Privacy, Confidentiality and Data Security Policy
Last Updated: 13/01/2026
- Introduction
At GoTranslation (operated by Intertranslations S.A.), we are committed to protecting your privacy and ensuring the security of your personal data and confidential content. This policy explains how we collect, use, protect, and process your information in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). - Company Information and Data Controller
Intertranslations S.A. is the data controller responsible for your personal data.
United Kingdom Office (Primary):
St. Andrew’s House, St. Andrews Road
Cambridge CB4 1DL, United Kingdom
Telephone: +44 (0) 203 598 4625
Email: [email protected]
Web: https://www.gotranslation.com
Greece Office:
El. Venizelou 4
17676 Kallithea, Greece
Telephone: +30 210 9225000
Email: [email protected]
Web: https://www.intertranslations.gr
Data Protection Contact:
Email: [email protected]
For data protection queries and exercising your rights - Scope of This Policy
This Privacy Policy applies to:
Personal data collected when you visit www.gotranslation.com
Personal data collected when you create an account or use GoTranslation services
Personal data collected when you contact us via email, phone, or other channels
Personal data collected through cookies and similar technologies (see our Cookie Policy)
This policy does NOT cover:
Third-party websites linked from our website (they have their own privacy policies)
Services provided by third parties not under our control - Our Commitment to Privacy and Confidentiality
4.1 Privacy Principles
We are committed to:
Transparency: Being clear about what data we collect and how we use it
Lawfulness: Processing data only when we have a legal basis to do so
Purpose Limitation: Using data only for the purposes we’ve specified
Data Minimization: Collecting only the data we actually need
Accuracy: Keeping your data accurate and up-to-date
Storage Limitation: Keeping data only as long as necessary
Security: Protecting your data with appropriate technical and organizational measures
Accountability: Taking responsibility for our data protection practices
4.2 Confidentiality Commitment
We will never:
Disclose your personal information or content to unauthorized parties
Sell, rent, or trade your personal data
Use your translation content to train AI models or for any purpose other than providing services to you
Share your information with third parties except as specified in this policy
We will always:
Treat all client information and content as strictly confidential
Implement industry-leading security measures (ISO 27001 and CyberEssentials certified)
Require all staff, contractors, and partners to sign confidentiality agreements
Use secure, encrypted systems for data transmission and storage - What Personal Data We Collect
5.1 Information You Provide Directly
Account Information:
Full name
Email address
Company name and details (for business accounts)
Phone number (optional)
Billing address
Financial Information:
Payment card details (processed and stored by third-party payment processors only)
Transaction history
Billing information
Communication Data:
Content of emails, support tickets, and other communications with us
Phone call records (when you contact our support)
Feedback and survey responses
Job Application Data (if applicable):
CV/Resume
Cover letter
Professional references
Interview notes
5.2 Content You Upload to GoTranslation
Translation Content:
Source documents and files
Glossaries and translation memories you upload
Terminology you input or edit
Translated output
Important Note on Content:
You retain full ownership of all content you upload
We process your content solely to provide translation services
We do NOT use your content to train AI models
Content is subject to our data retention and deletion policies (see Section 11)
5.3 Information Collected Automatically
Technical Information:
IP address
Browser type and version
Operating system
Device type and model
Screen resolution
Time zone and geographical location (approximate)
Referring website
Pages visited and time spent on pages
Links clicked
Cookies and Tracking Technologies:
For details on cookies, please see our Cookie Policy.
5.4 Information We Do NOT Collect
We do not intentionally collect:
Special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health data, or data concerning sexual life or orientation) unless you voluntarily provide such information in uploaded content
Personal data of children under 16 without parental consent
If you provide special categories of data in your translation content, you acknowledge that we may process it as necessary to provide our services. - How We Use Your Personal Data
6.1 Legal Bases for Processing
We process your personal data under the following legal bases:
Contract Performance:
Processing necessary to provide GoTranslation services, including:
Creating and managing your account
Processing your translation orders
Delivering translated content to you
Providing customer support
Processing payments
Legal Obligations:
Processing necessary to comply with legal requirements, including:
Tax and accounting obligations
Regulatory compliance
Responding to legal requests from authorities
Fraud prevention and security
Legitimate Interests:
Processing necessary for our legitimate business interests, including:
Improving our services and website
Analyzing usage patterns and trends
Marketing our services (where you have not objected)
Protecting against fraud and security threats
Managing relationships with partners and suppliers
Consent:
Where required by law or where no other legal basis applies, we will obtain your explicit consent, including:
Marketing communications (where not based on legitimate interest)
Non-essential cookies
Any processing not covered by other legal bases
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
6.2 Specific Purposes
We use your personal data to:
Provide Services:
Process and deliver translation services
Analyze content for terminology extraction
Generate glossaries and translation memories
Optimize translation quality
Format and deliver output files
Communication:
Respond to your inquiries and support requests
Send order confirmations and updates
Provide technical support
Send important service announcements
Improve Services:
Analyze service usage and performance
Identify and fix technical issues
Develop new features and services
Conduct research and analysis
Business Operations:
Process payments and manage billing
Maintain accounts and records
Comply with legal and regulatory obligations
Prevent fraud and security breaches
Marketing (where permitted):
Send newsletters and promotional materials
Inform you about new features and services
Conduct customer satisfaction surveys
You can opt out of marketing communications at any time. - Third-Party AI Services and Data Processing
7.1 Use of Anthropic Claude API
GoTranslation utilizes Anthropic’s Claude API (a Large Language Model service) to power our translation capabilities. By using GoTranslation, you acknowledge and agree that your translation content will be processed through Anthropic’s services.
