Privacy, Confidentiality and Data Security Policy

Last Updated: 13/01/2026

1. Introduction

At GoTranslation (operated by Intertranslations S.A.), we are committed to protecting your privacy and ensuring the security of your personal data and confidential content. This policy explains how we collect, use, protect, and process your information in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

2. Company Information and Data Controller

Intertranslations S.A. is the data controller responsible for your personal data.

United Kingdom Office (Primary):

St. Andrew’s House, St. Andrews Road

Cambridge CB4 1DL, United Kingdom

Telephone: +44 (0) 203 598 4625

Email: [email protected]

Web: https://www.gotranslation.com

Greece Office:

El. Venizelou 4

17676 Kallithea, Greece

Telephone: +30 210 9225000

Email: [email protected]

Web: https://www.intertranslations.gr

Data Protection Contact:

Email: [email protected]

For data protection queries and exercising your rights

3. Scope of This Policy

This Privacy Policy applies to:

• Personal data collected when you visit www.gotranslation.com
• Personal data collected when you create an account or use GoTranslation services
• Personal data collected when you contact us via email, phone, or other channels
• Personal data collected through cookies and similar technologies (see our Cookie Policy)

This policy does NOT cover:

• Third-party websites linked from our website (they have their own privacy policies)
• Services provided by third parties not under our control

4. Our Commitment to Privacy and Confidentiality

4.1 Privacy Principles

We are committed to:

• Transparency: Being clear about what data we collect and how we use it
• Lawfulness: Processing data only when we have a legal basis to do so
• Purpose Limitation: Using data only for the purposes we’ve specified
• Data Minimization: Collecting only the data we actually need
• Accuracy: Keeping your data accurate and up-to-date
• Storage Limitation: Keeping data only as long as necessary
• Security: Protecting your data with appropriate technical and organizational measures
• Accountability: Taking responsibility for our data protection practices

4.2 Confidentiality Commitment

We will never:

• Disclose your personal information or content to unauthorized parties
• Sell, rent, or trade your personal data
• Use your translation content to train AI models or for any purpose other than providing services to you
• Share your information with third parties except as specified in this policy

We will always:

• Treat all client information and content as strictly confidential
• Implement industry-leading security measures (ISO 27001 and CyberEssentials certified)
• Require all staff, contractors, and partners to sign confidentiality agreements
• Use secure, encrypted systems for data transmission and storage

5. What Personal Data We Collect

5.1 Information You Provide Directly

Account Information:

• Full name
• Email address
• Company name and details (for business accounts)
• Phone number (optional)
• Billing address

Financial Information:

• Payment card details (processed and stored by third-party payment processors only)
• Transaction history
• Billing information

Communication Data:

• Content of emails, support tickets, and other communications with us
• Phone call records (when you contact our support)
• Feedback and survey responses

Job Application Data (if applicable):

• CV/Resume
• Cover letter
• Professional references
• Interview notes

5.2 Content You Upload to GoTranslation

Translation Content:

• Source documents and files
• Glossaries and translation memories you upload
• Terminology you input or edit
• Translated output

Important Note on Content:

• You retain full ownership of all content you upload
• We process your content solely to provide translation services
• We do NOT use your content to train AI models
• Content is subject to our data retention and deletion policies (see Section 11)

5.3 Information Collected Automatically

Technical Information:

• IP address
• Browser type and version
• Operating system
• Device type and model
• Screen resolution
• Time zone and geographical location (approximate)
• Referring website
• Pages visited and time spent on pages
• Links clicked

Cookies and Tracking Technologies:

For details on cookies, please see our Cookie Policy.

5.4 Information We Do NOT Collect

We do not intentionally collect:

• Special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health data, or data concerning sexual life or orientation) unless you voluntarily provide such information in uploaded content
• Personal data of children under 16 without parental consent

If you provide special categories of data in your translation content, you acknowledge that we may process it as necessary to provide our services.

6. How We Use Your Personal Data

6.1 Legal Bases for Processing

We process your personal data under the following legal bases:

Contract Performance:

Processing necessary to provide GoTranslation services, including:

• Creating and managing your account
• Processing your translation orders
• Delivering translated content to you
• Providing customer support
• Processing payments

Legal Obligations:

Processing necessary to comply with legal requirements, including:

• Tax and accounting obligations
• Regulatory compliance
• Responding to legal requests from authorities
• Fraud prevention and security

Legitimate Interests:

Processing necessary for our legitimate business interests, including:

• Improving our services and website
• Analyzing usage patterns and trends
• Marketing our services (where you have not objected)
• Protecting against fraud and security threats
• Managing relationships with partners and suppliers

Consent:

Where required by law or where no other legal basis applies, we will obtain your explicit consent, including:

