detailed within GDPR.
GDPR requirements
Included in the requirements for GDPR are cross-border data flow mechanisms, technical/operational security measures, notice & consent, accountability and data minimization. Specifically:
  • Security audits: Records of security practices must be maintained by companies and regular audits to assess the effectiveness of the established security program must occur. If any breaches are identified, corrective measures must be taken immediately.
  • Data security: It is mandatory that companies put in place strict controls, including physical, technical and administrative. In accordance with GDPR requirements, incident management, data integrity, confidentiality, encryption, availability and resilience are required as part of the security program for any company handling EU-based data. Implemented controls must serve to prevent information leaks, data loss and unauthorized data access.
  • Data breach notification: Companies must immediately notify regulators, clients, and any and all impacted individuals once they become aware of a data breach which could potentially impact data controlled or processed by the Company.
BIG Language Solutions commitment
For over a year, BIG Language Solutions has been re-addressing security at all levels to account for broad changes. The Company has carefully assessed all relevant GDPR details and has ensured they have been appropriately matched with the Company’s privacy roadmap and security policies and controls. The Company has decided to offer the same level of compliance for any user, regardless of their nationality or place of residence, in anticipation of GDPR spreading globally. BIG Language Solutions’ technology and service offerings have pre-established privacy and security features already in place, putting our customers in control. BIG Language Solutions’ commitment is to help customers, regardless of location or nationality, maintain stringent controls and accountability for all online and offline offerings through which a customer’s data may be attainable. BIG Language Solutions’s Cloud-based offering relies on industry-leading partners and data providers, each with S.O.C. 2 reports that are re-issued on an annual basis. Data protection is managed throughout the entire data lifecycle, and our commitment is to continuously improve on data handling throughout our existence as a service provider. As needed, please contact your BIG Language Solutions representative for further clarification. Disclaimer: This document is not to be used as legal advice about any law or regulation. To understand the GDPR, customers must seek their own legal counsel.