Important Information About Anthropic:
Data Training:
Anthropic does NOT use API customer data to train its AI models
Your content will never be used to improve Anthropic’s AI systems
This is guaranteed under Anthropic’s Commercial Terms of Service
Data Retention:
Anthropic retains API data for up to 7 days for Trust & Safety purposes
This retention is solely for abuse monitoring, security, and preventing misuse
After 7 days, your content is automatically deleted from Anthropic’s systems
Anthropic’s Commitment:
Data processed through the API is subject to strict confidentiality
Anthropic maintains SOC 2 Type II certification
Full compliance with data protection regulations
For Complete Details:
Anthropic Commercial Terms: https://www.anthropic.com/legal/commercial-terms
Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy
Anthropic Acceptable Use Policy: https://www.anthropic.com/legal/aup
7.2 Other Third-Party Services
Payment Processors:
Stripe, PayPal, Google Pay, and other approved processors
These services process and securely store payment card information
GoTranslation does NOT directly store payment card details
Subject to their respective privacy policies and Payment Card Industry Data Security Standard (PCI DSS) compliance
Analytics Services:
Google Analytics (for website usage analysis)
Data is aggregated and anonymized
See Cookie Policy for opt-out options
Cloud Infrastructure:
AWS, Google Cloud, or other cloud providers for hosting and storage
Subject to strict data processing agreements
ISO 27001 certified providers
7.3 Data Processing Agreements
All third-party service providers processing personal data on our behalf:
Operate under written data processing agreements
Are contractually obligated to protect your data
May only process data according to our instructions
Must implement appropriate security measures
Must comply with applicable data protection laws - International Data Transfers
8.1 Transfer Mechanisms
Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including:
United States (for Anthropic Claude API and certain cloud services)
Other countries where our service providers operate
Where we transfer data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs): EU/UK-approved model clauses
Adequacy Decisions: Transfers to countries with adequate data protection
Additional Security Measures: Encryption, access controls, and monitoring
8.2 US Data Transfers
Data transferred to the United States for Anthropic Claude API processing is protected by:
Standard Contractual Clauses
Anthropic’s strong data protection practices and commitments
Technical security measures (encryption in transit and at rest)
Limited retention periods (7 days maximum)
You consent to these international transfers as necessary to provide GoTranslation services. - Data Sharing and Disclosure
9.1 Who We Share Data With
We may share your personal data with:
Service Providers:
AI service providers (Anthropic)
Cloud hosting providers
Payment processors
Email service providers
Customer support platforms
Analytics services
Business Partners:
Translation agencies (only if you request human post-editing services)
Technology partners (under strict confidentiality agreements)
Legal and Regulatory Authorities:
Law enforcement and government agencies (when legally required)
Regulatory bodies (for compliance purposes)
Courts and legal advisors (for legal proceedings)
Corporate Transactions:
Potential buyers (in case of business sale or merger)
Professional advisors (auditors, legal counsel)
9.2 What We Share
With Service Providers:
Only data necessary for them to perform their specific functions
Translation content (to Anthropic for AI processing)
Payment information (to payment processors)
Technical information (to hosting providers)
With Authorities:
Only when legally required or to protect our rights
Minimum data necessary to comply with legal obligations
For Marketing:
We do NOT sell or rent your personal data to third parties for marketing purposes
We do NOT share your translation content with third parties for any reason except as specified above
9.3 Third-Party Confidentiality
All third parties with access to your data:
Are bound by confidentiality obligations
Must comply with data protection laws
May only use data for specified purposes
Must implement appropriate security measures - Data Security
10.1 Security Certifications
Intertranslations maintains:
ISO 27001 Certification: Information Security Management System
CyberEssentials Certification: UK government-backed cyber security scheme
Regular security audits and assessments
10.2 Technical Security Measures
We protect your data using:
Encryption:
TLS/SSL encryption for data in transit
AES-256 encryption for data at rest
Encrypted backups
Access Controls:
Role-based access controls (RBAC)
Multi-factor authentication (MFA) for staff
Principle of least privilege
Regular access reviews
Network Security:
Firewalls and intrusion detection systems
DDoS protection
