Prisma Languages

HOME / PRIVACY POLICY

Privacy Policy

PRISMA INTERNATIONAL CORPORATION

PRISMA INTERNATIONAL CORPORATION B.V.

PRISMA INTERNATIONAL CORPORATION S.A.S.

PRIVACY POLICY AND DISCLAIMERS

Effective Date: 01 January 2026

Scope and Introduction

This Privacy Policy applies to personal data received by PRISMA INTERNATIONAL CORPORATION (PRISMA LANGUAGES, a division of PIC) (collectively, "the Company," and all their affiliated and subsidiary entities "we," "us," or "our") in any format. We are committed to ensuring that all global data handled by our offices conforms to this policy. This document caters to our customers, clients, vendors, suppliers, and regulatory bodies. Prisma International Corporation (prismalanguages.com) will ensure all global data handled by its offices conforms to this Privacy Policy.

Depending on the nature of our relationship, the Company may act as a data controller (determining the purpose and means of processing) or a data processor/sub-processor (handling data on behalf of a client). This Privacy Policy applies to consumers who visit our website, clients, users of one of the Prisma International Corporation and affiliate companies’ technology platforms, our vendors, and suppliers.

Specific details concerning how we process your personal data depend on who you are and what our relationship is to you. Therefore, for additional information concerning our privacy practices with respect to your personal data, please also read the Privacy Policy that relates to you:

  • For consumers and clients, including users of one of the Prisma International Corporation and affiliate companies’ technology platforms, click here.
  • For vendors, click here.

Who are we?

Prisma International Corporation and affiliate companies may be a data controller of your personal data (also known as personal information), which means that Prisma International Corporation and affiliate companies have control of your personal data and may utilize it for various purposes, including sending your information to data processors we work with. Alternatively, depending on who you are and our relationship with you, Prisma International Corporation and affiliate companies may be a data processor or a sub-processor of your personal data.

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified or may be identifiable from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into the data controller’s possession. The collection, use and processing of your personal data may be subject to various data privacy laws (“applicable privacy laws”), including for EEA/UK residents (“EU Personal Data”) the EU General Data Protection Regulation (referred to herein as the “GDPR”).

2. How do we process your personal data?

Prisma International Corporation and affiliate companies complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

The personal data that you provide (or have previously provided) to Prisma International Corporation and affiliate companies may be stored in Prisma International Corporation and affiliate companies’ data center in the United States and where the third party vendors such as Google Workspace, Dropbox, Monday.com, Salesforce and others store data in their servers globally. For details concerning the purposes and locations with respect to which we process your personal data, please utilize the applicable link above under “Scope.”

3. What personal data do we collect?

Please click on the applicable link to the relevant privacy policy under “Scope” above to find more detail concerning the categories of personal data we collect from you. We collect and process personal data only to the extent necessary to provide our services, manage professional relationships, or comply with legal obligations.

  • Website Visitors: We do not automatically capture personal information unless you voluntarily supply contact details via our inquiry forms. We may collect IP addresses and browser data for internal site administration and trend analysis.
  • Clients and Customers: We collect names, email addresses, phone numbers, and payment details to fulfill contracts and provide language services, along any information provided via intake form, when you request a quote, submit an invoice, or send a general inquiry through Prisma International Corporation and affiliate companies’ websites.
  • Vendors and Job Seekers: Personal information such as resumes, contact details, and qualifications is collected to process applications through our internal qualification procedures. For FTEs and FTCs, we may collect tax information for tax filings, and IRS reporting, along with any information voluntarily provided by you through our application form.
  • Cookies: We use cookies to enrich your online experience. You may manage cookie preferences through your browser settings.

4. Why are we collecting your personal data?

For details concerning the purposes with respect to which we process your personal data, please click on the applicable link to the relevant privacy policy under “Scope” above.

5. What is the legal basis for processing your personal data?

For details concerning the legal bases with respect to which we process your personal data, please click on the applicable link to the relevant privacy policy under “Scope” above. We process your data under the following legal grounds:

  • Contractual Necessity: To perform our services or evaluate vendor applications.
  • Legal Obligation: To comply with tax, labor, or regulatory requirements.
  • Legitimate Interests: For business administration and service improvement.
  • Consent: Where you have explicitly granted permission for specific uses, such as marketing.