Terms & Conditions

Last Modified: 03/25/2024
Acceptance of the Terms & Conditions
These Terms and Conditions (this “Agreement”) is a legal agreement between you or an entity that you are representing (“you,” “your”) and Big Language Solutions, a Delaware corporation (”BIG Language,” “we,” “our” or “us”). This Agreement governs your use of the products and services made available to you directly or indirectly by us and/or by any of our Corporate Entities (as defined below), including websites (including our website available at biglanguage.com.com (the “BIG Language Website”) and other websites made available by any of our other Corporate Entities and that are refenced from the BIG Language Website or that reference this Agreement) (all such websites, collectively, the “Website”), services and functionality providing or facilitating translation of documents or any other data, software, hardware, mobile applications, cloud-based software, systems or services, application programing interfaces (APIs), artificial intelligence (AI) features and functionality, any other technology, products, services and/or content made available by us or by any of our Corporate Entities (collectively, the “Services”). If you are accessing the Services on behalf of an entity (for example, a company, non-profit entity, university, or other business or organization), you represent to us that you have authority to bind that entity to these terms, and that entity accepts these terms, and the term “you” or “your” will apply to such entity. By using any of the Services, you agree to this Agreement and any other agreements or policies referenced within this Agreement, such as the Privacy Policy and each applicable Separate Agreement (as defined in Section 2 below). If you do not agree to this Agreement, then you are not allowed to use the Services. SECTION 11 OF THIS AGREEMENT INCLUDES A BINDING ARBITRATION CLAUSE, A WAIVER OF YOUR RIGHT TO FILE A LAWSUIT AND OF YOUR RIGHT TO A TRIAL BY JURY, AND A WAIVER OF YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION OR LITIGATE ON A CLASS-WIDE BASIS. THESE ARE IMPORTANT RIGHTS THAT YOU CHOOSE TO WAIVE WHEN YOU ENTER INTO THIS AGREEMENT. PLEASE REVIEW SECTION 11 BEFORE YOU CHOOSE TO USE ANY OF THE SERVICES.
  • Scope of this Agreement and Changes.
    • We do not intend to offer any Services to children below the age of 18, or to the extent that the Services or their use violate any applicable law or regulation. Consequently, by using the Services, you warrant and certify to us (including to each of our Corporate Entities that makes available any Services to you) that (i) your age is at least 18 years, and you are not accessing the Services or using the Services on behalf of anyone whose age is under 18 years, and (ii) you are not prohibited or restricted from accessing or using any aspect of the Services by any applicable law or regulation. If at any time you are not in full compliance with all foregoing provisions of this Section, you are in material violation of this Agreement and you must immediately cease all use of, and access to the Services.
    • We reserve the right to change this Agreement and each Separate Agreement (as defined in Section 2 below) at any time, and the changes will be effective when the revised Agreement or respectively Separate Agreement is posted by us, or when we notify you by other means consistent with this Agreement. We may also change or discontinue the Services at any time, in whole or in part. Your continued use of the Services covered by the modified Agreement or Separate Agreement indicates your agreement to the changes in the respective Agreement or Separate Agreement. Please review this Agreement and each Separate Agreement on a regular basis, and please remain informed about the evolution of our Services and of this Agreement and each Separate Agreement. 
  • Other Services and Other Agreements.
    • Our Privacy Policy (“Privacy Policy”) is available on our website and may be accessed https://biglanguage.com/privacy-policy/ . By using any of the Services, you agree to our Privacy Policy.
    • If you have entered or will enter at any time into a different agreement with us that includes an affirmative written or electronic acceptance by you and us (e.g., a Master Services Agreement, a click-through agreement that you accept as part of accessing Services through a portal made available by us, an agreement that allows you to access an Application Programing Interface (API), an agreement that allows you to download or use a software program or Software Development Kit (SDK), etc.) (each a “Dedicated Agreement”), then the Dedicated Agreement will prevail over this Agreement with respect to the Services to which such Separate Agreement applies and to the extent of any conflict with this Agreement.
    • Each legal agreement entered into by you and us (including with any of our Corporate Entities) other than this Agreement, including the Privacy Policy and any Dedicated Agreement, is denoted a “Separate Agreement.”
    • For purposes of this Agreement, our “Corporate Entities” means each company in which BIG Language has any direct or indirect ownership interest (a “Subsidiary”), any company that has any direct or indirect ownership interest in BIG Language (“Parent”), and any other company other than BIG Language in which any Subsidiary or Parent has any direct or indirect ownership interest. For clarification, “indirect ownership” excludes ownership of publicly-traded securities of a publicly-traded entity where such ownership does not exceed 5% of the total publicly-traded securities of such entity (a “Publicly Traded Equity Position”).
  • Your License to Use the Services.
    • The Services are protected by various intellectual property rights, including possibly copyrights, patents and trade secrets. Subject to your full compliance with this Agreement, we grant you a limited, nonexclusive, nontransferable and non-assignable license, without the right to sublicense, during the term of this Agreement, and you accept such license, to use the Services solely in the form provided by us, and in accordance with any documentation or instructions made available by us and applicable to the respective Services, for as long as you continue to have access to such Services under this Agreement.
    • Except as expressly provided in Section 3(a) above, we do not grant you any other license or right, whether by implication, estoppel or otherwise, and we reserve all other rights.
  • Your Data.
    • As part of using the Services, you may have the opportunity to use the Services to transmit, store or otherwise process content or data that you or parties affiliated with you provide (“Your Data”). Your Data also includes any content or data that you and/or any other party affiliated with you upload to, store within, transmit through, process through, or otherwise make available to us.
    • You are responsible for Your Data and for your activities in connection with Your Data, including in connection with uploading, posting, storing, transmitting, processing, downloading, retrieving, or otherwise processing Your Data through or in connection with the Services.
    • Except to the extent that we expressly notify you in writing that our Services are compliant with specific laws, regulations or standards, and except with respect to laws and regulations with which our Services must inherently comply in the form made available to you under this Agreement, the Services are not designed, rated, validated, audited, approved or otherwise intended to comply with any other law, regulation or standard (“Excluded Regulations”). You will not use the Services to upload, post, store, transmit, process, download, retrieve, transmit or otherwise process any of Your Data that requires compliance with, or is otherwise subject to any such Excluded Regulation. You must ensure that Your Data is not subject to, and does not require the Services to be compliant with any Excluded Regulations. To the extent that you and us have entered into a Separate Agreement under which we assume any obligations with respect to any Excluded Regulations, such Separate Agreement will govern those obligations.
    • You will retain ownership of Your Data, or to the extent that you do not own specific portions of Your Data, you will retain your rights to such portions of Your Data. Notwithstanding the foregoing, you grant to us a license: (i) during the term of this Agreement, to provide to you the Services; (ii) during and after the term of this Agreement, to use Your Data in accordance with the Privacy Policy and to otherwise operate, improve, expand and otherwise modify our Services (e.g., to create directories or databases, facilitate business transactions between you and other customers of ours, organize content, make available information about you to other customers of ours in ways consistent with how we make available information about other customers of ours to you, etc.), and (iii) during and after the term of this Agreement, to anonymize Your Data in accordance with applicable laws and regulations and to use Your Data in anonymized form (e.g., after we delete your personally identifiable information (PII), we may retain and continue to use Your Data in anonymized form) to improve, expand and otherwise modify our Services. The license that you are granting us in the foregoing clauses of this Section is nonexclusive, worldwide, perpetual and irrevocable. Further, you warrant to us that by processing Your Data through the Services or otherwise making available to us Your Data in connection with the Services, you have the right, and you have obtained the right from any third parties that may have rights to any of Your Data, to grant to us the license granted in the foregoing clauses of this Section. Notwithstanding the foregoing, please be assured that we will comply with any laws and regulations applicable while exercising the license granted to us in the foregoing clauses of this Section, including obligations under applicable privacy laws to safeguard your PII, limit use of your PII to the scope of the rights that you grant to us, and delete PII upon your request (in which case we may retain and continue to use Your Data in anonymized format as specified above). Further information about how we use Your Data is available in the Privacy Policy.
    • Please review now, and you must continue to review on an ongoing basis our Privacy Policy. You agree to the Privacy Policy, and to any changes to the Privacy Policy that we may publish from time to time.
    • You agree that we may use and maintain Your Data and anonymized versions of Your Data according to the Privacy Policy, as part of the Services. You give us permission to combine Your Data, anonymized versions of Your Data, and other data that we collect about you with data of other users of the Services and/or other services that we operate. For example, this means that we may use Your Data, anonymized versions of Your Data, other data that we collect about you, and other users’ PII or non-identifiable and aggregated data to improve the Services or to design promotions and provide ways for you to compare business practices with other users. You give us permission to share or publish summary results relating to research data that may involve you and to distribute or license such data to third parties.
    • Your access to the Services may be granted through a pass-through or shared login process, under which you use your login credentials for a platform operated by another party and we grant you access to the Services through those credentials. For example, we may make available to you an integration with a platform operated by a third party (e.g., Google, Facebook, etc.), and by using your login credentials from such platform, you may be logged into some aspect of the Services (e.g., through an OAuth or similar process). Since in this situation the login credentials are processed by a third party and data is transmitted between a third party and our Services, you understand that your login credentials may be compromised, stolen, misappropriated or otherwise corrupted, either on the third party’s platform, in transit, or within the Services. You consequently assume all responsibility and risk in connection with such pass-through login processes and the use of your login credentials from other platforms, including the risks that (i) access to the Services using credentials from another platform may not work or may not be reliable, (ii) your login credentials from the other platform may be compromised, stolen or lost, and therefore your account for the Services, and/or your account for the services on the other platform, may be compromised or misappropriated and your data (both on the Services and on the other platform) may be corrupted, lost or stolen.
  • Limitations
    • You will:
      • Provide accurate and complete information to us in connection with the Services, and you will keep it updated;
      • Use your real name and contact information in your communications with us, in your profile, and in communications through the Services. Unless we direct you otherwise, it is acceptable for you to use a nickname as long as your real name remains clearly accessible to us and to other users who interact with you through the Services, or who view your profile through the Services. If you are an entity, you will ensure that your employees and other users authorized by us to access the Services on your behalf also use their real names and contact information in communications with us, in their profiles, and in communications through the Services;
      • Use the Services in a professional manner;
      • Comply with all laws and regulations applicable to you and Your Data in connection with this Agreement and with the Services. You will not use or access, and you will not directly or indirectly permit any other party to use or access the Services in a manner that violates any applicable law, regulation or this Agreement.
      • Archive Your Data frequently. Unless we have entered into any Separate Agreement under which we assume responsibility for maintaining and storing Your Data, you are responsible for any of Your Data that is lost or unrecoverable.
      • Obtain all rights and consents from any third parties that may have rights to any of Your Data, to the extent that such third party rights and consents are needed (1) for you to upload Your Data to the Services, store Your Data in the Services, or otherwise process Your Data through or in connection the Services, and/or (2) for you to grant to us the licenses and other rights that you are granting to us with respect to Your Data under this Agreement (including the Privacy Policy).
      • Evaluate, confirm and validate any data that you find, retrieve or process using the Services or within our websites, including information about other entities, information submitted by other users, reviews of products or services, reviews of entities, and any other information that you obtain in connection with the Services.
      • Maintaining the Services updated can help with compatibility, security and functionality. We may update the Services from time to time with tools, utilities, improvements, third party applications, or other general updates or upgrades. To the extent that any updates or upgrades provided by us to any aspect of the Services require your approval or consent, you will accept and consent to such updates and upgrades, and you will apply the updates and upgrades as specified by us.
      • Communicate with us and with our representatives in a professional manner, and without using any language or engaging in any conduct that is illegal, fraudulent, defamatory, obscene, pornographic, profane, threatening, abusive, hateful, harassing, offensive, or otherwise inappropriate or objectionable.
    • Additionally, you will not:
      • Create a false identity on the Services, misrepresent your identity, create a profile for anyone other than you, or use or attempt to use another account.
      • Develop, support or use software, devices, scripts, robots, or any other means or processes (including crawlers, organized teams of humans, browser plugins and add-ons, or any other technology) to scrape the Services or otherwise copy profiles and other data from the Services, except to the extent that such prohibition is not permitted under applicable laws.
      • Override any security feature or bypass or circumvent any access controls or use limits of the Service (such as caps on keyword searches, API access limitations, or limits on profile views).
      • Copy, use, disclose or distribute the Services in whole or in part, or any information obtained from the Services, whether directly or through third parties (such as search engines), without our consent. Disclose information that you do not have the consent to disclose (such as confidential information of others (including of your employer if you are an individual)).
      • Violate the intellectual property rights of others, including copyrights, patents, trademarks, trade secrets, or other proprietary rights. For example, you must not copy or distribute (except through the available Services sharing functionality) the posts or other content of others without their permission.
      • Violate our intellectual property rights or any of our other rights, including, without limitation, (i) copying or distributing our technology, software, data, documentation, learning videos or other materials, except to the extent that we expressly authorize you to do so in writing, or (ii) using our trademarks, logos or brands in any business name, email, or URL, except to the extent that we expressly authorize you to do so in writing.
      • Introduce into the Services or otherwise expose the Services to any software viruses, worms, or any other malicious or harmful code.
      • Reverse engineer, decompile, disassemble, decipher or otherwise attempt to derive the source code for the Services or any related technology that is not open source.
      • Imply or state that you are affiliated with or endorsed by us without our express consent.
      • Rent, lease, loan, trade, sell, resell, sublicense, copy, replicate, or otherwise monetize any aspect of the Services or any data made available through the Services (other than Your Data) without our consent.
      • Deep-link to our Services for any purpose other than to promote your profile on our Services, without our consent.
      • Use bots or other automated methods to access the Services, add or download contacts, send or redirect messages.
      • Monitor or evaluate the availability, performance or functionality of the Services for any competitive purpose, or perform or assist any other party to perform any benchmarking on the Services.
      • Engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of the Services.
      • Overlay or otherwise modify the Services or their appearance (such as by inserting elements into the Services or removing, covering, or obscuring an advertisement included on the Services).
      • Interfere with the operation of, or place an unreasonable load on, the Services (e.g., spam, denial of service attack, viruses, gaming algorithms).
      • Violate any Separate Agreements in which you may enter in connection with the Services.
      • Upload to the Services or otherwise process through the Services any illegal, fraudulent, defamatory, obscene, pornographic, profane, threatening, abusive, hateful, harassing, offensive, inappropriate or objectionable information or communications of any kind, including without limitation conduct that would encourage “flaming” others, or criminal or civil liability under any local, state, federal or foreign law.
      • Impersonate someone else or falsely represent your identity or qualifications, or violate any other party’s privacy or other rights.
      • Offer or otherwise facilitate through the Services any investment opportunities, solicitations, chain letters, pyramid schemes, other unsolicited commercial communication or engage in spamming or flooding.
      • Upload or otherwise process through the Services any information, software or content which is not legally yours and without permission from the owner of the respective intellectual property rights.
      • Provide access to the Services to any other party, or otherwise enable any other party to access any aspect of the Services.
      • Make the Services available on any file-sharing or application hosting service.
      • Process any content (including Your Data) through the Services, in ways that are illegal or not expressly approved by us.
      • Process any content (including Your Data) through the Services, to do any of the following: (1) negatively impact the performance of the Services or of the technology and resources that we use to deliver the Services, (2) consume a disproportionate amount of computational power, data storage or data communication volume (e.g., you may not mine a cryptocurrency or otherwise utilize large computational power from the Services without our express and specific approval in writing), or (3) make a disproportionate number of calls to any particular API.
