ProZ.com and the GDPR
The EU General Data Protection Regulation (GDPR) is a new EU regulation that strengthens the protection of EU citizens' personal data, and seeks to unify data protection laws across Europe, regardless of where that data is processed. It will come into force on 25 May, 2018.
ProZ.com is committed to GDPR compliance across all ProZ.com services.
ProZ.com has always maintained a strong commitment to protecting the privacy and data of those who use ProZ.com services. We embrace the GDPR as a good thing for the Internet in general, and support its objectives. Although the GDPR applies only to subjects within the European Union, ProZ.com has applied these protections to all users, regardless of their location.
As the deadline approaches, ProZ.com is focused on GDPR compliance efforts. During this implementation period, we are evaluating new requirements and restrictions imposed by the GDPR and will take whatever action is needed to ensure that we handle customer data in compliance with applicable law by the 2018 deadline.
Changes at ProZ.com
ProZ.com has made a number of improvements to safeguard the privacy and protection of personal data as part of this initiative.
Explicit "opt-in" consent
The GDPR requires in many cases that we get your explicit, informed, opt-in consent before "processing" your personal data (such as sending you email announcements, or setting a tracking cookie from an advertiser). While ProZ.com has always made a point of respecting users' preferences in these matters, some features required users to take the extra step of opting-out (if they didn't want to receive the ProZ.com newsletter, for example). These defaults have been changed, and "opt-in" is now the rule, rather than "opt-out".
We have taken additional steps to ask for consent when needed. For example, you may have seen a notice on the site asking for your permission to set cookies, or asking you to confirm that you still want to receive the types of emails you have been getting.
Tools to control your data
A new Data and privacy settings page has been created to help you control your personal data. You can use this page to see the consent you have given for processing your data in various ways, and revoke that consent if desired.
Privacy Shield framework
ProZ.com has implemented the EU-US and Swiss-US Privacy Shield framework. Privacy Shield helps ensure that we comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. ProZ.com has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus.
Data processing agreement
For some ProZ.com services, like invoicing, ProZ.com acts as a "data processor" under the GDPR. In line with GDPR principles, we do not collect or store any data that is not needed for providing the service. If you submit information that personally identifies others (for example, a translator may submit client contact information in order to issue an invoice, or a user may notify a friend of a job posting by submitting their email in a "tell-a-friend" form), this information is never used for a purpose other than that for which it was collected. Notably, it is never used for marketing or advertising purposes.
The GDPR requires data processors to have a legal agreement with specific stipulations guaranteeing protections for your data. See ProZ.com's data processing agreement.
If you have questions about ProZ.com's compliance with the GDPR, please contact ProZ.com staff by submitting a support request.