6. Further processing

If we wish to use your personal data for a new purpose not covered by an existing privacy policy, we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

7. Sharing of your personal data

For details concerning third parties to whom we may disclose your personal data, please click on the applicable link to the relevant privacy policy under “Scope” above.

8. How long do we keep your personal data?

We will keep your personal data for no longer than reasonably necessary for our ongoing business relationship, for record keeping purposes and in case of any potential or actual legal claims or complaints. For tax purposes, we are required to keep files for 7 years and beyond, and for regulatory compliance, and proof of good character and due diligence, we may keep certain information until a court order is issued to permanently delete any private and PHI information.

Data Retention and Destruction

We retain personal data for no longer than is reasonably necessary for the purposes for which it was collected, for record-keeping purposes, or to satisfy legal claims. Once the retention period expires, data is permanently deleted using secure destruction methods.

9. Onward Transfers and Transfer of Data Abroad

Prisma International Corporation and affiliate companies has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles for certain transfers of personal data from the EU, Switzerland and the UK to the US. See more information in section 14 below.

Data Sharing and Onward Transfer

The Company does not sell, rent, or trade your personal information. We only share data with third parties in the following limited circumstances:

  • Authorized Service Providers: We may utilize third-party vendors for data storage and infrastructure (e.g.,included but not limited to: Google Workspace, Microsoft, Adobe, McAfee, Dropbox, Salesforce, Monday.com, Run by ADP, Wells Fargo Bank, OFX, AMEX Global Pay, PayPal, etc.) under strict confidentiality agreements.
  • Professional Linguists: Project-specific data is shared with vetted linguists who are bound by Non-Disclosure Agreements (NDAs), non-Soliciting Agreements (NSAs).
  • Legal Requirements: We may disclose information when required by law or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Non-DPF framework

Where required, Prisma International Corporation and affiliate companies enter contractual terms concerning the transfer of personal data from the applicable countries. The Prisma International Corporation and affiliate companies’ have entered into a data protection agreement, which includes such transfer terms, agreeing with each other to maintain the personal data processed by each Prisma International Corporation and affiliate companies and/or entity in compliance with all applicable data protection and privacy laws.

The term "processing" of personal data includes any operation or set of operations performed upon personal data such as collecting, storing, retrieving, consulting, using, disclosing, disseminating, and otherwise making available the personal data. This Privacy Policy may change from time to time based on changes made to data privacy laws. Any changes made necessary will be reflected in an update to this policy and disseminated.

Prisma International Corporation and affiliate companies' privacy practices are self-certified and reflect current guidance concerning the optimal manner of reaching data privacy compliance in accordance with current legal and regulatory guidance.

10. Cookies and Website Privacy Practices

The Prisma International Corporation and affiliate companies' websites use cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including operating and personalizing the website. Cookies may also be used to track how you use the site to target ads to you on other websites.

When any clients visit Prisma International Corporation and affiliate companies' websites, Prisma International Corporation and affiliate companies may track Personal Data, names or email addresses. Prisma International Corporation and affiliate companies' only track which Internet Service Provider has accessed the site as well as statistics that show the number of site visitors, those requests received and the country origin of those requests. This information is used to improve our site to better serve our clients, but this information does not constitute Personal Data, and any relevant information to perform operations such as customized marketing, hiring and onboarding visitors to provide services, etc.

11. Opting out

Prisma International Corporation and affiliate companies' cookie provider is a member of the Network Advertising Initiative (NAI) and adheres to the NAI Codes of Conduct. You may use the NAI opt out tool here, which will allow you to opt out of seeing targeted ads from us and from other NAI approved member companies.

Further, if you want to opt out of receiving communications from us, please visit Prisma International Corporation and affiliate companies' Opt-Out Portal and/or Unsuscribe buttons in custom marketing campaigns. If you opt out, you will not be able to receive further communications about business opportunities or services and you will no longer be able to access applications within Prisma International Corporation and affiliate companies' technology suite. If the servers are down, Prisma International Corporation and affiliate companies will manually make entries in our Salesforce database for DO NOT CONTACT status on the accounts.