      • Hack any aspect of the Services, or otherwise seek to obtain access to any aspect of the Services that you have not been expressly authorized by us to access.
      • Process any content (including Your Data) through the Services to hack any other technology, system, software, device or service, or to otherwise seek to obtain access to any other technology, system, software, device or service that you have not been expressly authorized to access. and/or
      • Post links to third-party websites or services through the Services, unless such links are reasonably relevant to content that you are expressly allowed to process through the Services and you are posting them in good faith. For example, you must not post links to third party website if your intent is reasonably calculated to generate Search Engine Optimization (SEO) value for that other website and to drive traffic to that website, but you may post such links if you are referencing in good faith a third party publication reasonably relevant to content (e.g., a permissible review) that is properly posted within the Services. We reserve the right to edit or remove any content, and to edit, remove or redirect any link posted by you or any other user within the Services.
  • Payment.
    • Fees for the Services will either be posted on through the Services (e.g., on our Website), or we may notify you separately regarding the fees applicable to our Services. If you have any question about the specific fees applicable to the Services, please contact us.
    • For any subscription or other payment obligations that you incur with respect to Services that are covered by a Separate Agreement, you will make payments as provided in the respective Separate Agreement.
    • For any subscription or other payment obligations that you incur with respect to Services that are not covered by a Separate Agreement, the following apply, unless we notify you otherwise in writing:
      • Unless otherwise specified as part of your Services or in connection with the fees that you owe for the Services, you will make all payments for Services in U.S. Dollars.
      • If we issue any invoice to you for any fees that you owe in connection with the Services, you will pay the respective fees within thirty (30) days after the date when you receive our invoice.
      • If you subscribe to any of our Services, unless otherwise provided in your subscription process with respect to the respective Services, your account will be debited when you subscribe and provide your payment information, and then on an ongoing basis on a regular basis in accordance to your subscription (e.g., monthly, quarterly, annually, etc.).
      • We will issue ongoing notifications to you regarding your subscription payments and renewal process in accordance with the specific terms of your subscription and all applicable laws and regulations.
      • Unless otherwise specified in the terms and conditions of your subscription, your subscription will renew automatically for consecutive renewal terms as follows: (1) if you signed up for a specific initial subscription term, your renewal term will be equal to the initial subscription term, and renewal will occur automatically for each such renewal term; (2) if no specific initial subscription term was specified as part of the subscription process, the renewal will occur on a calendar month basis (i.e., your subscription Services will renew automatically for each subsequent calendar month). To prevent renewal of your subscription Services, you must cancel your subscription at least thirty (30) days prior to the date of your upcoming renewal by providing to us written cancellation notice through the cancellation process specified in connection with your subscription process, or if no such cancellation process was specified, by contacting us as specified in this Agreement.
      • You must pay with one of the following:
        • A valid credit card or debit card acceptable to us;
        • Sufficient funds in a checking or savings account to cover an electronic debit of the payment due;
        • A check (if you plan to pay by check, you must obtain our prior confirmation that we can accept the check from that particular bank); or
        • Using another payment option that we approve in writing (e.g., a form of payment that we identify and approve on our website or through a direct communication with you).
        • If your payment and registration information is not accurate, current, and complete and you do not notify us promptly when such information changes, we may suspend or terminate your account and refuse to allow you access to the Services.
        • If you do not notify us of updates to your payment method (e.g., credit card expiration date), to avoid interruption of your service, we may participate in programs supported by your card provider (e.g., account updater services, recurring billing programs, etc.) to try to update your payment information, and you authorize us to continue billing your account with the updated information that we obtain to the extent that you have remaining payment obligations under an agreement then in effect between you and us.
        • To process payment transactions for you in connection with the Services, you acknowledge and agree that we will share Your Data that is relevant to such payment transactions with third parties that help us conduct those transactions, including payment processors (e.g., Stripe), banks and other parties involved in conducting those transactions. You agree that such third parties will process Your Data that we share with them in accordance with their respective privacy policies.
  • Access through Mobile Devices.
    • Use of the Services may be available through a compatible mobile device and may require cellular network coverage. For example, a mobile App may require a mobile phone with certain characteristics to operate properly. You agree that you are solely responsible for these requirements, including any applicable changes, updates and fees as well as the terms of your agreement with your mobile device and telecommunications provider.
    • We make no warranties or representations of any kind, express, statutory or implied as to:
      • the availability of telecommunication services from your or any other telecommunications services provider and access by you or any other user to the Services at any time or from any location;
      • any loss, damage, or other security intrusion of the telecommunication Services;
      • compatibility between our Services and your mobile device; and/or any disclosure of information to third parties or failure to transmit any data, communications or settings connected with the Services.
  • Additional Terms.
    • You give us the right to freely use any feedback that you provide about the Services and the content processed through the Services. You agree that we may use your feedback, suggestions, or ideas in any way, including in future modifications of the Services, other products or services, advertising or marketing materials. You grant us a nonexclusive, worldwide, transferable and assignable, sublicensable, irrevocable and perpetual, fully paid-up, royalty free license to use in any way the feedback you provide to us.
    • We may monitor Your Data. We may, but have no obligation to, monitor content on the Services. We may disclose any information, including Your Data, as reasonably helpful or necessary to satisfy our legal obligations, respond to or otherwise address any requests from courts and other governmental or legal authorities, protect us or our customers, or operate the Services. We, in our sole discretion, may refuse to publicly post, remove, or refuse to remove, any of Your Data or other content, in whole or in part, alleged to be unacceptable, undesirable, inappropriate, or in violation of this Agreement.
    • We do not give professional advice. Unless specifically included with the Services, we are not in the business of providing legal, financial, accounting, tax, health care, real estate or other professional services or advice. Consult the services of a competent professional when you need this type of assistance.
    • We may tell you about other services or products provided by us or by other business affiliates of ours. You may be offered other services, products, or promotions by us or by third parties. Additional terms and conditions and fees may apply to such services, products, or promotions, and you must observe and comply with such terms, conditions and fees. With some other such services or products, you may upload or enter data from your account (e.g., names, addresses, login credentials, phone numbers, purchases, credit cards or other forms of payment, etc.) to third parties directly or via the Internet. You assume the risk that any transactions that you initiate with third parties, whether through the Services or directly with such third parties, may fail or that your data may be lost, stolen, intercepted, or misappropriated. For transactions with third parties, whether conducted through the Services or directly with such third parties, you will direct your questions and seek refunds directly to and from such third parties. Unless we agree otherwise in writing, we are not responsible for transactions that you conduct with third parties, whether through the Services or directly with such third parties.
    • We may send you communications about the Services or other services or products. You agree that we may send these communications to you via email, SMS, or by posting them on our websites.
    • You are responsible for securely managing your password(s) for the Services. If you know or suspect that anyone other than you knows any of your passwords relating to the Services, or if you become aware of any unauthorized access to any of your accounts related to the Services, you must promptly notify us.
    • You may provide us with your telephone number as part of your customer record or registration or via other methods. You understand and agree that we may use your telephone number for “multi-factor authentication” (“MFA”), to confirm your identity, and/or to help protect the security of your account. Part of the MFA identity verification process may involve us sending text messages containing security codes to your telephone number. You agree to receive these texts from us containing security codes as part of the MFA process. In addition, you agree that we may send text messages, SMS messages, pre-recorded voice messages, and other similar communications to the telephone number you provide for other limited purposes, including: providing you with important critical notices regarding your use of the Services, or fulfilling a request made by you through the Services.
    • If you opt in, or otherwise agree to allow us to send to you email, text, SMS or other similar communications for marketing or other commercial purposes nor directly related to the Services, you acknowledge and agree that we may continue to send you such communications until you opt out or otherwise revoke your consent. To opt out or revoke your consent for such communications, you will use the specific methods that we provide to you in connection with the respective communications, or you may contact us at the following address: [email protected].
    • You acknowledge that the Services are subject to restrictions under applicable United States of America (USA) export control laws, including USA trade embargoes and sanctions and security requirements, and applicable country or local laws to the extent compatible with USA laws. You agree that you will comply with these laws and regulations and will not export, re-export, import or otherwise make available products and/or technical data in connection with the Services and this Agreement in violation of these laws, directly or indirectly.
    • We hold various trademarks, and some of our trademarks may be registered in one or more jurisdictions. You are not permitted to use any of our trademarks without our express written approval.
  • Liability and Disclaimers.
    • You will indemnify and hold us and Our Affiliated Entities harmless from any and all claims, liability and expenses, including reasonable attorneys’ fees and costs, arising out of your use of the Services or breach of this Agreement (collectively referred to as “Claims”). We reserve the right, in our sole discretion and at our own expense, to assume the exclusive defense and control of any Claims. You agree to reasonably cooperate as requested by us in the defense of any Claims. “Our Affiliated Entities” means (i) our direct and indirect business affiliates, customers, licensees, users, vendors, investors and shareholders (whether now existing, prospective or future), predecessors, agents, attorneys, advisors, insurers, directors, employees, officers, and any other similar parties, (ii) each of our Corporate Entities, and (iii) any and all of the foregoing’s successors or assigns.
    • YOUR USE OF THE SERVICES, SOFTWARE, AND CONTENT IS ENTIRELY AT YOUR OWN RISK. EXCEPT AS DESCRIBED IN THIS AGREEMENT, THE SERVICES ARE PROVIDED “AS IS.” TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS, WE AND OUR AFFILIATED ENTITIES DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY THAT THE SERVICES ARE FIT FOR A PARTICULAR PURPOSE, TITLE, MERCHANTABILITY, DATA LOSS, NON-INTERFERENCE WITH OR NON-INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS, OR THE ACCURACY, RELIABILITY, QUALITY OR CONTENT IN OR LINKED TO THE SERVICES. WE AND OUR AFFILIATED ENTITIES DO NOT WARRANT THAT THE SERVICES AND DATA PROCESSED THROUGH THE SERVICES ARE SECURE, ACCURATE, FREE FROM BUGS, VIRUSES, INTERRUPTION, ERRORS, THEFT OR DESTRUCTION. IF ANY OF THESE EXCLUSIONS FOR WARRANTIES DO NOT APPLY TO YOU OR ARE VOID WITH RESPECT TO YOU UNDER ANY APPLICABLE LAWS OR REGULATIONS, THE RESPECTIVE WARRANTIES THAT CANNOT BE EXCLUDED ARE LIMITED TO THE SHORTEST PERIOD PERMITTED BY THOSE LAWS AND REGULATIONS.
    • WE AND OUR AFFILIATED ENTITIES DISCLAIM ANY REPRESENTATIONS OR WARRANTIES THAT YOUR USE OF THE SERVICES WILL SATISFY OR ENSURE COMPLIANCE WITH ANY LEGAL OBLIGATIONS OR LAWS OR REGULATIONS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OUR TOTAL AND CUMULATIVE LIABILITY OVER THE LIFE OF THIS AGREEMENT, TOGETHER WITH THE TOTAL AND CUMULATIVE LIABILITY OF OUR AFFILIATED ENTITIES OVER THE LIFE OF THIS AGREEMENT, FOR ALL CLAIMS, BREACHES AND ALL OTHER LIABILITIES ARISING OUT OF OR OTHERWISE RELATING TO THIS AGREEMENT AND THE SERVICES, TO YOU AND TO ALL OTHER PARTIES DIRECTLY OR INDIRECTLY AFFILIATED WITH YOU OR WITH THE RESPECTIVE CLAIMS SHALL BE LIMITED AT EACH POINT IN TIME TO THE NET AMOUNT THAT WE RECEIVED FROM YOU FOR THE SERVICES DURING THE TWELVE (12) MONTHS PRIOR TO SUCH POINT IN TIME. EXCEPT TO THE EXTENT THAT APPLICABLE LAWS DO NOT PERMIT THIS DISCLAIMER, WE AND OUR AFFILIATED ENTITIES ARE NOT LIABLE FOR ANY OF THE FOLLOWING: (A) INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR COVER COSTS OR REPLACEMENT COSTS; AND (B) DAMAGES RELATING TO FAILURES OF TELECOMMUNICATIONS, THE INTERNET, ELECTRONIC COMMUNICATIONS, DATA CORRUPTION, SECURITY, LOSS OR THEFT OF DATA, VIRUSES, SPYWARE, LOSS OF BUSINESS, LOSS OF REVENUE, OR LOSS OF PROFITS OR INVESTMENT.
    • THE ABOVE LIMITATIONS AND DISCLAIMERS IN SECTIONS 9(a), 9(b), 9(c) and 9(d) APPLY EVEN IF WE AND OUR AFFILIATED ENTITIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIMS, LIABILITIES, BREACHES OR DAMAGES. THIS AGREEMENT SETS FORTH OUR ENTIRE LIABILITY, AND THE ENTIRE LIABILITY OF OUR AFFILIATED ENTITIES, AND YOUR EXCLUSIVE REMEDY WITH RESPECT TO THE SERVICES AND THIS AGREEMENT.
  • Termination and Suspension.
    • We reserve the right, in our sole discretion and without notice, to restrict, deny, terminate this Agreement or suspend the Services and/or any of your accounts, effective immediately, in whole or in part, for suspicion of fraud, security, illegal activity or unauthorized access issues, to protect the integrity of our Services or systems, to comply with our policies or applicable laws and regulations, if you fail to comply with this Agreement, if you no longer agree to receive electronic communications, if you notify us of your decision to terminate this Agreement, or if you request us to close any of your accounts or delete Your Data.
    • Upon termination of this Agreement, or upon suspension or termination of your accounts, you must immediately stop using the Services and any outstanding payments will become due immediately. Any termination of this Agreement will not affect our rights to any payments due to us. We may also terminate a free or trial account at any time. Sections 1(a), 2, 3(b), 4, 5, 6 (to the extent that you owe us any payments upon expiration or termination of this Agreement), 7(b), 8, 9, 10 (b), 11, 12, and 13 will survive and remain in effect even if the Agreement is terminated or otherwise ends for any reason.
  • Disputes and Applicable Law.
    • NEW YORK STATE LAW GOVERNS THIS AGREEMENT WITHOUT REGARD TO ITS CONFLICTS OF LAWS PROVISIONS.
    • ANY DISPUTE OR CLAIM RELATING IN ANY WAY TO THE SERVICES OR THIS AGREEMENT WILL BE RESOLVED BY BINDING ARBITRATION, RATHER THAN IN COURT. The Federal Arbitration Act governs the interpretation and enforcement of this provision, and the arbitrator shall apply New York law to all other matters. Notwithstanding anything to the contrary, any party to the arbitration may at any time seek injunctions or other forms of equitable relief from any court of competent jurisdiction. WE AND YOU AGREE THAT ANY AND ALL DISPUTES MUST BE BROUGHT IN THE RESPECTIVE PARTY’S INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. BY ENTERING INTO THIS AGREEMENT AND AGREEING TO ARBITRATION, YOU AGREE THAT YOU AND US ARE EACH WAIVING THE RIGHT TO FILE A LAWSUIT AND THE RIGHT TO A TRIAL BY JURY. IN ADDITION, YOU AGREE TO WAIVE THE RIGHT TO PARTICIPATE IN A CLASS ACTION OR LITIGATE ON A CLASS-WIDE BASIS. YOU AGREE THAT YOU HAVE EXPRESSLY AND KNOWINGLY WAIVED THESE RIGHTS.
    • To begin an arbitration proceeding under this Agreement, send a letter requesting arbitration and describing your claim to us at the main address posted on our main website. Arbitration will be conducted by the American Arbitration Association (AAA) before a single AAA arbitrator under the AAA’s rules, which are available at www.adr.org. The arbitration will take place in New York, NY. Payment of all filing, administration and arbitrator fees and costs will be governed by the AAA’s rules. You will be responsible to pay all AAA fees applicable to you, and all of your legal costs incurred by you in connection with this Agreement and/or Services. Similarly, we will be responsible to pay all AAA fees applicable to us, and all of our legal costs incurred by us in connection with this Agreement and/or Services. The decision of the arbitrator shall be final and not appealable, and judgment on the arbitration award may be entered in any court having jurisdiction thereof.
    • This Section 11 will survive any expiration, termination or rescission of this Agreement.
    • You acknowledge and agree that we would not provide to you the Services on the terms and in the form offered to you under this Agreement if you had not agreed to the applicable law, arbitration and waiver of class action rights above in this Section 11.
  • Copyright Complaints and Removal Policy
    • We respect the intellectual property of others and will respond to notices of alleged copyright infringement that comply with the law. We reserve the right to delete or disable Your Data, in whole or in part, if it is alleged to violate copyright laws or this Agreement, and we reserve the right to terminate your access to any and all Services in such cases.
    • If you believe there has been a violation of your intellectual property rights, please contact our designated copyright agent by mail / email at the following address: [email protected].
  • Other Terms.
    • This Agreement and the Separate Agreements are the entire agreement between you and us with respect to your access to the Services, and replaces all prior understandings, communications and agreements, oral or written, regarding its subject matter. The foregoing does not apply, however, to the extent that we have separately entered into any Separate Agreement with you that expressly supersedes this Agreement, in which case the Separate Agreement will prevail over this Agreement with respect to the Services or other products and services to which such Separate Agreement applies.
    • If any court of law, having the jurisdiction, rules that any part of this Agreement is invalid, that section will be removed without affecting the remainder of the Agreement. The remaining terms will be valid and enforceable.
    • The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
    • You are not allowed to assign or transfer this Agreement to any other party without our written approval. We have the right to assign or transfer this Agreement at any time (including all of Your Data that we hold that that time), in whole or in part, without notice to you, to any party.

