Data Processing Agreement

Last updated at: November 21, 2024

Definitions

  • "You" or "customer" refers to the company or organization that signs up to use the SimpleLocalize.io

  • In this Data Processing Agreement ("DPA"), "Data Protection Legislation" means the General Data Protection Regulation (Regulation (EU) 2016/279), and all other applicable laws relating to processing of data and privacy that may exist in any relevant jurisdiction.

  • "data controller", "data processor", "data subject", "personal data" and "processing" shall be interpreted in accordance with applicable Data Protection Legislation.

  • The parties agree that the customer is the data controller and that SimpleLocalize.io is its data processor in relation to data that is processed in the course of providing the service.

Privacy of your data

  1. You own all right, title, and interest to your translation data. We obtain no rights from you to your translation data.

  2. We do not use your translation data for any purpose other than to provide you with the service.

  3. We do not collect and analyze personal information from web users and use these behavioral insights to sell advertisements.

  4. When using SimpleLocalize.io, you 100% own and control all of your translation data.

  5. We don’t sell or rent your site data to any third-parties.

Security of your data

We implement and maintain appropriate technical and organizational measures to protect personal data. These measures include but are not limited to:

  • Encryption of data at rest and in transit.
  • Regularly updated firewalls and intrusion detection systems.
  • Access controls and authentication mechanisms to restrict access to authorized personnel only.
  • Regular security audits and vulnerability assessments.
  • Procedures for regular testing, assessment, and evaluation of the effectiveness of security measures.

Processor’s obligations with respect to the controller

  1. We as humans can access your data to help you with support requests you make and to maintain and safeguard SimpleLocalize.io to ensure the security of your data and the service as a whole. SimpleLocalize.io shall ensure that all SimpleLocalize personnel required to access the data are trained in GDPR and data privacy, informed of the confidential nature of the data and comply with the obligations sets out in this agreement.

  2. SimpleLocalize.io shall implement and maintain appropriate technical and organizational security measures designed to protect the data against unauthorized or unlawful processing and against accidental loss, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of the data and having regard to the nature of the data which is to be protected.

  3. We do work with sub-processors. Any such sub-processors will be permitted to process data only to deliver the services SimpleLocalize.io has retained them to provide, and they shall be prohibited from using data for any other purpose. SimpleLocalize.io shall notify the controller when modifying the list of sub-processors using our in-app notifications, email and/or blog. The controller is able to legitimately object and may terminate the agreement.

  4. All of your site data is stored in the EU, and it never leaves the EU. You can find the list of other cloud services and third party services that we use in our privacy policy.

  5. If SimpleLocalize.io becomes aware of any accidental, unauthorised or unlawful security breach, destruction, loss, alteration, or disclosure of the personal data that is processed by SimpleLocalize.io in the course of providing the service, it shall without undue delay (not later than 48 hours after having become aware of it), notify customer by email and provide customer with a description of the incident as well as periodic updates to information about the incident, including its impact on customer content. SimpleLocalize.io shall additionally take action to investigate the incident and reasonably prevent or mitigate the effects of the incident.

  6. SimpleLocalize.io shall not on its own authority rectify, erase or restrict the processing of data that is being processed on behalf of the controller (unless this is required by law or the Processor Terms of Service), but shall only do so on documented instructions from the controller and in accordance to the data retention rules associated to the controller subscription plan.

  7. SimpleLocalize.io shall notify customer without an undue delay if, in SimpleLocalize.io’s opinion, an instruction for the processing of data given by customer infringes applicable Data Protection Legislation.

  8. SimpleLocalize.io shall assist the controller in responding to data subjects’ requests to exercise their rights, including but not limited to access, rectification, erasure, and data portability. SimpleLocalize.io will forward such requests to the controller without undue delay.

  9. SimpleLocalize.io shall ensure that any sub-processor engaged to process data on behalf of the controller adheres to the same data security and confidentiality obligations as set forth in this agreement.

  10. SimpleLocalize.io remains fully liable to the controller for the performance of its obligations under this agreement, even in cases where sub-processors carry out those obligations.

  11. SimpleLocalize.io shall provide the controller with all information necessary to demonstrate compliance with the obligations set forth in this agreement and applicable Data Protection Legislation. This includes making available relevant documentation and records upon request.

  12. SimpleLocalize.io shall make available to the controller all information necessary to demonstrate compliance with the obligations set forth in this agreement and GDPR. This includes, upon request, documentation of technical and organizational measures, records of processing activities, and details of sub-processors engaged.

  13. SimpleLocalize.io shall obtain prior consent from the controller before engaging any new sub-processors. This consent may be general or specific, as agreed between the parties. SimpleLocalize.io shall notify the controller of any intended changes to the list of sub-processors by publishing a notice on its publicly available Changelog or Blog at least 14 days prior to the changes taking effect. The controller may object to the engagement of a new sub-processor within this notice period by providing written notification. If the controller does not object within the specified timeframe, consent shall be deemed granted.

  14. SimpleLocalize.io shall allow and contribute to audits or inspections conducted by the controller or a designated third-party auditor to verify compliance with this agreement and GDPR. Such audits shall be subject to:

    • Prior written notice of at least 90 days.
    • A mutually agreed scope and methodology that ensures minimal disruption to SimpleLocalize.io’s operations.
    • Adequate confidentiality agreements to protect SimpleLocalize.io’s systems and the data of other customers.
    • Where direct system access is not feasible or necessary, SimpleLocalize.io may provide requested documentation, records, and other evidence demonstrating compliance.

How we handle delete instructions

You can choose to delete your account and delete your projects at any time by e-mailing us at [email protected]. In the event that it is our duty to keep a record of some of your personal information, for example, for accounting purposes, this information is retained. We will irrevocably remove all other information within 30 days of your request.

Once all your data will be permanently deleted, we cannot recover them.

Are customers required to sign the DPA?

To use our products and services, you need to accept our DPA. By using our product, you are agreeing to our terms of service, and you are automatically accepting our DPA and do not need to sign a separate document. We provide the same privacy rights and protection to all customers.

Can a customer share the DPA with its customers?

Yes. The DPA is a publicly available document, and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.

Do customers need to notify anyone upon accepting our DPA?

No. You are not required to notify us or any third party upon accepting our DPA, though, as mentioned above, you are free to do so.

Contact

If you have any questions or concerns regarding your information and personal data, please contact us at: [email protected].

Changes to this DPA

We may update this DPA from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.

Changelog

Detailed changelog of the document can be found on our GitHub repository.