12. Your rights, Your Personal data and Choices

In accordance with applicable laws (including GDPR and CCPA), you have the right to:

  • Access and Rectification: Request a copy of your data or correct inaccuracies.
  • Erasure: Request the deletion of your personal data under certain conditions.
  • Opt-Out: Withdraw consent for marketing or specific data processing activities.
  • To exercise these rights, please contact our Administration Department at the address provided below.

Depending on your country and/or state of residence, as well as our relationship with you, you may have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Prisma International Corporation and affiliate companies hold about you (for European or United Kingdom residents)
  • The right to request that Prisma International Corporation and affiliate companies correct any personal data if it is found to be inaccurate or out of date (for European or United Kingdom residents)
  • The right to request your personal data is erased where it is no longer legally necessary for Prisma International Corporation and affiliate companies to retain such data (for European and United Kingdom residents)
  • The right to withdraw your consent to the processing at any time (for European or United Kingdom residents)
  • The right to request that Prisma International Corporation and affiliate companies provide you, as the data subject, with your personal data and where possible, to transmit that data directly to another data controller (for European and United Kingdom residents)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing (for European or United Kingdom residents)
  • The right to lodge a complaint with governmental agencies or Data Protection Authorities as provided for in the GDPR (for European or United Kingdom residents).

The right to lodge a complaint with governmental agencies or Data Protection Authorities as provided for in the GDPR (for European or United Kingdom residents).

To exercise your rights to data rectification, erasure, portability, access and/or restricted processing, please email contact@prisma-international-corporation.com

Notice – Prisma International Corporation and affiliate companies treat all material sent to us from our clients, vendors, and employees (collectively, "CVEs") as confidential in accordance with its current confidentiality undertakings with CVEs. Confidentiality provisions are required as part of all our contracts with all of our clients vendors and employees; each separate entity must sign a confidentiality agreement prior to becoming affiliated or working with Prisma International Corporation and affiliate companies.

All emails sent to Prisma International Corporation and affiliate companies (globally) are routed through a third-party SPAM filter called SpamDigest (moderated by Google Workspace - TLS automatically for all corporate accounts in use). For a higher level of security, Gmail supports S/MIME (Hosted S/MIME, Client-side encryption (CSE)) which is in the United States and other global servers. This means all email correspondence originated outside of the United States with an end destination other than the United States still must travel through the United States before arrival at the desired location.

Prisma International Corporation and affiliate companies utilize a network of over 2,000+ freelance vendors to assist in the process of translation. They may receive, as part of the assignment, the name of the client they are working on but no Personal Data about that client, unless such contact information is needed to perform the assignment (such as the cases of onsite interpretation projects, onsite document review, etc.).

These freelance vendors may also have access to any Personal Data within the source documents and reference material sent to them for translation. However, in all cases, the freelance vendors are subject to confidentiality undertakings in which such freelance vendors undertake to keep such information confidential and only use such information in accordance with their projects.

All vendors who will be processing Personal Data of EEA/UK/Switzerland citizens or residents are required to sign the EEA/UK/Switzerland Data Protection Agreement and EU Standard Contractual Clauses. These documents address common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of Personal Data with respect to Personal Data.

Under applicable law, a vendor has the right to terminate its working relationship with Prisma International Corporation and affiliate companies and request the deletion of Personal Data pertaining to them. However, as permitted by applicable law, Prisma International Corporation and affiliate companies will continue to maintain its historical business records in such a way so that Prisma International Corporation and affiliate companies may retain its historical knowledge and relationships in connection with any legal or regulatory inquiries which may later arise. This practice is in the best interests of both parties so that identifying information relating to a particular matter is accessible but sufficiently discrete so that Prisma International Corporation and affiliate companies does not accidentally contact them for projects in the future.

Choice – Prisma International Corporation and affiliate companies’ clients have the choice concerning what Personal Data is accessed, used or retained. To conduct business with our clients, it is necessary to maintain contact information and specific billing information, but the extent of the information stored can always be discussed with a Prisma International Corporation and affiliate companies’ Client Services Representative.