Information Security Policy (I.S.P.)

1 Introduction

According to standard definitions, an Information Security Policy is a set of rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the regulations regarding the security of data stored digitally within the boundaries where the organization stretches its authority. Attaining this goal involves setting up an Information Security Policy for the organization and ensuring its adherence. The ISP is governing the protection of information, which is an asset that the organization needs to protect. Information may be printed, written, spoken, or visually explained.

  1. The organization has a formal information protection program based on an accepted industry framework that is reviewed and updated as needed. The organization has adopted  the NIST as a framework and ISO 27001 standard  for its security posture, in addition to covering the  HITRUST and PCI/DSS  certifications. The SOC 2 Type II report is issued annually. External audit is performed annually.
  2. The adherence to these compliance artifacts are audited yearly and documented in the  05M04  Service Organization Controls, where controls from these different artifacts are mapped.
  3. Upper management along with the Information Security Steering Group (ISSG) are committed to be engaged and participate in the approval process of all policies by approving and signing such. Members of the ISSG are defined as IAW 07F18 Information Management Structure.
  4. User security roles and responsibilities are clearly defined and communicated.
  5. The organization formally addresses the purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance requirements for its human resources security protection program. 
  6. Sanctions are fairly applied to employees following violations of the information security policies once a breach is verified and includes consideration of multiple factors. The organization documents personnel involved in incidents, steps taken, and the timeline associated with those steps, steps taken for notification, the rationale for discipline, and the final outcome for each incident.
  7. Notifies the manager within  24 hours when a formal sanction process is initiated, identifying the individual sanctioned and the reason for the sanction. Further, the organization includes specific procedures for license, registration, and certification denial or revocation and other disciplinary action. In addition, a Corrective Action Request (CAR) and/or disciplinary action may be created if deemed necessary IAW 10P01 Corrective Action SOP.
  8. Record of employees involved in security incident(s) is maintained with the resulting outcome from the investigation.

 

2 Purpose

The organization has implemented the ISP with the goal of identifying, assessing, and taking steps to avoid or to mitigate risk to the organization’s information assets. Information security is achieved by implementing a suitable set of controls, including policies, organizational structures and software, and hardware functions.  

2.1 Security Objectives (ISO 27001 5.1)

The ISSG has established security  objectives to:

 
  1. Confidentiality
  2. Availability
  3. Integrity

The  security objectives are monitored and analyzed yearly and recorded IAW the 05M01 CMS. These controls are established, implemented, monitored and controlled to ensure that the specific security and business objectives of the organization are met. The same is executed in conjunction with ISO 9001 and ISO 27001 processes implemented by the organization.

  1. To implement and properly maintain a robust information security function, the organization recognizes the importance of:
  2. Understanding the information security requirements and the need to establish policies and objectives for information security;
  3. Understanding, assessing, and measuring risks posed to and by the organization’s information assets;
  4. Implementing and operating controls to manage the organization’s information security risks in the context of overall business risks;
  5. Ensuring all employees, external vendors, and consultants of the organization are aware of their responsibilities as regards assets protection and security and to understand the importance of any legal and regulatory requirements. 
  6. Monitoring and reviewing the performance and effectiveness of information security policies and controls; and
  7. Continually improving the assessments, measurements, and changes that affect risk.
  8. Developing an Information Security Policy that captures the mission of the organization.
  9. Establishing information security objectives.
  10. Conducting management reviews, as a minimum on an annual basis, to evaluate the organization’s progress.
  11. Ensuring the Information Security Management System is integrated within our processes.
  12. Ensuring the ISO reviews the expenditure and security compliance  on the infrastructure, architecture and development.
  13. Ensuring that sufficient resources are always available.
  14. Communicating the importance of effective compliance management and Information Security Management System.
  15. Ensuring that Information Security Policy achieves its intended results.
  16. Engaging, directing, and supporting our employees to help contribute to the effectiveness of the Information Security Policy
  17. Promoting improvement.
  18. Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

3 Scope

  1. This policy and all related documentation apply to the Information Security Management System (ISMS)  as it relates to the translation, localization and transcreation of content IAW 06F04 ISMS Statement of Applicability.
    It applies to the staff working from the office in Miami, Florida as well as all the remote staff, vendors, and clients that interact with the Language Vault application.
  2. The organization processes information with the help of third party providers, all of which hold their SOC 2 Type II reports and ISO 27001 Certifications. All operations are done remotely through the help of dual factor authentication (2FA) protected desktop as a service and a web application that exhibits IP protection, 2FA and custom security policies per client.
    All departments that intervene in the delivery of services are covered in this scope including but not limited to Operations, Accounting, and IT personnel.
  3. Ultimately our stakeholders, vendors, staff members and clients are all protected by the scope of the CMS.
  4. All the information assets provided by clients and delivered by vendors and staff members are covered in this scope to satisfy their information assurance needs. To that end the CMS focuses on product development, delivery of services, people, and processes that the organization can control but also that we recommend our constituents to leverage .

4 Security Policies Management

4.1 Security Policies Review 

  

  1. Upper Management assigns a group; the ISSG  to ensure the effectiveness of the information protection program through program oversight; The organization’s approach to managing information security and its implementation are regularly reviewed by the members  of the ISSG and are communicated throughout the organization.
  2. The ISO is appointed and is responsible for ensuring security processes are in place, communicated to all stakeholders, and consider and address organizational requirements.
  3. Managers are required to review and accept information security-related policies and procedures on a yearly basis. At the time of review, they must agree that these policies and procedures have been consistently applied within their area of responsibility.
  4. Annual compliance reviews are conducted.  The internal SOC audit 05M04 Service Organization Controls document is executed  IAW 09P01 Internal Audits SOP by the Compliance Officer. During this time, Policies, Procedures and Information systems are reviewed for compliance with the organization’s information security policies and standards. The organization has pursued a SOC 2 Type 2 report which is to be renewed yearly.
  5. The results of independent security program reviews are recorded and reported to upper management initiating the review; and the results are maintained for a predetermined period of 6 years. Any findings identified  from External/Internal Audit are documented appropriately IAW 10P01 Corrective Action Request SOP.

4.2 Security Program Capital Planning 

Capital planning and investment requests include the resources needed to implement the security program, employ a business case; and the organization ensures the resources are available for expenditure as planned. The Management Review Meeting captures any additional resources needed and any improvement projects IAW 09P01 Management Review SOP. 

4.3 Roles and Responsibilities 

Within the Information Security Policy, roles and responsibilities have been defined and assigned to specific individuals or groups within its organization. The Management Team, including the Information Security Officer (ISO), has established an 07F18 Security Management Structure document. Information security responsibilities are clearly defined, maintained, and communicated. These responsibilities include the security of the organization’s information assets and information technology that are accessed, processed, communicated to, or managed by external parties.

  1. Information Security Steering Group (ISSG): Responsible for information security in the organization to reduce risk exposure and ensure the organization’s activities do not introduce undue risk. The group is responsible for ensuring compliance with established security policies, processes, and initiatives, and with state and federal regulations. The ISSG is also responsible for reviewing security policies, assigning security roles, coordinating and reviewing the implementation of security across the organization. This group is also responsible for protecting assets from authorized access, disclosure, modification, destruction or interference. The following roles pertain to the ISSG:
    1. CEO: oversee on behalf of the board of directors that the security posture satisfies the needs of the business. The head of the ISSG sets the security posture across the organization and takes an active role. Is the owner of the 06F02 Risk and Opportunity Management Document and advises on actions that shall be taken regarding risks that have been identified to possibly impact existing vulnerabilities.
    2. VP of Internal Operations: oversee the operation teams and adherence to security requirements.
    3. CTO (Chief Technology Officer): Is the organization’s Senior-Level Information Security Official. Ensures the effectiveness of the information protection program through program oversight; establish and communicate the organization’s priorities for organizational mission, objectives, and activities; review and update of the organization’s security plan; ensure compliance with the security plan by the workforce; and evaluate and accept security risks on behalf of the organization. Advises the ISSG about privacy, security and compliance. The ISO develops, implements, and manages security matters. ultimately owns the organizational, physical and logical security. The ISO is responsible. 
  2. Information Asset  Owner (IAO): Responsible for creating initial information classification, approving decisions regarding controls and access privileges, performing periodic reclassification, and ensuring regular reviews for value and updates to manage changes to risk. 
  3. User: Responsible for complying with the provisions of policies and procedures.

    The table below uses the RACI (R= Responsible,  A= Accountable., C= Consulted, I= Informed) model for identifying roles and responsibilities during an organizational change process

    Area of ResponsibilityISSGISOIAOUser
    Establish the Information Security Program (ISP)ARCN/A
    Implement and Operate the ISPARCN/A
    Monitor and Review the ISPA/RRCN/A
    Maintain and Improve the ISPA/RRCN/A
    Management ResponsibilityA/RRCN/A
    Resource ManagementARIN/A
    Provision of ResourcesA/RCIN/A
    Training, Awareness and CompetenceA/RRCI
    Internal ISP AuditsA/RRCI
    Establish ControlsARCI
    Storage of Source CodeN/ARN/AN/A
    Asset Protection from unauthorized access, disclosure, modification, destruction or interference    
    Report of security event or risks A/RRRI
  4. Managers: Managers ensure employees are aware of the relevance and importance of their activities and how they contribute to the achievement of information security objectives. They also ensure that employees are aware of and comply with all information security policies and procedures of the organization relevant to their individual roles.
  5. Compliance Team: This team consists of the COO, the ISO, the Compliance Officer, and the IT members. This team ensures employees comply with established policies and procedures.
  6. IT Team: This team is responsible for the following areas related to information security:
    1. Managing related processes, such as incident and change management
    2. Providing technical expertise related to information security
    3. Implementing technical controls
    4. System administration; e.g., user creation, backups
    5. Security monitoring; e.g., network intrusions
    6. Reporting actual or potential security breaches
    7. Contributing to risk assessment where required

5 Identification and Authentication

The organization has defined the expectations and principles relating to how system setup and credential privileges should be managed. User accounts and privileges shall be managed correctly to ensure authorized user access to information systems is possible, while unauthorized access is not, including but not limited to:

