Toloka is ISO certified to handle personally identifiable information

Toloka Team
by Toloka Team

Subscribe to Toloka News

Subscribe to Toloka News

These days, we're all having to get wise about personally identifiable information, also known as PII. Enterprises have to think about how their internal processes could put PII at risk. They also have to think about how to vet external suppliers that might process PII.

At Toloka, we've worked hard to make that vetting process easier with transparent privacy practices, and we have great news! Toloka has been certified for compliance with ISO/IEC 27701, an extension to ISO/IEC 27001 for privacy information management.

ISO certification? Make ours a double

We've had the ISO/IEC 27001 certification for a year now. We've just renewed it again. This certification confirms that we have a robust Information Security Management System: a set of policies, procedures, risk assessments, and training programs to keep confidential information secure.

Now we're ISO/IEC 27701 certified as well. We've implemented a Privacy Information Management System, which covers the collection, handling, storage, and destruction of PII. Our new certifications have been audited and issued by TÜV Austria.

For our customers, this means that Toloka securely processes data to help businesses stay compliant with GDPR, CCPA, LGPD, PDPL, and other local privacy regulations in the countries where our users reside. We are committed to full transparency regarding how we process personal data, including precise data processing agreements. Rest assured that we never sell or disclose the personal data of our customers.

Privacy by design, privacy by default

Maintaining these management systems involves a whole raft of procedures, reports, and reviews. Ultimately, they all aim at three things:

  • We don't collect PII we don't need.
  • We only use PII for its declared purpose.
  • We don't store PII for longer than we need it.

We have strict policies regarding employee access to personal data and rigorous employee training for handling PII.

Small changes that make a difference

Along the way, we've improved how we communicate privacy on our website, in our user agreements, and in our product. It matters to us that our users can actually understand what happens with their data. For example:

  • Our privacy notice now uses clearer wording and is available in 15 languages for Tolokers.
  • Our new cookie banner offers full control over which cookies are stored on your browser.

We also developed a safer solution for automatic face blurring directly in the Toloker app. This prevents photos of random people from ever reaching our platform and offers much better privacy than alternative blurring processes.

What's ahead

Privacy comes first at Toloka and we continually look for ways to strengthen our security and privacy policies. We're working toward compliance with HIPAA privacy rules for handling medical data — stay tuned.

For a more detailed look at how we do privacy and security, please refer to our security center.

Article written by:
Toloka Team
Toloka Team

Recent articles

Have a data labeling project?

Take advantage of Toloka technologies. Chat with our expert to learn how to get reliable training data for machine learning at any scale.

More about Toloka

  • Our mission is to empower businesses with high quality data to develop AI products that are safe, responsible and trustworthy.
  • Toloka is a European company. Our global headquarters is located in Amsterdam. In addition to the Netherlands, Toloka has offices in the US, Israel, Switzerland, and Serbia. We provide data for Generative AI development.
  • We are the trusted data partner for all stages of AI development–from training to evaluation. Toloka has over a decade of experience supporting clients with its unique methodology and optimal combination of machine learning technology and human expertise. Toloka offers high quality expert data for training models at scale.
  • The Toloka team has supported clients with high-quality data and exceptional service for over 10 years.
  • Toloka ensures the quality and accuracy of collected data through rigorous quality assurance measures–including multiple checks and verifications–to provide our clients with data that is reliable and accurate. Our unique quality control methodology includes built-in post-verification, dynamic overlaps, cross-validation, and golden sets.
  • Toloka has developed a state-of-the-art technology platform for data labeling and has over 10 years of managing human efforts, ensuring operational excellence at scale. Now, Toloka collaborates with data workers from 100+ countries speaking 40+ languages across 20+ knowledge domains and 120+ subdomains.
  • Toloka provides high-quality data for each stage of large language model (LLM) and generative AI (GenAI) development as a managed service. We offer data for fine-tuning, RLHF, and evaluation. Toloka handles a diverse range of projects and tasks of any data type—text, image, audio, and video—showcasing our versatility and ability to cater to various client needs.
  • Toloka addresses ML training data production needs for companies of various sizes and industries– from big tech giants to startups. Our experts cover over 20 knowledge domains and 120 subdomains, enabling us to serve every industry, including complex fields such as medicine and law. Many successful projects have demonstrated Toloka's expertise in delivering high-quality data to clients. Learn more about the use cases we feature on our customer case studies page.