Regular security monitoring
Secure server infrastructure
Application Security:
Secure coding practices
Regular security testing and vulnerability assessments
Penetration testing
Web application firewalls
Data Security:
Secure dedicated servers for portals
Database encryption
Secure backup systems
Data loss prevention measures
10.3 Organizational Security Measures
Staff Training:
Mandatory data protection training for all staff
Regular security awareness programs
Confidentiality agreements for all employees
Policies and Procedures:
Information security policies
Incident response procedures
Data breach notification procedures
Regular policy reviews and updates
Access Management:
Background checks for staff with data access
Limited access based on job role
Logging and monitoring of data access
Immediate access revocation upon employment termination
10.4 Vendor Security
All third-party vendors:
Undergo security assessments
Must maintain appropriate security certifications
Are contractually obligated to implement security measures
Are subject to regular security reviews
10.5 Data Breach Procedures
In the unlikely event of a data breach:
We will investigate and contain the breach immediately
We will notify affected individuals within 72 hours (as required by law)
We will notify relevant supervisory authorities
We will provide guidance on protective measures
We will take steps to prevent future breaches - Data Retention and Deletion
11.1 How Long We Keep Data
Account Data:
Retained for the duration of your account plus 90 days after account closure
Longer retention if required for legal, accounting, or dispute resolution purposes
Translation Content:
GoTranslation Policy: Content will be deleted immediately after successful delivery
Anthropic Retention: Content processed through Claude API is automatically deleted after 7 days
Transaction Records:
Retained for 7 years for tax and accounting purposes
Required by law for financial record-keeping
Communications:
Support tickets and communications retained for 3 years
May be retained longer if part of ongoing matters
Marketing Data:
Retained until you unsubscribe or object
Deleted within 30 days of unsubscribe request
11.2 Deletion Process
Automatic Deletion:
Content deletion after successful order completion
Anthropic deletes API received and generated data after 7 days automatically
Expired session data deleted regularly
User-Requested Deletion:
You may request deletion of your data at any time by contacting [email protected]
Upon deletion request:
Account data deleted within 30 days
Content deleted immediately unless retention is legally required
Some data may be retained in backup systems for up to 90 days
Transaction records retained as required by law
Exceptions to Deletion:
We may retain data longer when:
Required by law (tax, accounting, regulatory obligations)
Necessary for legal proceedings or disputes
Needed to protect our rights or prevent fraud
Anonymized for statistical analysis (no longer personal data)
11.3 Backup Systems
Data in backup systems:
Is subject to the same security measures
Will be deleted in accordance with backup retention schedules
Is not actively accessible but may be restored if necessary - Your Rights Under Data Protection Law
You have the following rights regarding your personal data:
12.1 Right of Access
You have the right to obtain:
Confirmation that we process your personal data
A copy of your personal data
Information about how we process your data
How to Exercise:
Email [email protected] with your request. We will provide the information within 30 days free of charge. Additional copies may incur a reasonable administrative fee.
12.2 Right to Rectification
You have the right to have inaccurate personal data corrected and incomplete data completed.
How to Exercise:
Email [email protected] or update your account information directly through your GoTranslation account settings.
12.3 Right to Erasure (“Right to be Forgotten”)
You have the right to request deletion of your personal data when:
The data is no longer necessary for the purposes for which it was collected
You withdraw consent (where processing is based on consent)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required to comply with a legal obligation
Exceptions:
We may refuse erasure where retention is necessary for:
Compliance with legal obligations
Establishment, exercise, or defense of legal claims
Other legitimate reasons specified in data protection law
How to Exercise:
Email [email protected] with a detailed explanation of your request.
12.4 Right to Restriction of Processing
You have the right to restrict processing when:
You contest the accuracy of the data (restriction while we verify)
Processing is unlawful but you prefer restriction to erasure
We no longer need the data but you need it for legal claims
You have objected to processing (restriction pending verification of legitimate grounds)
How to Exercise:
Email [email protected] specifying which situation applies.