  1. Authorization to manage user accounts and privileges. Requests are triggered by the HR Business Partner, and authorization may be given through line management, by the Manager and/or Director of the area in question.
  2. Management of user accounts and privileges. Specific staff members are authorized to control login accounts and permissions for systems that the IT team does not manage. The IT team may delegate specific limited responsibilities for managing accounts and permissions to staff in other departments. See 07F18 Security Management Structure for more details.
  3. The organization promotes the development and use of programs that avoid the need to run with elevated privileges and system routines to avoid the need to grant privileges to users.
  4. Users’ access rights must be adjusted in a timely manner to provide only authorized role based  and necessary access. This should take place whenever there is a change in business needs, a change in an employee’s role, or when an employee leaves the organization. Managers of the user must be notified of change/termination IAW 07P08 IT Help Desk SOP.
  5. Password management. Once access to a system or application is authorized, the user shall create their own password IAW 04M06 Password Policy.
  6.  Deletion of user access upon exiting the organization is executed IAW 07P16 Technical Termination SOP.
  7. IT staff with access to system credentials and cryptographic keys are responsible and liable for maintaining them. Keys are rotated to a minimum of once a year and are kept out of the reach of any other person and shall report any suspicious activity immediately to the ISO.
  8. Cloud provider keys for AES-256 are rotated and managed by them. In all cases (cloud providers or IT personnel) are trained to provide key generation, key distribution, key storage, key rotation and key revocation. Cloud encryption keys are managed by AWS and GCP cloud providers. IT is responsible for the generation of Portal keys which are auto-generated and rotated every 2 months with a life of only 3 months via letsencrypt. Keys used to interact with services are rotated at a minimum annually or if an IT employee leaves.
  9. A monthly audit is conducted of login access to ensure accuracy and remove access to those users who are no longer eligible or required. See 07P08 IT Service Desk SOP for more details.
  10. The organization restricts access to privileged functions and all security-relevant information.
  11. The ISO is the only authorized person to grant privileged access to IT infrastructure or source code.
  12. Shared/group and generic user IDs are not used in exceptional circumstances where there is a clear business benefit. All admins have their own unique credentials.
  13. The authorization involves approval to hire a software engineer or IT infrastructure engineer to authorize additional privileges and the record of the JIRA ticket IAW 07P08 IT Help Desk SOP

 6      Handling of External Party Requests and Support

All Customer requests for support must be submitted to [email protected] and vendor requests are to be submitted to [email protected]. Requests are categorized into three tiers:

  • Tier 1: All customer requests are considered tier 1, with  the SLA of 1 hour. Consists of 3 support staff to manage requests for this tier.
  • Tier 2: Issues or assistance requested are considered tier 2.  Our product owners are on call for these types of matters. Consists of 3 Support Staff to manage requests for this tier.
  • Tier 3: DevOps are on call to provide support for requests that can be resolved internally or that might demand the needs of service provider support. GCP and AWS have 24/7 support. Consists of 3 support staff to manage requests for this tier.

All calls received after hours are routed to customer support who are on call. Otherwise during regular business hours the number of staff supporting the service. For all tier 3 requests, a ticket will need to be created with GCP or AWS.

7 Incidents Report  and IT Requests

  1. The IT Team has established procedures to ensure a consistent and effective approach to the management of information security incidents and IT requests, including communication on security events and weaknesses. It enables the efficient and effective management of information security incidents by providing structure for the reporting and management of such incidents.
  2. Any possible information security event must be assessed, and the ISO together with the IT team shall determine if it should be classified as an information security incident.
  3. Information security incidents, complaints and IT requests can be made by employees by reporting promptly.  All reported items are responded to in a quick, effective, and orderly manner in order to reduce the negative effect of incidents, repair any damage, and mitigate future risks. Tickets are to be submitted to the IT Help Desk IAW 07P08 IT Service Desk SOP.
  4. Weekly reports shall be generated by the IT Service Desk system for all tickets labeled ‘security.’ Trends shall be analyzed to determine if any discernible patterns require further investigation.
  5. The IT team has daily meetings where, if necessary, post-mortem and trend analysis is discussed. All knowledge acquired from information security incidents shall be used to reduce the likelihood or impact of future incidents. Any serious incidents shall be recorded in the Non-Conformance log, and a CAR may be originated (IAW 10P01 Corrective Action Request SOP), if deemed necessary.

8 Change Management

 

BigLS has deployed a change management process in order to prevent unintended service disruptions and to maintain the integrity of all company services. All changes identified as causing disruption are planned and approved by management, without exception.

 
  1. Managers responsible for application systems are also responsible for the strict control (security) of the project or support environment and ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment. Project and support environments must be strictly controlled. All proposed system changes must be reviewed to ensure that they do not compromise the security of the system or the operating environment.
  2. Changes to equipment, software, and procedures are strictly and consistently managed.
  3. Fallback procedures are defined and implemented, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events.
  4. The Company deploys strong segregation of duties wherever it is economically feasible, including physical access and business processes in compliance with AICPA recommendations. It is imperative for the organization to grant its VP of Technology, who works as an Information Security Officer (ISO), access to troubleshoot any problems that might occur in the production environment, including production deployments. In addition, it is necessary for the VP of Technology to be the gatekeeper for any source code change. The organization has procedures to include detective and monitoring controls to mitigate the risk of possible misuse or unintentional modification of the organization’s assets. Segregation of duties exists with a number of restrictions, such as:
    1. Source code changes are performed only by software engineers and Bitbucket logs are accessible in Bitbucket to confirm that that is the case.
    2. Email alerts exist for critical changes performed in the source code, such as pull requests. These alerts are sent to code reviewers.
    3. No code is merged into the master branch without being approved by two senior developers (per review).
    4. The VP of Technology only merges code that has been approved by the senior developers. Proof of this is also available from the Bitbucket merged pull request listing.
    5. Code won’t be released if it does not pass static security analysis. OWASP ZAP acts as a proxy for e2e tests which reveals any new vulnerabilities present in any new release.
    6. Logical access for the whole software development lifecycle (SDLC) is segregated through a JIRA Kanban System which enforces different players for each of the following concerns: specifications, prioritization, software development, QA, and deployment. Proof is available via JIRA history in each ticket.
    7. Deployment occurs after confirmation by the Product Owners and the pulling of the ticket into the deployment-in-progress stage, which is allowed only to deployers, all of which can be confirmed from JIRA. Management (as well as all users) is made aware of any new release. There is extra evidence from Google Chat, Portal header notification functionality, and emails that communicate the release notes after each deployment.
    8. Security audit logs are read only, without exception, and record all changes in the production environment. This can be confirmed by inspecting the Stackdriver logs. Stackdriver is managed by Google and logs cannot be tampered with or deleted.
    9. Logging of all privileged actions is in place and can be confirmed from Stackdriver logs.
    10. These privileged actions result in email alerts sent to the Compliance team.
    11. Developers do not have access to production systems, which can be asserted by looking at our AWS and GCP Inventories which are sent monthly and reviewed by IT as IAO. Test and production environments are segregated in their own projects, which can be asserted by looking into the Google Cloud Console.
    12. Changes to equipment,  software, and procedure are strictly managed.
    13. The company’s strategy for changes implemented accounts for a rollback strategy which is set by default. All changes are documented starting in a JIRA ticket and applied to test environments before they are pushed into the production environment. In addition the database is backed up every six (6) hours in the case a rollback for a deployment that affected data is needed. Rollback procedures are followed IAW 07P13 Software Development Lifecycle SOP for aborting and recovering from unsuccessful changes and unforeseen events.
    14. Any Systems or system components in production that  are no longer supported, the organization executes a formal migration plan approved by management to replace the system or system components.
    15. Every month, the company audits all systems, beyond the Portal production environment, for excessive privileges in its monthly IAO audit. The results of this audit are registered in JIRA.

All requests are processed per IAW  07P08 IT Service Desk SOP. Rollback procedures are documented in case there is a need to go back to a previous status, even though change plans are  mostly related to minimal marketable features (MMF). All MMFs are tested thoroughly after a fully automated deployment in the testing environment, before authorizing the deployment into production. Layers of authorization and logging exist so that production changes are controlled and monitored. Only authorized engineers are able to perform production changes. The organization communicates to different stakeholders when the services might be adversely affected.  

 

The organization supports and manages changes to Workspace in the cloud including their operating system and applications and covers major, minor and patches.

 

The Management team meets every month to discuss any upcoming change. This meeting is  known as the Replenishment Meeting.

9 Risk Management

 
  1. The organization performs risk assessments in a consistent way and at planned intervals, or when there are major changes to the organization’s environment, and reviews the 06F02 Risk and Opportunity Document annually.
  2. Risk assessments include the evaluation of multiple factors that may impact security as well as the likelihood and impact from a loss of confidentiality, integrity and availability of information and systems.
  3. The organization uses a formal methodology with defined criteria for determining risk treatments and ensuring that corrective action plans for the security program and the associated organizational information systems are prioritized and maintained; and the remedial information security actions necessary to mitigate risk to organizational operations and assets, individuals, and other organizations are documented.
  4. The organization mitigates any harmful effect that is known to the organization of a use or disclosure of restricted information by the organization, vendors, or similar third-parties in violation of its policies and procedures.
  5. The organization has implemented an integrated control system characterized using different control types (e.g., layered, preventative, detective, corrective, and compensating) that mitigates identified risks.
  6. The risk management program includes the requirement that risk assessments be re-evaluated at least annually, or when there are significant changes in the environment.
  7. The organization formally addresses the purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance with system and information integrity requirements and facilitates the implementation of system and information integrity requirements/controls.
  8. Information system specifications for security control requirements state that security controls are to be incorporated in the information system, supplemented by manual controls as needed, and these considerations are also applied when evaluating software packages, developed or purchased.
  9. Security requirements and controls reflect the business value of the information assets involved, and the potential business damage that might result from a failure or absence of security.
  10. A formal acquisition process is followed for purchased commercial products, and supplier contracts include the identified security requirements.
  11. Where the security functionality in a proposed product does not satisfy the specified requirement, the risk introduced and associated controls are reconsidered prior to purchasing the product.
  12. Where additional functionality is supplied and causes a security risk, the functionality is disabled or mitigated through application of additional controls.
  13. The organization requires developers of information systems, components, and developers or providers of services to identify (document) early in the system development life cycle, the functions, ports, protocols, and services intended for organizational use.

Risk assessments shall identify, quantify, and prioritize threats that may become relevant to the organization. The results shall guide and determine appropriate organization action and priorities for managing information security risks and for implementing controls needed to protect information assets.

10 Related Security Policies (Public Section)

 

The organization protects its devices at all times by access controls, usage restrictions, connection requirements, encryption, virus protections, firewalls and physical protections.

10.01 04M06 Password Policy

Please see 04M06 Password Policy 

Policy may be made available upon signing a non-disclosure agreement.

10.2 04M07 Data Classification and Processing Policy

 

10.2.1 Policy

The sensitivity of applications/systems is explicitly identified and documented. The organization’s  solution to the Translation Industry is a security-first approach to the handling of any request.  The classification of the data of our infrastructure, architecture and home grown software development is carefully selected to handle the most sensitive information available.  The following information provides guidance and sets the expectation for the processing and classification of information and customer data:

  1. Information must be processed only in applications and systems where sensitive data can be protected by guaranteeing confidentiality, integrity and availability.
  2. To that end all services provided by the company are rendered from Language Vault, a Portal to vendors, clients and staff members, and Workspaces in the cloud, a windows desktop solution that guarantees no leaking of information on the end user side.
  3. The SDLC used for building Language Vault has several security layers IAW 07P13 Software Development Lifecycle Procedure.
  4. The Workspaces in the cloud are also built on top of a number of security layers IAW 07P12 Configuration Management SOP 
  5. Information must be classified according to an appropriate level of confidentiality, integrity, and availability.
  6. All resources covered by the scope of this policy must handle information appropriately and IAW its classification level.
  7. All data within any system must be assigned to a Data Owner.
  8. The Data Owner is responsible for ensuring that all data are properly classified. 
  9. Unless the risk is identified and accepted by the data owner, sensitive systems are isolated from non-sensitive systems.
 