• Marketing communications (where not based on legitimate interest)
• Non-essential cookies
• Any processing not covered by other legal bases

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

6.2 Specific Purposes

We use your personal data to:

Provide Services:

• Process and deliver translation services
• Analyze content for terminology extraction
• Generate glossaries and translation memories
• Optimize translation quality
• Format and deliver output files

Communication:

• Respond to your inquiries and support requests
• Send order confirmations and updates
• Provide technical support
• Send important service announcements

Improve Services:

• Analyze service usage and performance
• Identify and fix technical issues
• Develop new features and services
• Conduct research and analysis

Business Operations:

• Process payments and manage billing
• Maintain accounts and records
• Comply with legal and regulatory obligations
• Prevent fraud and security breaches

Marketing (where permitted):

• Send newsletters and promotional materials
• Inform you about new features and services
• Conduct customer satisfaction surveys

You can opt out of marketing communications at any time.

7. Third-Party AI Services and Data Processing

7.1 Use of Anthropic Claude API

GoTranslation utilizes Anthropic’s Claude API (a Large Language Model service) to power our translation capabilities. By using GoTranslation, you acknowledge and agree that your translation content will be processed through Anthropic’s services.

Important Information About Anthropic:

Data Training:

• Anthropic does NOT use API customer data to train its AI models
• Your content will never be used to improve Anthropic’s AI systems
• This is guaranteed under Anthropic’s Commercial Terms of Service

Data Retention:

• Anthropic retains API data for up to 7 days for Trust & Safety purposes
• This retention is solely for abuse monitoring, security, and preventing misuse
• After 7 days, your content is automatically deleted from Anthropic’s systems

Anthropic’s Commitment:

• Data processed through the API is subject to strict confidentiality
• Anthropic maintains SOC 2 Type II certification
• Full compliance with data protection regulations

For Complete Details:

• Anthropic Commercial Terms: https://www.anthropic.com/legal/commercial-terms
• Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy
• Anthropic Acceptable Use Policy: https://www.anthropic.com/legal/aup

7.2 Other Third-Party Services

Payment Processors:

• Stripe, PayPal, Google Pay, and other approved processors
• These services process and securely store payment card information
• GoTranslation does NOT directly store payment card details
• Subject to their respective privacy policies and Payment Card Industry Data Security Standard (PCI DSS) compliance

Analytics Services:

• Google Analytics (for website usage analysis)
• Data is aggregated and anonymized
• See Cookie Policy for opt-out options

Cloud Infrastructure:

• AWS, Google Cloud, or other cloud providers for hosting and storage
• Subject to strict data processing agreements
• ISO 27001 certified providers

7.3 Data Processing Agreements

All third-party service providers processing personal data on our behalf:

• Operate under written data processing agreements
• Are contractually obligated to protect your data
• May only process data according to our instructions
• Must implement appropriate security measures
• Must comply with applicable data protection laws

8. International Data Transfers

8.1 Transfer Mechanisms

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including:

• United States (for Anthropic Claude API and certain cloud services)
• Other countries where our service providers operate

Where we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): EU/UK-approved model clauses
• Adequacy Decisions: Transfers to countries with adequate data protection
• Additional Security Measures: Encryption, access controls, and monitoring

8.2 US Data Transfers

Data transferred to the United States for Anthropic Claude API processing is protected by:

• Standard Contractual Clauses
• Anthropic’s strong data protection practices and commitments
• Technical security measures (encryption in transit and at rest)
• Limited retention periods (7 days maximum)

You consent to these international transfers as necessary to provide GoTranslation services.

9. Data Sharing and Disclosure

9.1 Who We Share Data With

We may share your personal data with:

Service Providers:

• AI service providers (Anthropic)
• Cloud hosting providers
• Payment processors
• Email service providers
• Customer support platforms
• Analytics services

Business Partners:

• Translation agencies (only if you request human post-editing services)
• Technology partners (under strict confidentiality agreements)

Legal and Regulatory Authorities:

• Law enforcement and government agencies (when legally required)
• Regulatory bodies (for compliance purposes)
• Courts and legal advisors (for legal proceedings)

Corporate Transactions:

• Potential buyers (in case of business sale or merger)
• Professional advisors (auditors, legal counsel)

9.2 What We Share

With Service Providers:

• Only data necessary for them to perform their specific functions
• Translation content (to Anthropic for AI processing)
• Payment information (to payment processors)
• Technical information (to hosting providers)

With Authorities:

• Only when legally required or to protect our rights
• Minimum data necessary to comply with legal obligations

For Marketing:

• We do NOT sell or rent your personal data to third parties for marketing purposes
• We do NOT share your translation content with third parties for any reason except as specified above

