Skip to content
English
Submit a request
  • There are no suggestions because the search field is empty.

Data Processing Addendum (DPA)

Data protection terms for customer-controlled personal data

Last updated: August 2025

This Data Processing Addendum (“DPA”) is entered into by and between the customer (the “Controller”) and Translated s.r.l. (“Processor”, “Lara”, “we”, “us”), and forms an integral part of the agreement between the parties governing the use of Lara Translate (the “Agreement”).
This DPA reflects the parties’ agreement with regard to the processing of Personal Data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (“GDPR”).

1. Definitions

Terms such as “Personal Data”, “Processing”, “Data Subject”, “Controller”, “Processor”, and “Supervisory Authority” shall have the same meaning as in the GDPR.
"Sub-processor" means any third party authorized by the Processor to process Personal Data on its behalf.

2. Scope and Roles

This DPA applies to the extent that Lara processes Personal Data on behalf of the Customer while providing the translation service (including via web app, API, integrations, or plugins).
The Customer acts as Data Controller, and Lara acts as Data Processor.

3. Processor’s Obligations

Lara agrees to:

  • Process Personal Data only on documented instructions from the Customer;

  • Ensure that persons authorized to process the data are bound by confidentiality obligations;

  • Implement appropriate technical and organizational measures to ensure data security;

  • Assist the Customer in responding to data subject requests and in ensuring compliance with Articles 32 to 36 of the GDPR;

  • Notify the Customer without undue delay in the event of a Personal Data Breach;

  • Delete or return all Personal Data after the end of service provision unless legally required to retain it;

  • Make available to the Customer all information reasonably necessary to demonstrate compliance and, where applicable, to facilitate audits in accordance with this DPA.

4. Sub-processors

Lara may engage Sub-processors to perform specific processing activities.
A current list of Sub-processors, including their roles and data processing locations, is available here.

We may update this list from time to time to add or replace Sub-processors. The Controller may object to the appointment of a new Sub-processor only if they reasonably believe that the Sub-processor cannot ensure an adequate level of protection for Personal Data. Such objection must be notified in writing to support@laratranslate.com within 30 days from the date the updated list is published.

Continued use of the Services after this period will constitute acceptance of the new Sub-processor.

5. International Transfers

Any transfer of Personal Data outside the EEA or Switzerland will be carried out in compliance with Chapter V of the GDPR.
Where applicable, Lara uses Standard Contractual Clauses (SCCs), approved Binding Corporate Rules (BCR), or ensures compliance with the EU–US Data Privacy Framework (DPF) as appropriate to the specific transfer.

Processing may take place within infrastructure located in the EEA or, for certain processing activities, in facilities operated outside the EEA (including the United States) under equivalent safeguards. All Personal Data transferred internationally is protected through strong encryption in transit, and no encryption keys are stored or accessible outside the EEA. Where processing occurs outside the EEA, it is non-persistent and limited to the time strictly necessary to perform the translation.

6. Data Subject Rights

Lara shall, to the extent technically feasible and legally permitted, assist the Controller in fulfilling its obligations to respond to requests from data subjects under applicable data protection laws. The Controller remains responsible for determining the validity of any request and for the ultimate response to the data subject.

7. Security Measures

Lara implements appropriate technical and organizational measures to protect Personal Data, including but not limited to:

  • Encrypted data transmission (HTTPS)

  • Access controls and authentication

  • Logging and monitoring

  • Isolated environments for sensitive operations

8. Retention and Deletion

Upon termination of the Agreement, Lara will delete or return all Personal Data processed on behalf of the Controller upon written request from the Controller, unless applicable law requires retention.

Retention periods vary depending on the type of data:

  • Content submitted for translation: Retained according to the selected mode.

    • In Learning Mode, content may be stored and used to update the user’s Translation Memories (TM) associated with their account. These TMs remain available for as long as the account remains open and active, unless the Controller requests deletion.

    • In Incognito Mode, content is discarded immediately after processing and no TM is updated.

  • User-uploaded resources (e.g., Translation Memories or glossaries): Retained for as long as the account remains open and active, unless the Controller requests deletion.

  • Technical and security logs: Automatically deleted after a limited retention period determined by Lara for security, debugging, and service integrity purposes.

  • Temporary copies of translated content: Where applicable, automatically deleted after the retention period necessary to complete processing and ensure service quality.

  • Account, billing information, and communications: Retained for the duration of the customer relationship and for the period required by applicable legal, regulatory, or tax obligations, or until deletion is requested by the Controller.

In all cases, Personal Data is securely deleted or anonymized when no longer required for the purposes for which it was collected, or upon written request from the Controller, unless applicable law requires retention.

9. Audit and Documentation

Lara shall make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA, including relevant documentation, certifications, and security audit reports where available.

The Customer may conduct audits, including inspections, upon reasonable prior written notice and no more than once per calendar year, unless otherwise required by applicable law or in the event of a confirmed Personal Data Breach.

Audits shall first be conducted remotely by reviewing the documentation provided by Lara. A physical inspection of facilities may only be requested if the remote review is insufficient to confirm compliance.

All audits shall be conducted during normal business hours, in a manner that does not unreasonably interfere with Lara’s operations, and shall be subject to confidentiality obligations.

Any costs and expenses incurred in connection with an audit shall be borne by the Customer, unless otherwise required by applicable law.

10. Liability

The liability of each party under this DPA, including any liability for breaches of applicable data protection laws, shall be subject to the limitations and exclusions of liability set out in the main Agreement. Nothing in this DPA shall increase or expand either party’s liability beyond the limits agreed in the main Agreement.

11. Miscellaneous

In the event of a conflict between the Agreement and this DPA, the provisions of this DPA shall prevail with respect to the processing of Personal Data.

This DPA shall remain in effect for as long as Lara processes Personal Data on behalf of the Customer under the Agreement, and shall automatically terminate upon the deletion or return of all such Personal Data in accordance with Section 8.

12. Contact

For any privacy-related requests, please contact: support@laratranslate.com

You may also contact us via postal mail at:

Translated S.r.l.
Via Indonesia, 23
00144 Rome, Italy