Data Classification

 
TypeDescription
Restricted InformationHighly sensitive data that should not leave managed systems. It includes any information that is extremely sensitive in nature such as, but not limited to, Personally Identifiable Information (PII); Payment Card Industry (PCI) and Intellectual Property (IP) is classified as Restricted. Its unauthorized disclosure could seriously and adversely impact the organization, its customers, its business partners, and its external providers.
Confidential Information

Sensitive data that could leave managed systems over secure communications channels only. Its unauthorized disclosure could adversely impact the organization, its customers, its business partners, and its external provider.

An example of confidential information may include knowledge regarding systems or processes used by the company that is not considered IP, secret, or a threat to the company’s security.

 

NOTE: Any information not explicitly classified as Confidential or Restricted shall be considered as Confidential and treated as outlined in this document.

Please see 04M07 Data Classification Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.

 

10.3 04M08 Information Access Control Policy

 
  • Policy

The following information sets the rules and expectations for the security and accessing of information:

Resources (employee, external provider, and consultant) shall understand the sensitivity of their data and treat them accordingly per IAW 04M07 Data Classification Policy. Even if technical security mechanisms fail or are absent, every user should still attempt to maintain data security commensurate with its sensitivity.

  • System Access Controls

The organization shall provide resources with access to the information they need to carry out their responsibilities in as effective and efficient a manner as possible. 

  1. Restricted information can only be accessed from restricted environments. Circumventing this (e.g., by taking screenshots) is considered a violation of the established Security Policies.
  2. Access to systems and data information shall be given through the provision of unique credentials per IAW 07P08 IT Service Desk SOP and a complex password per IAW 04M06 Password Policy.
  3. Authentication is performed with user, password and 2FA over secure channels (PCoIP for workspaces and TLS 1.2 for servers). Language Vaults also require 2MFA. 
  4. Shared credentials  (individual, shared/group, system, application, guest/anonymous, emergency and temporary) are not authorized on systems. If exceptions exist, the ISO must approve the usage of them.
  5. An employee is held accountable for any activity performed under their login ID.
  6. Requests to modify or revoke access to the organizations’ internal systems shall be provided only after the written request is received and validated by the IAO IAW 07P08 IT Service Desk SOP. 
  7. The information system employs replay-resistant authentication mechanisms such as nonce, one-time passwords, or time stamps to secure network access for privileged accounts. The company deploys “replay-resistant” authentication mechanisms on the workspaces with the help of Kerberos authentication and in Portal with the help of CSRF tokens and HTTP headers .
  8. Access to Restricted information shall be limited to authorized resources whose responsibilities require it, as determined by law, contractual agreement, or the Information Security Policy.  
  9. The organization does not facilitate information sharing by enabling authorized users to determine a business partner’s.  If exceptions exist, the President must authorize the use of them after being advised by the ISO IAW 07P18 Access Control SOP.
  10. Access rights to applications and application functions are limited to the minimum necessary using menus. Language Vault uses the concept of business hub which has been subject of study by its main architect for years. In simple terms absolutely all functionality from the system can be accessed via APIs using the same RBAC that applies to regular users that access the app via the UI.
  11. Access rights from an application to other applications are controlled.
  12. The translation process takes place within the Language Vault, where all user interactions are logged. These logs are accessible from the Audit Module where the date, the action, the request payload, the IP, the user agent of the user and the response code are all logged IAW 07P19 07P19 Access Audit Logging and Monitoring SOP.
 
  • Removable Media

The organization places reasonable restrictions on removal media. The use of removable media is prohibited on all equipment owned by the organization. Exceptions are managed  IAW 07P10 Antivirus and Malware SOP and the 07P08 IT Service Desk SOP and must be approved by the ISO.  Restricted Workspaces are prohibited to use removable media, no exceptions.

Please see 04M08 Information Access Control Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.

 

10.4 04M10 Remote Access Control Policy

 

1 Policy

 
  1. Storage of restricted information and customer data on any personal device is prohibited.
  2. All remote access users are to comply with all security policies, may not perform illegal activities and may not use the access for outside business interests. 
  3. It is the responsibility of employees, external vendors, and consultants with remote access privileges to the managed resources to ensure their remote access connection is used only for the organization’s related business purposes.

2 Requirements

  1. Remote access passwords and dual authentication tokens shall only be used by the individual to whom access was granted.
  2. All users are expected to report any loss of dual authentication devices immediately to the IT department, as well as any suspicious activity reported in their account.
  3. The session time-out mechanism is set at fifteen minutes of inactivity in the WS, and closes network activity at 15 mins of inactivity. Once the user resumes activity, the user will be required to reestablish authenticated access once the session has been paused or closed.
  4. Language Vault session times out after fifteen minutes of inactivity. 
 

Please see 04M10 Remote Access Control Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.

 

10.5 04M12 Acceptance  Use Policy

1 Policy

  1. The organization formally addresses multiple safeguards before allowing the use of information systems for information exchange.
  2. Employees, external vendors, and consultants are responsible for exercising good judgment regarding appropriate use of resources per IAW 05M03 Information Security Policy and Policies.
  3. Employees, vendors are aware of the limits existing for their use of the organization’s information and assets associated with information processing facilities and resources; and they are responsible for their use of any information resource and of any use carried out under their responsibility.
  4. Automated controls are in place to authorize and restrict the use of mobile code. Internet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts, electronic mail, WWW browsing, and additional services like SFTP and cloud services like GSuite, are the property of the organization. These systems are to be used for business purposes in serving the interests of the organization and its customers in the course of normal operations.  The company does not allow the usage of browser versions that support Java, ActiveX, shockwave or flash animations as these components pose a number of threats and have been deprecated meaning there are no patches available for the engines responsible to processing this kind of media.
  5. Proprietary information stored on electronic and computing devices, whether owned or leased by the organization, the employee, or external providers, remains the sole property of the organization. 
  6. Employees and external vendors may access, use, or share the organization proprietary information only under NDA and to the extent it is authorized and necessary to fulfill their assigned job duties.
  7. Physical and logical access is only given to vendors for support purposes when necessary, with management approval, and such access is monitored. The access to vendors must be given under the premise of the need to know and monitor monthly as part of the IAO audit IAW 07P08 IT Help Desk SOP  
  8. Employees, external vendors, and consultants have a responsibility to promptly report any access error, theft, loss or unauthorized disclosure of proprietary information per IAW 07P08 IT Service Desk SOP.
  9. Employees and external vendors and consultants should not circumvent any restrictions imposed by IT on the usage of resources. 
  10. All mobile and computing devices used to connect to the organization’s owned resources shall be done per IAW 04M08 Information Access Control Policy.
  11. System level and user level passwords must comply with the 04M06 Password Policy. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
  12. All computing devices, including workspaces in the cloud and those devices used to connect to them, must be secured with a password-protected screensaver per IAW 07P03 Work Environment SOP
  13. Employees, external vendors, and consultants must use extreme caution when opening email attachments or clicking on email links. The email address of the sender (not the sender name) of each email should be known to the addressee and verified by calling the sender in case such communication was not expected.
  14. The organization will store emails for seven years. All email communications, even after being deleted by the organization’s  email holder,  are archived and can be used for said time period.  
  15. Under no circumstances is an employee, external vendor, or consultant authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing the organization’s resources. This includes, but it is not limited to:
    1. Using a computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction. 
  16. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee or external vendor is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes. 
    1. Port scanning or security scanning is expressly prohibited unless a request is made to IT per IAW 07P08 IT Service Desk SOP and approved by the ISO.
    2. Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s or vendor’s  normal job/duty. 
    3. Circumventing user authentication or security of any host, network, or account. 
    4. Introducing honeypots, honeynets, or similar technology on the network. 
    5. Interfering with or denying service to any user other than the user’s host (for example, denial of service attack). 
    6. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, by any means, locally or via the Internet/Intranet/Extranet. 
    7. Providing information about, or lists of, Company employees/external vendors/consultants  to parties outside BigLS.
  17. The organization reserves the right to audit networks and systems on a periodic basis to   ensure compliance with this policy. 
  18. Social media accounts must not be used to share any information about the company that has not been previously authorized by management and they must exercise caution when participating in chats, forums, surveys or any other means of interactions. All Employees must conduct themselves in accordance with 07F03 Employee handbook.
 

2 Software Use

  1. The organization has purchased fully licensed copies of computer software from a variety of publishers and vendors. 
  2. Operational systems only hold approved programs or executable codes.
  3. Licensed and registered copies of software programs are placed on remote workspaces in accordance with the licensing agreements and company policies. No other copies of this software or its documentation can be made without the express written consent of the software publisher and of  the organization. 
  4. The organization prohibits users from installing unauthorized software, including data and software from external networks.
  5. The organization prevents program execution in accordance with a list of authorized (whitelisted) software programs and components and strict rules about the addition of any new component which demands the authorization of the VP of Technology. 
  6. Only authorized administrators are allowed to implement approved upgrades to software, applications, and program libraries, based on business requirements and the security implications of the release.

3 Software from Other Sources

  1. The organization shall provide copies of legally acquired software to meet all legitimate needs in a timely fashion and in sufficient quantities for all remote desktops. The use of software obtained from any other source could present security and legal threats to the company, and such use is strictly prohibited. 
  2. Any software, including commercial, OEM, retail, open source, shareware, and freeware software may present a security risk. Any software can only be used if the ISO has approved it. Requests shall be submitted via ticket per IAW 07P08 IT Service Desk SOP.
  3. Messaging and/or any type of communication is disabled on the restricted WS

Please see 04M12 Acceptable Use Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.

 

10.6 04M16 Intellectual Property Policy

 
  1. Policy
  1. The organization’s intellectual property, such as information, processes, and technology are available to its employees, external vendors, and consultants to carry out their daily responsibilities. 
  2. Employees, external vendors, and consultants are prohibited from any unauthorized use of the Company’s intellectual property, such as, but not limited to,  audio and video tapes, print materials and source codes.
  3. It is the responsibility of every employee, external vendor, and consultant to help protect intellectual property. It is the responsibility of VPs, Directors and Managers to foster and maintain awareness of the importance of protecting intellectual property.
  4. While processing customer data, employees, external vendors and consultants are to use legal and ethical resources to prevent any type of data loss.

Please see 04M16 Intellectual Property Policy for additional information. Policy may be made available upon signing a non-disclosure agreement.

 
  • 10.7 07P09 Equipment Destruction Disposal SOP; Confidential

  • 10.8 07F18 Security Management Structure; Confidential 

  • 10.9 04M09 Data Encryption Policy; Confidential

  • 10.10 04M11 Firewall Policy; Confidential

  • 10.11 04M13 Disaster Recovery Policy; Confidential

  • 10.12 04M14 Software Development Lifecycle Policy; Confidential

  • 10.13    04M18 Mobile Device Policy; Confidential
  • 10. 14   04M11 Firewall Policy; Confidential
  • 10.15    04M14 Software Development Lifecycle Policy; Confidential
  • 10.16    07P10 Antivirus and Malware  SOP; Confidential
  • 10.17 07P11 Penetration and Vulnerability SOP; Confidential
  • 10.18 07P13  Software Development Lifecycle SOP; Confidential
  • 10.19 07P14 Firewall SOP; Confidential
  • 10.20 07P15 Encryption SOP; Confidential
  • 10.21 07P17 Password SOP; Confidential
  • 10.22 07P20 Third Party Service Provider SOP; Confidential
  • 10.23 07P22 Business Continuity and Disaster Recovery Procedure; Confidential
  • 10.24 07P23 Business Contingency Plan (BIA, BCP, DRP); Confidential
 

details of our selected controls and how they have been implemented and measured are considered confidential information and restricted to the organization. the following sections have been removed to make this document available to the public: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management, and compliance

Master Services Agreement

This MASTER SERVICES AGREEMENT (the “Agreement”) is entered into by and between Big Language Solutions, LLC, a Delaware limited liability company with an address at 3424 Peachtree Road NE, Suite 2060, Atlanta, GA 30326 (“Big Language”) and the entity identified in a Project (as defined below) that references this Agreement (“Customer”) (each of Big Language and Customer, a “Party”).  This Agreement is effective as of the date when the Parties entered into the first Project that references this Agreement (the “Effective Date”).  The Parties agree as follows:

1.  PROFESSIONAL SERVICES.
1.1 Professional Services.  The Parties anticipate that Customer may desire to engage Provider to perform certain services which may include by way of example patent translation services.  For purposes of this Agreement, “Provider” means Big Language, an Affiliate of Big Language, or any combination of the foregoing, as designated by Big Language on a case-by-case basis for purposes of this Agreement, depending on the nature of the services requested by Customer and on other relevant criteria.  Big Language will ensure that each Provider performs its obligations under this Agreement.  Subject to the terms and conditions set forth in this Agreement, Provider will perform the services as set forth in Projects (as defined below) separately executed by the Parties (the “Professional Services”).   “Affiliate” of a party means any company or entity that directly or indirectly controls, is controlled by, or is under common control with that party. The term “control” (including the terms “controlled by” and “under common control with”) means the possession, directly or indirectly, of power to direct or affect the direction of the management and policies of such party.