Additionally, if there is a specific concern about the Personal Data found in the information provided (such as source, reference material, etc.), we recommend redacting this information prior to sending it to Prisma International Corporation and affiliate companies or discussing alternative solutions with your Prisma International Corporation and affiliate companies’ Client Services Representative. In addition, other steps may be taken which may include the forced anonymization of information and limitation of translation and interpretation and other language services and efforts to de-identified data only.

To better serve our client's needs and provide further information concerning services, Prisma International Corporation and affiliate companies may, from time-to-time, send information on additional services we provide. Should any client decide that this information is not desirable, a client may opt out of receiving this information by informing their Client Services Representative or by contacting the Prisma International Corporation and affiliate companies’ Data Privacy Officer (Chief Legal and Compliance Officer).

Access and Correction – Any individual CVE may request a copy of the Personal Data Prisma International Corporation and affiliate companies has collected from Prisma International Corporation and affiliate companies Data Privacy Officer in accordance with applicable law, in addition to receiving confirmation of the contents of any Personal Data relating to the individual. Under applicable law, such individual CVE then has the right to correct, amend or delete information when it is inaccurate.

Clients may do so by contacting their Client Services Representative or by contacting the Prisma International Corporation and affiliate companies Data Privacy Officer. Except as may be required by law or during a registrar or regulatory audit, Prisma International Corporation and affiliate companies will not provide this data to a third party without the consent of the CVE.

Vendors can do so by contacting contact@prisma-international-corporation.com, an e-mail address to which such inquiries can be sent directly.

Data Integrity – Prisma International Corporation and affiliate companies are dedicated to ensuring that all data maintained is accurate, updated, and relevant for the use contemplated and will take all required steps to ensure the data is accurate, complete and current. This process is accomplished by regular email and written correspondence with CVEs; however, it is highly recommended that CVEs continue to monitor the information provided to Prisma International Corporation and affiliate companies and remain proactive with requesting access to any Personal Data and advising Prisma International Corporation and affiliate companies of the need for corrections as needed.

Data Security – Prisma International Corporation and affiliate companies have strict physical and logical security procedures to ensure that all digital and paper records are secured (such policy is available for dissemination to clients upon written request to the Prisma International Corporation and affiliate companies’ Data Privacy Officer (Chief Legal and Compliance Officer). These records are accessible only by approved staff. All critical systems (e.g., servers) are accessible only by a small number of authorized staff.

Prisma International Corporation and affiliate companies' information security is managed internally and is routinely audited to ensure conformity with Prisma International Corporation and affiliate companies’ procedures and recommended industry standards.

California Shine the Light Rights. California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits California residents who provide us certain personal information to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing purposes. To make a California Shine the Light request, please call +1 (470) 410-8329 or email us at contact@prisma-international-corporation.com. Requests may be made once per year.

13. Contact Information

Prisma International Corporation and affiliate companies commit to resolve complaints about our collection or use of your personal information. To exercise all relevant rights, queries or complaints, please contact:

Data Privacy Officer (Chief Legal and Compliance Officer)

Prisma International Corporation (and its affiliate companies)

US/Global: +1 (470) 410-8329

contact@prisma-international-corporation.com

You may file Data Subject Requests or compliance issues via this online form.

Prisma International Corporation and affiliate companies are committed to resolving all complaints in a timely manner. If you are not satisfied with our response, or if contacting us does not resolve your complaint, you may refer unresolved complaints to the Data Protection Authority of your residing country.

14. Data Protection Framework Statement (DPF Statement)

Prisma International Corporation and affiliate companies (Prisma International Corporation B.V., Prisma International Corporation S.A.S., and all companies in the conglomerate), as well as their subsidiaries (Appendix A below), comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

For the purposes of this DPF Statement, Prisma International Corporation and affiliate companies (Prisma International Corporation B.V., Prisma International Corporation S.A.S., and all companies in the conglomerate), and/or their affiliates and/or subsidiaries are together referred to as “Prisma International Corporation and affiliate companies”.