9.3 Third-Party Confidentiality

All third parties with access to your data:

• Are bound by confidentiality obligations
• Must comply with data protection laws
• May only use data for specified purposes
• Must implement appropriate security measures

10. Data Security

10.1 Security Certifications

Intertranslations maintains:

• ISO 27001 Certification: Information Security Management System
• CyberEssentials Certification: UK government-backed cyber security scheme
• Regular security audits and assessments

10.2 Technical Security Measures

We protect your data using:

Encryption:

• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Encrypted backups

Access Controls:

• Role-based access controls (RBAC)
• Multi-factor authentication (MFA) for staff
• Principle of least privilege
• Regular access reviews

Network Security:

• Firewalls and intrusion detection systems
• DDoS protection
• Regular security monitoring
• Secure server infrastructure

Application Security:

• Secure coding practices
• Regular security testing and vulnerability assessments
• Penetration testing
• Web application firewalls

Data Security:

• Secure dedicated servers for portals
• Database encryption
• Secure backup systems
• Data loss prevention measures

10.3 Organizational Security Measures

Staff Training:

• Mandatory data protection training for all staff
• Regular security awareness programs
• Confidentiality agreements for all employees

Policies and Procedures:

• Information security policies
• Incident response procedures
• Data breach notification procedures
• Regular policy reviews and updates

Access Management:

• Background checks for staff with data access
• Limited access based on job role
• Logging and monitoring of data access
• Immediate access revocation upon employment termination

10.4 Vendor Security

All third-party vendors:

• Undergo security assessments
• Must maintain appropriate security certifications
• Are contractually obligated to implement security measures
• Are subject to regular security reviews

10.5 Data Breach Procedures

In the unlikely event of a data breach:

• We will investigate and contain the breach immediately
• We will notify affected individuals within 72 hours (as required by law)
• We will notify relevant supervisory authorities
• We will provide guidance on protective measures
• We will take steps to prevent future breaches

11. Data Retention and Deletion

11.1 How Long We Keep Data

Account Data:

• Retained for the duration of your account plus 90 days after account closure
• Longer retention if required for legal, accounting, or dispute resolution purposes

Translation Content:

• GoTranslation Policy: Content used for the translation such as files to be translated, translation memories provided by the client and/or generated by the system, glossaries provided by the client, generated by the system and/or edited by the client, bilingual files provided by the client and/or generated by the system, as well as generated translation files will be deleted 7 days after the order.
• Anthropic Retention: Content processed through Claude API is automatically deleted after 7 days.

Translation Content:

• GoTranslation Policy: Content will be deleted immediately after successful delivery
• Anthropic Retention: Content processed through Claude API is automatically deleted after 7 days

Transaction Records:

• Retained for 7 years for tax and accounting purposes
• Required by law for financial record-keeping

Communications:

• Support tickets and communications retained for 3 years
• May be retained longer if part of ongoing matters

Marketing Data:

• Retained until you unsubscribe or object
• Deleted within 30 days of unsubscribe request

11.2 Deletion Process

Automatic Deletion:

• Content deletion after successful order completion 
• Anthropic deletes API received and generated data after 7 days automatically
• Expired session data deleted regularly

User-Requested Deletion:

You may request deletion of your data at any time by contacting [email protected]

Upon deletion request:

• Account data deleted within 30 days
• Content deleted immediately unless retention is legally required
• Some data may be retained in backup systems for up to 90 days
• Transaction records retained as required by law

Exceptions to Deletion:

We may retain data longer when:

• Required by law (tax, accounting, regulatory obligations)
• Necessary for legal proceedings or disputes
• Needed to protect our rights or prevent fraud
• Anonymized for statistical analysis (no longer personal data)

11.3 Backup Systems

Data in backup systems:

• Is subject to the same security measures
• Will be deleted in accordance with backup retention schedules
• Is not actively accessible but may be restored if necessary

12. Your Rights Under Data Protection Law

You have the following rights regarding your personal data:

12.1 Right of Access

You have the right to obtain:

• Confirmation that we process your personal data
• A copy of your personal data
• Information about how we process your data

How to Exercise:

Email [email protected] with your request. We will provide the information within 30 days free of charge. Additional copies may incur a reasonable administrative fee.

12.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to Exercise:

Email [email protected] or update your account information directly through your GoTranslation account settings.

12.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required to comply with a legal obligation

Exceptions:

We may refuse erasure where retention is necessary for:

• Compliance with legal obligations
• Establishment, exercise, or defense of legal claims
• Other legitimate reasons specified in data protection law

How to Exercise:

Email [email protected] with a detailed explanation of your request.