1.2 Projects.  Customer and any Provider may enter into one or more Projects from time to time.  All Projects entered into by Customer and any Provider will be subject to this Agreement, and will be considered a part of this Agreement.  A “Project” means any work order, statement of work, quotation, email exchange, or similar arrangement that is approved by authorized representatives of both Customer and of a Provider, or any other written instructions or communications between Customer and a Provider that are accepted via email by authorized representatives of both Customer and the Provider.  Each Project will describe the Professional Services to be provided by Provider to Customer, and the fees, costs and expenses to be paid by the Customer to Provider, and will become effective upon execution or written approval by authorized representatives of both Parties (email acceptable).  Projects may only be modified with the written approval of authorized representatives of both Customer and the respective Provider.  To ensure fairness and lack of surprises for both Customer and each Provider, any instruction or request made by Customer in a Project that (a) describes turn-around times, deadlines or services that are shorter or otherwise inconsistent with those specified or normally made available by the respective Provider, or (b) is shorter or otherwise inconsistent with the past engagement pattern between Customer and the respective Provider, will not be considered accepted by either Customer or Provider unless specifically acknowledged and approved by authorized representatives of both Customer and Provider with a specific written acknowledgement (email acceptable) that reasonably acknowledges the unusual nature of such instruction or request and reasonably confirms that both Customer and Provider are aware of the respective departure from the normal operating process.  Once the first Project is entered into by the Parties and references this Agreement, this Agreement becomes effective, and all subsequent Projects between Customer and any Provider that do not reference either this Agreement or any other agreement entered into by the Parties will be subject to this Agreement.

2.  RESPONSIBILITIES.
2.1 Suitability.  Provider, through means of its project management system, will assign employees and subcontractors with qualifications suitable for the work described in the relevant Project.  Provider may replace or change employees and subcontractors in its sole discretion with other suitably qualified employees or subcontractors. Provider will exercise reasonable skill, care and diligence in carrying out the Professional Services.
2.2 Performance.  Provider will use commercially reasonable efforts to provide the Professional Services within time frames estimated in writing by Provider in the Project, or if no such written estimate is given by Provider, Provider will perform in accordance with its usual parameters for “standard turnaround”, subject to mitigating circumstances existing from time to time.  Customer acknowledges that Provider will not be liable for any failure or delay by Customer to provide any Source Materials (as defined below), or any errors or omissions in the Source Materials.
2.3 Customer Responsibilities for Source Materials.  Customer will make available in a timely manner, at no charge to Provider, all the documentation, reference material, and other information requested by Customer for translation, as identified in an applicable Project, or as otherwise required in connection with the Professional Services (collectively, the “Source Materials”).  Customer will be responsible for, and assumes the risk of, any problems resulting from, the content, accuracy, completeness and consistency of all such Source Materials.  Customer will ensure that all Source Materials:
(a) are of a sufficient quality and integrity to enable Provider to provide the Professional Services;
(b) do not infringe any third party’s copyright or other intellectual property rights;
(c) are not defamatory or otherwise libelous; and
(d) do not violate any applicable laws or regulations.
Customer grants to Big Language a non-exclusive, royalty-free, worldwide, fully-paid right and license during the Term (as defined below), with the right to sublicense to the other Providers, to use, copy, modify, display, create derivative works of, and distribute the Source Materials for purposes of providing the Professional Services to Customer.  Customer agrees to indemnify Big Language against any loss, liability, damage, cost and expense (including reasonable attorney’s fees) incurred by Big Language and/or any Provider in connection with claims made or brought against any Provider by a third party alleging that the Source Materials, or the use thereof by Provider (i) infringe the copyright or other intellectual property rights of any person; or (ii) are defamatory or otherwise libelous.
2.4 Nonsolicitation.  Customer acknowledges and agrees that the employees and consultants of any Provider who perform the Professional Services are a valuable asset to Provider and are difficult to replace.  Accordingly, Customer agrees that during the Term of this Agreement, for a period of one (1) year after the termination or expiration of this Agreement, it will not offer employment or engagement (whether as an employee, independent contractor or consultant) to any Provider employee or consultant who performs any of the Professional Services.
3.  FEES.
3.1 Fees Payable.  In consideration for the performance of the applicable Provider’s obligations under this Agreement, Customer will pay to Big Language or to another Provider designated by Big Language, without offset or deduction all fees, expenses and other amounts specified in each Project (“Fees”).  Invoices will be issued to Customer by Big Language or by another Provider.  Unless otherwise provided in such Project all such Fees will be due and payable within thirty (30) calendar days after an invoice is issued to Customer with respect thereto.
3.2 Disputed Charges.  Customer must notify Big Language in writing of any dispute or disagreement with invoiced charges within thirty (30) days after the date of invoice.  Absent such notice, Customer will be deemed to have agreed to the charges as invoiced after the expiration of such time period.
3.3 Late Charges.  Big Language reserves the right to charge, and Customer agrees to pay, a late charge equal to five percent (5%) per year on any amount that is not the subject of a good faith dispute that is unpaid on the due date, and on any other outstanding balance.  Customer will reimburse Big Language for any costs and fees incurred by Big Language to collect unpaid Fees.
3.4 Taxes.  All amounts payable under this Agreement will exclude all applicable sales, use and other taxes and all applicable export and import fees, customs duties and similar charges.  Customer will be responsible for payment of all such taxes (other than taxes based on Big Language’s income), fees, duties and charges, and any related penalties and interest, arising from the payment of any fees hereunder, the grant of license rights hereunder, or the delivery of services.  Customer will make all payments required hereunder free and clear of, and without reduction for, any withholding taxes.  Any such taxes imposed on any payments made by Customer hereunder will be Customer’s sole responsibility, and Customer will, upon Big Language’s request, provide Big Language with official receipts issued by the appropriate taxing authority, or such other evidence as Big Language may reasonably request, to establish that such taxes have been paid.
4.  CONFIDENTIALITY.
4.1 Ownership of Confidential Information.  The Parties acknowledge that during the performance of this Agreement, each Party will have access to certain of the other Party’s Confidential Information or Confidential Information of third parties that the disclosing Party is required to maintain as confidential.  For purposes of this Agreement “Confidential Information” means any material or information relating to a Party’s research, development, products, product plans, services, Customers, Customer lists, markets, software, developments, inventions, processes, formulas, technologies, designs, drawings, marketing, finances, or other business information or trade secrets that such disclosing Party treats as proprietary or confidential.  Without limiting the foregoing, the software and any databases (including any data models, structures, and non-Customer specific data contained therein) of each Provider will constitute Confidential Information of that Provider.  Customer will own all information included in Customer’s documents and other materials submitted to any Provider under this Agreement, including any personal data and other regulated that may be included in such documents and materials (such information is collectively the “Customer Data”).  Customer will comply with all applicable laws and regulations in the course of collecting, storing, using and making available to any Provider the Customer Data.  Customer grants to Big Language a nonexclusive license, with the right to sublicense to the other Providers and to other Big Language affiliates, to (a) use the Customer Data in connection with each Provider’s business, including to provide to Customer the Professional Services, and (b) to process the Customer Data to generate aggregated and anonymized data (including statistical data) that does not uniquely identify individuals or entities (“Anonymized Data”), and to use the Anonymized Data in the course of each Provider’s business.  Both Parties agree that all items of Confidential Information are proprietary to the disclosing Party or such third party, as applicable, and will remain the sole property of the disclosing Party or such third party.
4.2 Mutual Confidentiality Obligations.  Each Party agrees as follows:  (i) to use the Confidential Information only for the purposes described herein; (ii) that such Party will not reproduce the Confidential Information and will hold in confidence and protect the Confidential Information from dissemination to, and use by, any third party; (iii) that neither Party will create any derivative work from Confidential Information disclosed to such Party by the other Party; (iv) to restrict access to the Confidential Information to such of its personnel, agents, and/or consultants, if any, who have a need to have access and who have been advised of and have agreed in writing to treat such information in accordance with the terms of this Agreement; and (v) to return or destroy all Confidential Information of the other Party in its possession upon termination or expiration of this Agreement.
4.3 Confidentiality Exceptions.  Notwithstanding the foregoing, the provisions of Sections 4.1 and 4.2 will not apply to Confidential Information that (i) is publicly available or in the public domain at the time disclosed; (ii) is or becomes publicly available or enters the public domain through no fault of the recipient; (iii) is rightfully communicated to the recipient by persons not bound by confidentiality obligations with respect thereto; (iv) is already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (v) is independently developed by the recipient; or (vi) is approved for release or disclosure by the disclosing Party without restriction.  Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (x) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order will first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (y) to establish a Party’s rights under this Agreement, including to make such court filings as it may be required to do.
5. WARRANTIES AND LIMITATIONS.
5.1 Warranties.  Big Language warrants to Customer that, for a period of ninety (90) days after final delivery thereof, all Professional Services performed and deliverables provided will conform in all material respects with any written specifications set forth in the applicable Project.  Upon written notice of any material non-conformity with such specifications provided to Big Language within such ninety (90) day period, Big Language will have a period of thirty (30) days, or such longer period as may be reasonably necessary, to correct such non-conformity.  Correction of the non-conforming Professional Services and/or deliverables will be Customer’s sole and exclusive remedy, and all Providers’ sole liability, for any failure of the Professional Services and/or deliverables to comply with the foregoing warranty.  The foregoing warranty will be void and of no force or effect if any modification, alteration or addition has been made to the Professional Services and/or deliverables by anyone other than Big Language.
5.2 Disclaimer.  EXCEPT AS EXPRESSLY PROVIDED FOR IN SECTION 5.1, THE PROFESSIONAL SERVICES AND ANY OTHER INFORMATION, DELIVERABLES, MATERIALS, TECHNOLOGY OR SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS” AND “WITH ALL FAULTS,” AND EACH PROVIDER EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND OR NATURE, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY OF DATA, OR QUALITY, AS WELL AS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.  NO WARRANTY IS MADE BY ANY PROVIDER ON THE BASIS OF TRADE USAGE, COURSE OF DEALING OR COURSE OF TRADE.  NO PROVIDER WARRANTS THAT THE PROFESSIONAL SERVICES OR ANY OTHER INFORMATION, DELIVERABLES, MATERIALS, TECHNOLOGY OR SERVICES PROVIDED UNDER THIS AGREEMENT WILL MEET CUSTOMER’S REQUIREMENTS OR BE ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED.  IN RELATION TO PROFESSIONAL SERVICES WHICH COMPRISE TRANSLATION WORK, CUSTOMER ACKNOWLEDGES AND AGREES THAT:
(A) A TRANSLATION MAY READ DIFFERENTLY FROM GOOD ORIGINAL WRITING;
(B) NO PROVIDER WILL BE UNDER ANY OBLIGATION TO INDICATE OR CORRECT ERRORS OR OMISSIONS IN THE SOURCE MATERIAL;
(C) WHERE CUSTOMER HAS SPECIFIED A PARTICULAR USE FOR A TRANSLATION IN A PROJECT OR OTHER COMMUNICATION WITH ANY PROVIDER, THE TRANSLATION MAY NOT BE SUITABLE OR APPROPRIATE FOR A PURPOSE OTHER THAN THAT ORIGINALLY SPECIFIED;
(D) IF THE CUSTOMER PROPOSES TO USE A TRANSLATION FOR A PURPOSE OTHER THAN THAT SPECIFIED IN WORK, THEN CHANGES MAY NEED TO BE MADE TO THE TRANSLATION FOR WHICH BIG LANGUAGE MAY CHARGE ADDITIONAL FEES; AND
(E) UNLESS OTHERWISE AGREED IN WRITING, TRANSLATION WORK MAY BE DELIVERED TO THE CUSTOMER BY EMAIL AT THE CUSTOMER’S SOLE RISK.
CUSTOMER ACKNOWLEDGES THAT THE PROVIDERS’ OBLIGATIONS UNDER THIS AGREEMENT ARE FOR THE BENEFIT OF CUSTOMER ONLY.
5.3 Limitations.  IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT (INCLUDING ANY PROJECT, BUSINESS ASSOCIATE AGREEMENT, THE SERVICES, OR ANY OTHER RELATED AGREEMENT OR ATTACHMENT ENTERED INTO BY THE PARTIES), UNDER ANY THEORY (INCLUDING CONTRACT, TORT, INDEMNIFICATION, OR STRICT LIABILITY), FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, REPLACEMENT COSTS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF ANY PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.  EXCEPT FOR A BREACH OF SECTION 4, THE CUMULATIVE LIABILITY OF ALL PROVIDERS TO CUSTOMER AND TO ALL OTHER PARTIES FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT (INCLUDING ANY PROJECT, BUSINESS ASSOCIATE AGREEMENT, THE SERVICES, OR ANY OTHER RELATED AGREEMENT OR ATTACHMENT ENTERED INTO BY THE PARTIES), UNDER ANY THEORY (INCLUDING CONTRACT, TORT, INDEMNIFICATION, OR STRICT LIABILITY), WILL NOT EXCEED THE TOTAL AMOUNT OF ALL FEES THEN-PAID TO CUSTOMER UNDER SECTION 3.1 FOR THE SPECIFIC PROFESSIONAL SERVICES GIVING RISE TO SUCH LIABILITY.  THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
5.4 Essential Basis.  The disclaimers, exclusions and limitations of liability set forth in this Agreement form an essential basis of the bargain between the Parties, and, absent any of such disclaimers, exclusions or limitations of liability, the provisions of this Agreement, including, without limitation, the economic terms, would be substantially different.
6.  PROPRIETARY RIGHTS.  Customer will retain ownership of all Source Materials and any deliverable that embodies its Confidential Information to the extent that it embodies Customer’s Confidential Information.  Each Provider will retain ownership of all software, hardware, technology, services, data, and databases (including any data models, structures, and non-Customer specific data contained therein) of such Provider.
7.  TERM; TERMINATION.
7.1 Term.  This Agreement will commence on the Effective Date and will remain in effect for a period of two (2) years unless terminated in accordance with this Section 7 (the “Term”).  Unless otherwise stated in the applicable Project, or the Agreement or such Projects are terminated pursuant in accordance with this Section 7, the term of each Project will last until performance thereunder is completed.
7.2 Termination for Breach.  Either Party may, at its option, terminate this Agreement in the event of a material breach by the other Party.  Such termination may be effected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based.  The breaching Party will have a right to cure such breach or breaches within thirty (30) days of receipt of such notice, and this Agreement will terminate in the event that such cure is not made within such thirty (30)-day period.  Without limiting the foregoing, Big Language may immediately terminate this Agreement upon written notice in the event that Customer becomes insolvent or enters bankruptcy during the Term.
7.3 Termination of Individual Projects.  Either Party may, at its sole option and for its own convenience, terminate this Agreement and/or any or all Projects in effect upon thirty (30) days prior written notice.
7.4 Effect of Termination.  Upon any termination of this Agreement or an applicable Project, the Parties will inform each other of the extent to which performance has been completed through such date and collect and deliver all work in process.  In the event of termination, the Parties agree to wind up their work in a commercially reasonable manner and to preserve and deliver items of value created prior to termination.  Big Language will be paid for all work performed and expenses incurred through the date of termination.  Upon any termination of this Agreement, Big Language reserves the right to destroy or otherwise dispose of any Source Materials which have been in its custody for more than one (1) month following completion of the Professional Services to which they relate.
7.5 Survival.  The provisions of Sections 2.3, 2.4, 3, 4, 5, 6, 7.5, 7.6, and 8 will survive the termination of this Agreement.
8.  MISCELLANEOUS
8.1 Applicable Law.  The table below specifies the following information applicable to this Agreement depending on the location of the Customer’s headquarters (i.e., the “Client Location”): (a) the Affiliate of Big Language (i.e., the Provider) that provides the Services to Customer under this Agreement, (b) the law that is applicable to this Agreement (the “Applicable Law”), (c) the venue in which any dispute arising from this Agreement will be resolved, and the location where such dispute will be resolved (the “Venue”).  More specifically, each party agrees that this Agreement and the rights and obligations of the Parties in connection with this Agreement, including all Orders, will be construed in accordance with, and will be governed by, the Applicable Law specified in the table below, without giving effect to its rules regarding conflicts of laws.  Any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity of this Agreement (including any Project),will be resolved exclusively in the Venue specified in the table below, and each Party agrees to the exclusive jurisdiction of such Venue.  Notwithstanding the foregoing, each Party reserves the right to seek provisional remedies in aid of arbitration from a court of appropriate jurisdiction and to seek an injunction against any misappropriation or misuse of its Confidential Information in breach of this Agreement.
   
