LOKALISE’S NOTICE OF CERTIFICATION UNDER THE DATA PRIVACY FRAMEWORK

Effective as of 19 October 2023

Compliance with the Data Privacy Framework

Lokalise complies with, and is committed to, the EU-U.S. Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of any personal data which is transferred from the European Union, Switzerland or the United Kingdom, as applicable, to the United States in reliance on the Data Privacy Framework. Lokalise has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such personal data. If there is any conflict between the terms in this notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall take precedence. For more information about the Data Privacy Framework program, and to view Lokalise’s certification, please visit the dedicated website: https://www.dataprivacyframework.gov/s/.

What personal data does Lokalise process?

Lokalise may collect information from visitors to, and/or users of, the Lokalise Platform. This includes:

- Visitors to our website who have not (yet) signed up to our Platform or Services;

- Natural persons who are our Customers (as defined in the Terms of Service or MSA); and

- Authorized Users – individuals who are registered or permitted by one of Customers to access a Team’s Workspace (as defined in the Terms of Service or MSA) and/or use the Services. Authorized Users may include, for example, in-house localization managers, CTOs, CPOs, or external/outsourced translators working on a translation project in the Team’s Workspace.

The types of information Lokalise collects can be divided into two groups:

1) “Personally identifiable information” or personal data that can be used to identify or contact you (the “Personal Data” or “PII”). See Section 1C of our Privacy Policy for further information. 

2) “Aggregated Information” - information or data we collect that are anonymous or where all identifiable information have been removed. See Section 1D of our Privacy Policy for further information.

Lokalise does not knowingly process sensitive personal data.

For what purposes does Lokalise collect and use personal data?

Lokalise processes data submitted by customers for the purpose of operating our Platform, delivering Services, and carrying out our business. More specifically, Lokalise uses personal data to: provide you with our Platform; facilitate contractual and pre-contractual business relationships; comply with our regulatory and other legal obligations; personalize the Platform for you by understanding your needs; create new features, tools and products; perform research and analysis; provide support to our Customers; protect Lokalise, our Customers and the public; sending services-related communications; sending marketing and events-related communications; and for interest based advertising. For more information about each of these categories, please refer to Section 4 of our Privacy Policy.

We only collect and process information with your consent, or on another legal basis; we do not sell it to third parties, and we only use it as this Notice and our Privacy Policy describes.

How can you contact Lokalise with any inquiries or complaints?

If you believe Lokalise maintains your personal data in connection with our Services, you may direct any inquiries or complaints concerning our Data Privacy Framework compliance to privacy@lokalise.com. Lokalise will respond within 30 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, the matter may be referred to our designated alternative dispute resolution provider, currently JAMS. If neither Lokalise nor the dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

Which third parties may receive personal data from Lokalise?

Lokalise uses a limited number of third-party vendors, partners and service providers in order to provide the Platoform and the Services. A list of Lokalise’s sub-processors can be found here: https://lokalise.com/sub-processors. Lokalise maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Lokalise remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage. 

For more information about how Lokalise discloses personal data, please refer to Section 6 of our Privacy Policy.

What are your rights to access, and limit the processing of, your personal data?

EU, UK, and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. As part of Lokalise’s Data Privacy Framework self-certification, we have committed to respect those rights. To use your data protection rights, you can contact us at: privacy@lokalise.com. We take each request seriously. We will comply with your request to the extent required by applicable law. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.

How is the Data Privacy Framework enforced?

Lokalise’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission and any other U.S. authorized statutory body.

Under what circumstances might Lokalise be required to disclose your personal data?

Lokalise may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.