12.4 Right to Restriction of Processing

You have the right to restrict processing when:

• You contest the accuracy of the data (restriction while we verify)
• Processing is unlawful but you prefer restriction to erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (restriction pending verification of legitimate grounds)

How to Exercise:

Email [email protected] specifying which situation applies.

12.5 Right to Data Portability

You have the right to:

• Receive your personal data in a structured, commonly used, machine-readable format
• Transmit your data to another controller

Conditions:

• Processing is based on consent or contract
• Processing is carried out by automated means

How to Exercise:

Email [email protected] specifying whether you want to receive your data or have it transmitted to another controller.

12.6 Right to Object

You have the right to object to processing based on:

• Legitimate interests (including profiling)
• Direct marketing (including profiling for marketing)
• Scientific/historical research or statistical purposes

For Direct Marketing:

You can object at any time, and we will stop processing immediately. Use the “unsubscribe” link in marketing emails or email [email protected].

For Other Processing:

We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims.

How to Exercise:

Email [email protected] stating which processing you object to and your reasons.

12.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time.

Effect of Withdrawal:

• Does not affect the lawfulness of processing before withdrawal
• We will stop processing unless we have another legal basis
• May affect our ability to provide certain services

How to Exercise:

Email [email protected] or use opt-out links in communications.

12.8 Automated Decision-Making and Profiling

We do not use fully automated decision-making or profiling that produces legal effects or similarly significantly affects you.

If we introduce such processing in the future, we will:

• Inform you clearly
• Provide meaningful information about the logic involved
• Give you the right to obtain human intervention
• Allow you to express your view and contest the decision

12.9 Response Time and Process

We will respond to your requests within 30 days (1 month).

If the request is complex or we receive multiple requests, we may extend the period by 2 additional months. We will inform you of any extension and the reasons within 30 days.

Verification:

We may request additional information to verify your identity before responding to your request.

Fees:

Requests are generally free. We may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive.

How to Submit Requests:

Email: [email protected]

Include: Your full name, account email, specific right you wish to exercise, and any supporting information

13. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the relevant supervisory authority.

13.1 UK Users

Information Commissioner’s Office (ICO)

Website: https://ico.org.uk

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Email: [email protected]

Online: https://ico.org.uk/make-a-complaint/

13.2 EU Users

Contact your local data protection authority. A list is available at:

https://edpb.europa.eu/about-edpb/board/members_en

13.3 Greece Users

Hellenic Data Protection Authority

Website: https://www.dpa.gr

Address: 1-3 Leoforos Kifissias, 115 23 Athens, Greece

Telephone: +30 210 6475600

Email: [email protected]

We encourage you to contact us first at [email protected] so we can address your concerns directly.

14. Children’s Privacy

GoTranslation is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

If you believe we have collected data from a child under 16, please contact us immediately at [email protected], and we will delete the information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices or services
• Changes in applicable laws or regulations
• Feedback from users or regulatory authorities
• Technological developments

15.1 Notification of Changes

We will notify you of material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Displaying a prominent notice on www.gotranslation.com
• Sending an email notification (for significant changes)

15.2 Your Acceptance

Continued use of GoTranslation after changes constitutes acceptance of the updated policy. If you do not agree with changes, you should discontinue use and may request deletion of your account and data.

We encourage you to review this policy periodically to stay informed about how we protect your data.

16. Additional Information

16.1 Non-Disclosure Agreements

For enterprise clients or sensitive projects, we are happy to sign:

• Non-Disclosure Agreements (NDAs)
• Data Processing Agreements (DPAs)
• Custom confidentiality agreements

Contact us at [email protected] to discuss your requirements.

16.2 Professional Translation Services

For projects requiring human post-editing or professional translation services with quality guarantees:

• Contact us at [email protected] for a quotation
• Professional services are subject to additional terms and agreements
• ISO 17100 quality standards apply to human translation services

16.3 Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to read their privacy policies.

17. Contact Information

17.1 General Inquiries

United Kingdom:

Email: [email protected]

Phone: +44 (0) 203 598 4625

Address: St. Andrew’s House, St. Andrews Road, Cambridge CB4 1DL, UK

Greece:

Email: [email protected]

Phone: +30 210 9225000

Address: El. Venizelou 4, 17676 Kallithea, Greece

17.2 Data Protection Inquiries

Data Protection Officer:

Email: [email protected]

Subject Line: “Data Protection Inquiry” or “Privacy Rights Request”

Response Time: We aim to respond to all inquiries within 5 business days, and to formal rights requests within 30 days as required by law.

________________________________________________________________________________

This Privacy Policy was last updated on 13/01/2026.

By using GoTranslation, you acknowledge that you have read, understood, and agree to this Privacy, Confidentiality and Data Security Policy.

________________________________________________________________________________

© 2025 Intertranslations S.A. All rights reserved.