As part of its overall global privacy compliance efforts, Prisma International Corporation and affiliate companies has certified to the NMSDC for its MBE certifications that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom, in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Prisma International Corporation and affiliate companies has to the NMSDC for its MBE certifications that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland, in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this DPF Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Scope of DPF Statement and Purposes of Personal Data Processing

The DPF Principles. For the purposes of this DPF Statement, prismalanguauges.com, prisma-international-corporation.com, Prisma International Corporation and affiliate companies (Prisma International Corporation B.V., Prisma International Corporation S.A.S., and all companies in the conglomerate), and/or their affiliates and/or subsidiaries are together referred to as “Prisma International Corporation and affiliate companies”.

Prisma International Corporation and affiliate companies (Prisma International Corporation B.V., Prisma International Corporation S.A.S., and all companies in the conglomerate), and/or their affiliates and/or subsidiaries are together referred to as “Prisma International Corporation and affiliate companies” has certified to the NMSDC for its MBE certifications that it adheres to the DPF Principles: Notice, Choice, Accountability for onward transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability with respect to all personal data received from the EU, UK, and Switzerland in reliance on the DPF, as described in this “Scope of DPF Statement and Purposes of Personal Data Processing” section.

The personal data we receive in reliance on the DPF consists of data originating from the EU, UK and Switzerland that:

  • Our clients provide us with them in order that we can provide them with services pursuant to written agreements. Our clients are the controllers of that data.
  • Our clients share with us while negotiating and administering our written agreements with them. We are the controller of that data.
  • Vendors provide us with the conclusion and administration of their written agreements with us. We are the controller of that data.
  • Vendors provide us with the purpose of fulfilling our obligations under a client’s agreement. We are a processor of that data.

Notice

This policy and the policies linked to in the “Scope” section above describe the Controller Data we receive in the U.S. from the EU, Switzerland and the UK in reliance on the respective DPF, including the types of Controller Data we collect, the purposes for which we collect and use such Controller Data, the categories of third parties to whom we disclose such Controller Data and the purposes for disclosure, as well as individuals’ general rights in respect of their personal data.

In this DPF section, we describe the choices we offer in respect of Controller Data we receive in the U.S. from the EU, Switzerland and the UK in reliance on the respective DPF. Prisma International Corporation and affiliate companies also act as a processor of the Processor Data described in the “Scope of DPF Statement and Purposes of Personal Data Processing” section above.

Our customer is responsible for providing appropriate notice to its relevant customers, employees or users, and ensuring it is collecting such Processor Data and personal data generally in reliance on an appropriate legal basis. In this DPF Statement, we describe how our obligations under the DPF are enforced with respect to both Controller Data and Processor Data, and how individuals can contact us with any inquiries or complaints.

Choice

When Prisma International Corporation and affiliate companies act as a processor of Processor Data transferred to us in the U.S. by, or on behalf of, one of our customers in the EU, Switzerland or the UK, our customer is responsible for providing certain choices to its employees, customers and users about the use of their personal data, including Sensitive Personal Data.

Prisma International Corporation and affiliate companies will assist our customers with their response to individuals who wish to exercise their choices regarding their personal data. “Sensitive Personal Data” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.

In accordance with the DPF, when Prisma International Corporation and affiliate companies are the controller, Prisma International Corporation and affiliate companies limit the use and disclosure of Controller Data and provides an opt-in choice for Sensitive Personal Data collected by us as Controller.

  • If Controller Data covered by this DPF Statement is intended to be used for a new purpose that is materially different from that for which the Controller Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party (controller), Prisma International Corporation and affiliate companies will provide the relevant individuals with an opportunity to choose whether to have their Controller Data so used or disclosed.
  • If Sensitive Personal Data covered by this DPF Statement is intended to be (i) disclosed to a third party, or (ii) used for a new purpose that is different from that for which such data was originally collected or subsequently authorized, Prisma International Corporation and affiliate companies will obtain your affirmative express consent (i.e., opt in) prior to such use or disclosure. In addition, we have implemented a process to treat as sensitive any personal data received from a third party where the third party identifies and treats the data as sensitive.

