Smartling is in compliance with PCI, SOC 2, HIPAA, and GDPR standards. The last audit period was December 1, 2017 - November 30, 2018, and compliance documents for that period were published in January 2019. Compliance documents for December 1, 2018 - November 30, 2019 will be available in January of 2020.
Smartling has continuously maintained:
- PCI Level 1 compliance since 2012
- SOC 2 standards through complete examinations for SOC 2 Type 2 reports on security principles since 2013
- HIPAA compliance since 2013
- Compliance with the EU General Data Protection Regulation (GDPR) since GDPR introduction in 2018
|PCI||Certifies presence of best security practices for secure processing and transmission of credit card data.||Web Proxy Service (Global Delivery Network). (Smartling does not store credit card data or other user data in any databases, API, or connectors.)||December 1, 2017 to November 30, 2018|
|SOC 2||Certifies a third-party vendor’s controls over security, availability, processing integrity, and confidentiality or privacy.||Dashboard, API Service, Web Proxy Service (Global Delivery Network), CAT Tool||December 1, 2017 to November 30, 2018|
|HIPAA||Certifies an external vendor’s controls over privacy and security of certain health information covered by the law.||Dashboard, API Service, Web Proxy Service (Global Delivery Network), CAT Tool||December 1, 2017 to November 30, 2018|
Smartling is also in compliance with ISO 17100 standards for Language Services.
Personal Data and Information Security
How Smartling’s Business Interacts with Personal Data
Smartling’s business revolves around three main components:
- Productivity tools and cloud data storage, including, for some customers, CMS connector products to move untranslated content into Smartling’s productivity tool and translated content back out to Customers (the “Smartling Platform”);
- A web proxy that intercepts Smartling Customers’ end users’ HTTP requests and returns translated content stored in the Translation Platform (the “Global Delivery Network” or “GDN”); and
- A translation services marketplace to facilitate purchase of translation services by Smartling end users from independent translation service providers.
Many of our customers do not use all of these products. If your firm does not use the GDN, or if it relies on other vendors for translation services, you need not worry about Smartling’s handling of those types of personal data.
Types of Personal Data to which Smartling Has Access
Smartling interacts with personal data in four major contexts: transmission through Smartling infrastructure, Smartling account maintenance/use, outbound marketing communications, and communications between Smartling and Smartling personnel.
- Transmission Through Smartling Infrastructure – Smartling makes a concerted effort during each Customer’s onboarding and throughout their relationship to segregate personal data and prevent it from entering the Smartling Platform.
- Smartling Customer Records – As a matter of course, Smartling must create and maintain files on each of its customers, including personal information belonging to customer representatives that interact with Smartling’s products. This includes names and contact information, but also billing information for the customer, as well as login and password information, among other potentially identifying data points.
- Outbound Marketing Communications – Smartling sends marketing communications to its customers and others, and it maintains lists of contact information to that end.
Smartling Policy Regarding the Protection of Personal Data Belonging to Customers
Because we are keenly aware of the risks associated with personal data, Smartling is happy to work with its customers to ensure data security, proper handling of personal data, and privacy.
- Smartling assumes full responsibility for its handling of personal data. Our standard agreements make clear that Smartling assumes responsibility for its employees, its contractors, and its suppliers in this and every other compliance area. We take time out of our onboarding process to work with our customers to help prevent the mistaken transmission of personal data into channels where it does not be
- Smartling relies on industry-leading cloud services to keep data secure and compliant. Smartling uses Amazon Web Services locations across the globe to house customer data, largely because of the risks associated with data crossing jurisdictional boundaries.
- Smartling relies on independent contractors. Smartling employs a number of independent contractors to provide services throughout its business. Because Smartling relies on these vendors to maintain its service standards, we cannot agree to allow our customers special control over these vendors’ assignments, or provide lists of these contractors.
- Smartling works with its customers to ensure compliance. Because we know that each customer’s situation is different, should the need arise, Smartling’s team is happy to work with customers to ensure that every one of our customers has what it needs to use Smartling with confidence. Contact your sales representative or account manager if you have any additional concerns about using Smartling.