Client Location Affiliate Applicable Law Venue
Germany Law Linguist Laws of Germany Arbitration conducted by the International Chamber of Commerce in Germany in Stuttgart, Germany
Italy Law Linguist Laws of Italy Arbitration conducted by the International Chamber of Commerce in Italy in Milan, Italy
Europe (other than Germany and Italy) Dora Wirth Languages, Protranslating, Language Link, BIG IP, ISI Language Solutions Laws of England and Wales Arbitration conducted by the London Court of International Arbitration (“LCIA”) in London, UK
United States Protranslating, Language Link, BIG IP, ISI Language Solutions, Law Linguist, or Dora Wirth Languages Laws of the State of New York, USA Arbitration conducted by JAMS. in New York, NY, USA

8.2 Force Majeure. Each Provider will be excused from performance of its obligations under this Agreement if such a failure to perform arises from compliance with any requirement of applicable law, acts of God, fire, strike, pandemic, embargo, terrorist attack, war, insurrection or riot or other causes beyond the reasonable control of that Provider. Any delay resulting from any of such causes will extend performance accordingly or excuse performance, in whole or in part, as may be reasonable under the circumstances.
8.3 Notices. All notices required by or relating to this Agreement will be in writing and will be sent by means of certified mail, postage prepaid, to the Parties to the Agreement and addressed, if to Customer, as set forth on the Cover Page, or if to Big Language, as follows:

Big Language Solutions, LLC
3424 Peachtree Road NE, Suite 2060
Atlanta, GA 30326
Attention: CFO

or addressed to such other address as that Party may have given by written notice in accordance with this provision. All notices required by or relating to this Agreement may also be communicated by facsimile, provided that the sender receives and retains confirmation of successful transmittal to the recipient. Such notices will be effective on the date indicated in such confirmation. In the event that either Party delivers any notice hereunder by means of facsimile transmission in accordance with the preceding sentence, such Party will promptly thereafter send a duplicate of such notice in writing by means of certified mail, postage prepaid, to the receiving Party, addressed as set forth above or to such other address as the receiving Party may have previously substituted by written notice to the sender.
8.4 Assignment; Delegation. Each Party may assign this Agreement without the need for any consent in connection with any corporate restructuring, or in connection with a sale or transfer of all or substantially all of its assets, stock or business. This Agreement will be binding upon and inure to the benefit of Big Language and Customer and their successors and permitted assigns.
8.5 Independent Contractors. Customer and Big Language acknowledge and agree that the relationship arising from this Agreement does not constitute or create any joint venture, partnership, employment relationship or franchise between them, and the Parties are acting as independent contractors in making and performing this Agreement.
8.6 Amendment. No amendment to this Agreement or any Agreement will be valid unless such amendment is made in writing and is signed by the authorized representatives of the Parties.
8.7 Waiver. No waiver under this Agreement will be valid or binding unless set forth in writing and duly executed by the Party against whom enforcement of such waiver is sought. Any such waiver will constitute a waiver only with respect to the specific matter described therein and will in no way impair the rights of the Party granting such waiver in any other respect or at any other time. Any delay or forbearance by either Party in exercising any right hereunder will not be deemed a waiver of that right.
8.8 Severability. If any provision of this Agreement is invalid or unenforceable for any reason in any jurisdiction, such provision will be construed to have been adjusted to the minimum extent necessary to cure such invalidity or unenforceability. The invalidity or unenforceability of one or more of the provisions contained in this Agreement will not have the effect of rendering any such provision invalid or unenforceable in any other case, circumstance or jurisdiction, or of rendering any other provisions of this Agreement invalid or unenforceable whatsoever.
8.9 Export. Each Party agrees not to export, directly or indirectly, any data acquired from the other Party or any products utilizing such data to countries outside the United States of America, which export may be in violation of the United States of America export laws or regulations or the laws and regulations of any other applicable jurisdiction.
8.10 No Third-Party Beneficiaries. The Parties acknowledge that the covenants set forth in this Agreement are intended solely for the benefit of the Parties, their successors and permitted assigns. Nothing herein, whether express or implied, will confer upon any person or entity, other than the Parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.
8.11 Counterparts. Each Project may be executed in any number of counterparts, each of which when so executed will be deemed to be an original and all of which when taken together will constitute one Agreement. Execution of each Project may occur in writing or electronically (e.g., through an electronic signature platform such as DocuSign), and both electronic and written signatures of each Party will be valid.+
8.12 Headings. The headings in this Agreement are inserted merely for the purpose of convenience and will not affect the meaning or interpretation of this Agreement.
8.13 Entire Agreement. This Agreement, and any relevant Project referencing this Agreement, sets forth the entire agreement and understanding between the Parties hereto with respect to the subject matter hereof and, except as specifically provided herein, supersedes and merges all prior oral and written agreements, discussions and understandings between the Parties with respect to the subject matter hereof, and neither of the Parties will be bound by any conditions, inducements or representations other than as expressly provided for herein.
8.14 Order of Precedence. In the event that a conflict is deemed to arise between the provisions of this Agreement and the provisions of any Project, the provisions of this Agreement will govern unless otherwise expressly specified otherwise in such Project.