To opt out of such uses or disclosures of Personal Data or Sensitive Personal Data, you may contact Prisma International Corporation and affiliate companies by e-mailing us at contact@prisma-international-corporation.com or via this online form.

Accountability for Onward Transfer

From time to time, it will be necessary to share Controller Data or Processor Data covered by this DPF Statement with Prisma International Corporation and affiliate companies and group entities.

Prisma International Corporation and affiliate companies may also appoint third-party agents (service providers that act as processors, processing personal data pursuant to our instructions) to assist us in providing data, solutions or services to our customers.

Prisma International Corporation and affiliate companies may share Controller Data or Processor Data with these related entities and third-party service providers to perform services that these parties have been engaged by Prisma International Corporation and affiliate companies to perform on Prisma International Corporation and affiliate companies’ behalf (with respect to Controller Data), or on our customer’s behalf (with respect to Processor Data), or if we believe it is reasonably necessary to prevent harm or loss, or we believe that the disclosure will further an investigation of suspected or actual illegal activities.

In all cases, sharing with related entities and third-party services providers will be subject to appropriate contractual restrictions and security measures.

Prisma International Corporation and affiliate companies will remain responsible for the processing of Controller Data and Processor Data it receives under the DPF and subsequently transfers to a third party acting as an agent (processor), unless we are able to prove that we are not responsible in an event giving rise to damage.

If Prisma International Corporation and affiliate companies transfer Controller Data or Processor Data as covered by this DPF Statement to a third party acting as a controller, the transfer will be consistent with any notice provided to the relevant individuals and any consent they have given (where applicable), and only if the third party has provided contractual assurances that it will (i) process the relevant personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing the relevant personal data or take other reasonable and appropriate steps to remediate if it cannot provide the level of protection required by the DPF Principles.

If Prisma International Corporation and affiliate companies have knowledge that a third party acting as a controller is processing the Controller Data or Processor Data transferred reliant on the DPF in a way that is contrary to the DPF Principles, Prisma International Corporation and affiliate companies will take reasonable steps to prevent or stop such processing.

Prisma International Corporation and affiliate companies may be required to disclose Controller Data or Processor Data covered by this DPF Statement in response to lawful requests by public authorities, which may include complying with national security or law enforcement requirements.

Security and Data Protection

Prisma International Corporation and affiliate companies have strict physical and logical security procedures to ensure that all digital and paper records are secured. These records are accessible only by approved staff. All critical systems (e.g., servers) are accessible only by a small number of authorized staff.

Prisma International Corporation and affiliate companies’ information security is managed internally and is routinely audited to ensure conformity with Prisma International Corporation and affiliate companies’ procedures and recommended industry standards.

Prisma International Corporation and affiliate companies conduct periodic reviews of employee compliance with these procedures and standards. Employees who violate our security or privacy procedures or standards may be subject to disciplinary procedures. Nonetheless, please be aware that no data security measures can guarantee 100% security.

We implement rigorous technical and organizational measures to safeguard your data:

  • Access Control: Employee access is limited to the information required to perform specific tasks via role-based access controls.
  • Encryption: Data is protected using industry-standard encryption during transit and at rest. We use Toggle confidential mode for encryption lasting 1 day, 1 week, 1 month, 3 months, and up to 5 years. Recipients won’t have the option to forward, copy, print, or download this email. This message may still be visible to your Google Workspace domain admins or Vault users for periods defined by the domain’s Gmail retention rules. All passcodes will be generated by Google, if an SMS password is required.
  • Internal Audits: We conduct periodic reviews of our security practices and IT infrastructure to ensure compliance with standards such as ISO 27001.
  • Confidentiality: All employees and contractors must sign confidentiality agreements as a condition of engagement.

Data Integrity and Purpose Limitation

Prisma International Corporation and affiliate companies limit the collection of Controller Data to data that is relevant for the purposes of processing. Prisma International Corporation and affiliate companies do not process such Controller Data in a way that is incompatible with the purposes for which it has been collected, or (as applicable) subsequently authorized by you.

