We’re committed to helping Crowdin customers and users understand and comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law that went into effect on May 25, 2018.
GDRPR 加强了个人在与他们有关的个人数据方面的权利,并力求统一欧洲各地的数据保护法, 无论数据在何处处理。
This page provides an overview of the data-related roles and responsibilities that come into effect, once you choose Crowdin as your localization platform and will explain Crowdin’s efforts to live up to the values and requirements of the GDPR.
The source files and translations that you store in Crowdin are your data and you are the data controller for any personal data that may appear thought these resources. In our Terms of Service and Privacy Policy, this data is referred to as Client Data.
Using the Crowdin platform to manage your localization files means that you have engaged Crowdin as a data processor to carry out certain processing activities on your behalf.
According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This is where our Terms of Service and Privacy Policy come in. These two documents also serve as your data processing contract, setting out the instructions that you are giving to Crowdin concerning the processing of your personal data and establishing the rights and responsibilities for both parties. Crowdin will only process your Client Data based on your instructions as the data controller.
All customers have a contractual relationship with our EU entity, based in Estonia.
One topic that often comes up with customers is data transfers outside of the EEA.
The GDPR establishes strict requirements for moving data outside of its scope of protection.
As our customers have a legal relationship with our EU entity. If Crowdin subsequently engages sub-processors outside the EEA, it is our job to ensure that we transfer the data lawfully.
We will keep an up-to-date list of sub-processors to be fully transparent about these transfers. This list will also explain what data is involved and how we have ensured that the data is adequately protected even after it leaves the EEA. We do this by making sure that our third-party service providers have signed the EU Commission’s standard contractual clauses for data transfers with us.
Additionally, Crowdin acts as the data controller for the personal data we collect about users of our web application and website.
处理个人数据有几个原因:
We process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b));
We process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
Our legitimate interests are the following:
Improving the functionality of the platform to help the users’ productivity.
Ensuring the safety and security of your data and Crowdin’s systems.
Responsible marketing of our product and its features.
作为一家欧盟公司, 我们有义务确保我们业务的每一个方面都遵守一般的欧盟法律,特别是遵守 GDPR。
出于所有这些原因,我们根据 GDRPR 采取了技术和组织措施,以保护由 Crowdin 处理的客户和用户的个人数据。
We developed and maintain necessary procedures to ensure that data processes are mapped and auditable, which is a large part of the GDPR requirements. We also have added elements to our application development cycle to build features based on the Privacy by Design principles. Any access to the Client Data that we process on your behalf is strictly limited. Our internal procedures and logs make sure that we meet the GDPR accountability requirements in this regard.
We have established a process for onboarding third-party service providers and adopting tools that makes sure that these third-parties meet the high expectations that Crowdin and its customers have when it comes to privacy and security.
Readiness to comply with subject access requests
The ownership of personal data by Data Subjects takes the central place of the GDPR. We have all the necessary means to respond to data subject requests regarding deletion, modification, or downloading of their data. This means that our Customer Support Specialists along with the Engineers that assist them in their work are well-prepared to help you in any matters involving your personal data, in addition to providing the awesome customer support experience.
Our Terms of Service, Privacy Policy, List of Subprocessors, Cookie Statement, and Security Page are constantly being revised to increase transparency and to make sure these documents meet the GDPR requirements. As these are the basis for our relationship with you, it is very important for us to explain our commitments and your rights in these documents comprehensively and openly. Additionally, we’re constantly mapping all our data processing activities to be able to comply with the GDPR accountability requirements.
All of the above is supported by extensive training efforts within the company so that the GDPR compliant processes we’ve put in place are followed. 关于数据隐私和安全的课程是我们登载过程的一个组成部分,每个部门都接受适合其个人数据工作的培训。
Crowdin is firmly convinced that meeting GDPR requirements is much more than just checking off boxes in a list. For us, the GDPR is truly a lifestyle of respect to individuals’ privacy and responsibility in handling personal data.
希望这有助于您更好地浏览数据保护要求。 如果您有任何有关上述的问题,欢迎您通过 privacy@crowdin.com 与我们联系,我们将尽力进一步解释情况。