LOKALISE’S NOTICE OF CERTIFICATION UNDER THE DATA PRIVACY FRAMEWORK
Effective as of 19 October 2023
Compliance with the Data Privacy Framework
Lokalise complies with, and is committed to, the EU-U.S. Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of any personal data which is transferred from the European Union, Switzerland or the United Kingdom, as applicable, to the United States in reliance on the Data Privacy Framework. Lokalise has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such personal data. If there is any conflict between the terms in this notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall take precedence. For more information about the Data Privacy Framework program, and to view Lokalise’s certification, please visit the dedicated website: https://www.dataprivacyframework.gov/s/.
What personal data does Lokalise process?
Lokalise may collect information from visitors to, and/or users of, the Lokalise Platform. This includes:
- Visitors to our website who have not (yet) signed up to our Platform or Services;
- Natural persons who are our Customers (as defined in the Terms of Service or MSA); and
- Authorized Users – individuals who are registered or permitted by one of Customers to access a Team’s Workspace (as defined in the Terms of Service or MSA) and/or use the Services. Authorized Users may include, for example, in-house localization managers, CTOs, CPOs, or external/outsourced translators working on a translation project in the Team’s Workspace.
The types of information Lokalise collects can be divided into two groups:
Lokalise does not knowingly process sensitive personal data.
For what purposes does Lokalise collect and use personal data?
How can you contact Lokalise with any inquiries or complaints?
If you believe Lokalise maintains your personal data in connection with our Services, you may direct any inquiries or complaints concerning our Data Privacy Framework compliance to email@example.com. Lokalise will respond within 30 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, the matter may be referred to our designated alternative dispute resolution provider, currently JAMS. If neither Lokalise nor the dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.
Which third parties may receive personal data from Lokalise?
Lokalise uses a limited number of third-party vendors, partners and service providers in order to provide the Platoform and the Services. A list of Lokalise’s sub-processors can be found here: https://lokalise.com/sub-processors. Lokalise maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Lokalise remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
What are your rights to access, and limit the processing of, your personal data?
EU, UK, and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. As part of Lokalise’s Data Privacy Framework self-certification, we have committed to respect those rights. To use your data protection rights, you can contact us at: firstname.lastname@example.org. We take each request seriously. We will comply with your request to the extent required by applicable law. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
How is the Data Privacy Framework enforced?
Lokalise’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission and any other U.S. authorized statutory body.
Under what circumstances might Lokalise be required to disclose your personal data?
Lokalise may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.