Prisma International Corporation and affiliate companies take reasonable steps to ensure that Controller Data is reliable for its intended use, accurate, complete, and current. Prisma International Corporation and affiliate companies also take reasonable and appropriate measures to retain Controller Data in identifiable form only for as long as it serves a purpose of processing. This means that we retain Controller Data in accordance with our written policies, which reflect our business purposes and our legal obligations, unless a longer retention period is otherwise permitted by law and its retention is consistent with the DPF Principles.

With respect to Processor Data covered by this DPF Statement, Prisma International Corporation and affiliate companies retain such data as instructed by its customers acting as controllers. Processor Data may also be retained for a period necessary to comply with legal obligations and in accordance with Prisma International Corporation and affiliate companies’ written policies. Prisma International Corporation and affiliate companies will not use the Processor Data covered by this DPF Statement in a manner that is incompatible with the purpose for which it was originally collected, except as permitted by applicable law.

Access

When we process Controller Data, individuals whose Controller Data is covered by this DPF Statement have the right to access such Controller Data and to correct, amend, or delete such Controller Data if it is inaccurate or has been processed in violation of the DPF Principles, except if the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of other persons would be violated.

We will make reasonable and practical efforts to comply with individuals’ requests, to the extent consistent with applicable law and the DPF Principles. To make a request, individuals may contact us by e-mailing contact@prisma-international-corporation.com or via this online form.

When Prisma International Corporation and affiliate companies receive Processor Data covered by this DPF Statement, Prisma International Corporation and affiliate companies act as a processor for its customers and our customers are responsible for providing individuals with access to their personal data, and the right to correct, amend or delete that data where it is inaccurate or where they have been processed in violation of the DPF Principles, as appropriate.

Accordingly, individuals should direct questions about their Processor Data to the appropriate Prisma International Corporation and affiliate companies’ customers. If an individual is unable to contact the appropriate customer, or does not obtain a response from the customer, Prisma International Corporation and affiliate companies will provide reasonable assistance in forwarding the individual’s request to the customer.

Recourse, Enforcement and Liability

Prisma International Corporation and affiliate companies are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), which has jurisdiction over Prisma International Corporation and affiliate companies’ compliance with this DPF Statement and the DPF Principles.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, as well as all other relevant regulatory requirements, Prisma International Corporation and affiliate companies commit to resolve DPF Principles-related complaints about our collection and use of your personal information.

Individuals in the EU, Switzerland or the UK with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact Prisma International Corporation and affiliate companies’ by e-mailing contact@prisma-international-corporation.com or via this online form.

In compliance with the DPF Principles, Prisma International Corporation and affiliate companies commit to refer unresolved complaints concerning our handling of Controller Data or Processor Data received in reliance on the DPF to ROCKETLAWYER, an independent, alternative dispute resolution provider based in the U.S. Information about Rocket Lawyer for dispute resolution is available at the following address: https://www.rocketlawyer.com. Prisma International Corporation holds a Rocket Legal + membership where dispute resolution services and other legal and compliance documentation is provided by BAR-certified lawyers in the United States.

Prisma International Corporation and affiliate companies will cooperate with ROCKETLAWYER to resolve DPF related complaints. Accordingly, if you have contacted us at contact@prisma-international-corporation.com or via this online form but do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please email legal@prisma-international-corporation.com to file a complaint.

If your DPF complaint cannot be resolved through the above channels, you may be entitled, under certain conditions, to invoke binding arbitration for certain residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf for further information.

Prisma International Corporation and affiliate companies agree to periodically review and verify its compliance with the DPF Principles, and to remedy any issues arising out of compliance with the DPF Principles. Prisma International Corporation and affiliate companies understand that if it does not provide an annual self-certification to the U.S. Department of Commerce, Prisma International Corporation and affiliate companies will be removed from the Department’s list of DPF participants.

Appendix A: List of Prisma International Corporation and affiliate companies and its subsidiaries subject to DPF

  • Prisma Languages, a division of Prisma International Corporation
  • Prisma Consulting, a division of Prisma International Corporation
  • Prisma Care Inc.
  • Prisma Health Inc.
  • Prisma Holdings Inc.
  • Prisma Homes Inc.
  • Prisma Inc.
  • Prisma Law Inc.
  • Prisma International Foundation Inc.
  • Cakes Wonderland Inc.