12.5 Right to Data Portability
You have the right to:
Receive your personal data in a structured, commonly used, machine-readable format
Transmit your data to another controller
Conditions:
Processing is based on consent or contract
Processing is carried out by automated means
How to Exercise:
Email [email protected] specifying whether you want to receive your data or have it transmitted to another controller.
12.6 Right to Object
You have the right to object to processing based on:
Legitimate interests (including profiling)
Direct marketing (including profiling for marketing)
Scientific/historical research or statistical purposes
For Direct Marketing:
You can object at any time, and we will stop processing immediately. Use the “unsubscribe” link in marketing emails or email [email protected].
For Other Processing:
We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims.
How to Exercise:
Email [email protected] stating which processing you object to and your reasons.
12.7 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw consent at any time.
Effect of Withdrawal:
Does not affect the lawfulness of processing before withdrawal
We will stop processing unless we have another legal basis
May affect our ability to provide certain services
How to Exercise:
Email [email protected] or use opt-out links in communications.
12.8 Automated Decision-Making and Profiling
We do not use fully automated decision-making or profiling that produces legal effects or similarly significantly affects you.
If we introduce such processing in the future, we will:
Inform you clearly
Provide meaningful information about the logic involved
Give you the right to obtain human intervention
Allow you to express your view and contest the decision
12.9 Response Time and Process
We will respond to your requests within 30 days (1 month).
If the request is complex or we receive multiple requests, we may extend the period by 2 additional months. We will inform you of any extension and the reasons within 30 days.
Verification:
We may request additional information to verify your identity before responding to your request.
Fees:
Requests are generally free. We may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive.
How to Submit Requests:
Email: [email protected]
Include: Your full name, account email, specific right you wish to exercise, and any supporting information - Complaints and Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the relevant supervisory authority.
13.1 UK Users
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Email: [email protected]
Online: https://ico.org.uk/make-a-complaint/
13.2 EU Users
Contact your local data protection authority. A list is available at:
https://edpb.europa.eu/about-edpb/board/members_en
13.3 Greece Users
Hellenic Data Protection Authority
Website: https://www.dpa.gr
Address: 1-3 Leoforos Kifissias, 115 23 Athens, Greece
Telephone: +30 210 6475600
Email: [email protected]
We encourage you to contact us first at [email protected] so we can address your concerns directly. - Children’s Privacy
GoTranslation is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.
If you believe we have collected data from a child under 16, please contact us immediately at [email protected], and we will delete the information promptly. - Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
Changes in our practices or services
Changes in applicable laws or regulations
Feedback from users or regulatory authorities
Technological developments
15.1 Notification of Changes
We will notify you of material changes by:
Posting the updated policy on our website with a new “Last Updated” date
Displaying a prominent notice on www.gotranslation.com
Sending an email notification (for significant changes)
15.2 Your Acceptance
Continued use of GoTranslation after changes constitutes acceptance of the updated policy. If you do not agree with changes, you should discontinue use and may request deletion of your account and data.
We encourage you to review this policy periodically to stay informed about how we protect your data. - Additional Information
16.1 Non-Disclosure Agreements
For enterprise clients or sensitive projects, we are happy to sign:
Non-Disclosure Agreements (NDAs)
Data Processing Agreements (DPAs)
Custom confidentiality agreements
Contact us at [email protected] to discuss your requirements.
16.2 Professional Translation Services
For projects requiring human post-editing or professional translation services with quality guarantees:
Contact us at [email protected] for a quotation
Professional services are subject to additional terms and agreements
ISO 17100 quality standards apply to human translation services
16.3 Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to read their privacy policies. - Contact Information
17.1 General Inquiries
United Kingdom:
Email: [email protected]
Phone: +44 (0) 203 598 4625
Address: St. Andrew’s House, St. Andrews Road, Cambridge CB4 1DL, UK
Greece:
Email: [email protected]
Phone: +30 210 9225000
Address: El. Venizelou 4, 17676 Kallithea, Greece
17.2 Data Protection Inquiries
Data Protection Officer:
Email: [email protected]
Subject Line: “Data Protection Inquiry” or “Privacy Rights Request”
Response Time: We aim to respond to all inquiries within 5 business days, and to formal rights requests within 30 days as required by law.
This Privacy Policy was last updated on 13/01/2026.
By using GoTranslation, you acknowledge that you have read, understood, and agree to this Privacy, Confidentiality and Data Security Policy.
© 2025 Intertranslations S.A. All rights reserved.
