LingoHub
Data Processing Addendum (DPA)

Table of contents

This Data Processing Addendum (“DPA”) forms part of the Terms of Service or other master agreement (“Agreement”) between lingohub GmbH, Hauptplatz 23, 4020 Linz, Austria (“lingohub GmbH”, “Processor”) and the customer using the LingoHub Platform and/or Services (“Customer”, “Controller”). By creating an account, using LingoHub, or accepting this DPA electronically, the Customer enters into this DPA with lingohub GmbH.

1. Definitions

For the purposes of this DPA, the following terms have the meaning set out below.

  1. GDPR means Regulation (EU) 2016/679.

  2. Personal Data means any information relating to an identified or identifiable natural person.

  3. Processing means any operation performed on Personal Data.

  4. Controller means the entity which determines the purposes and means of the Processing.

  5. Processor means the entity that processes Personal Data on behalf of the Controller.

  6. Customer Data means any data submitted to LingoHub by or on behalf of the Customer.

  7. Sub-Processor means a third party engaged by lingohub GmbH to process Customer Data.

2. Scope and roles

The Customer is the Controller of Personal Data contained in Customer Data.

lingohub GmbH is the Processor.

lingohub GmbH processes Personal Data solely for the purpose of providing the LingoHub Platform and/or Services to the Customer.

If the Customer is itself a processor acting on behalf of a third party, the Customer confirms that it is authorized to appoint lingohub GmbH as a further processor.

3. Processing instructions

lingohub GmbH shall process Personal Data only on documented instructions from the Customer, which consist of:

  • The Agreement

  • This DPA

  • The Customer’s use and configuration of the LingoHub Platform and/or Services

  • Written instructions submitted via support or API

lingohub GmbH will not process Personal Data or Customer Data for its own purposes and will not use Customer Data, including any content, translations, prompts, or context, for training, fine-tuning, or improving any artificial intelligence or machine learning models, unless the Customer has explicitly opted in to such use.

4. Confidentiality

lingohub GmbH ensures that all persons authorized to process Personal Data are bound by confidentiality obligations.

5. Security

lingohub GmbH implements appropriate technical and organizational measures under Article 32 GDPR, including:

  • Encrypted storage and transmission

  • Access control and least privilege

  • Backup and recovery

  • Monitoring and logging

  • Physical and infrastructure security via AWS EU (Ireland)

These measures shall not be materially reduced during the term.

6. Personal data breaches

If lingohub GmbH becomes aware of a breach affecting Customer Data, it shall notify the Customer without undue delay and provide available information required under Articles 33 and 34 GDPR.

The Customer remains responsible for any notifications to authorities and data subjects.

7. Sub-Processors

The Customer authorizes lingohub GmbH to use Sub-Processors. A current list is available at: https://lingohub.com/sub-processors

lingohub GmbH will notify the Customer at least 30 days before adding or replacing a Sub-Processor. The Customer may object on reasonable data protection grounds. If no resolution is found, the Customer may terminate the affected service.

lingohub GmbH remains fully liable for its Sub-Processors.

8. Data subject rights

lingohub GmbH shall assist the Customer in fulfilling obligations under Articles 12 to 22 GDPR, including access, deletion, and portability, to the extent technically feasible.

Requests received directly by lingohub GmbH shall be forwarded to the Customer.

9. Data deletion

During the contract, the Customer can delete Customer Data via LingoHub.

Upon termination, lingohub GmbH will delete or anonymize Customer Data within 90 days unless legally required to retain it.

10. International transfers

Customer Data is stored in the European Union.

If Personal Data is accessed from or transferred to countries outside the EEA, lingohub GmbH relies on the EU Standard Contractual Clauses (2021/914) and, for the UK, the UK Addendum, which are incorporated by reference into this DPA.

By accepting this DPA, the Customer also accepts those transfer mechanisms.

11. Audits

The Customer may request reasonable audit information or certifications.

Upon reasonable notice, the Customer may conduct one audit per year at its own expense.

12. Liability

Liability under this DPA is subject to the liability limits outlined in the Agreement, except where the GDPR or the SCCs prohibit such limitations.

13. Governing law and venue

This DPA is governed by Austrian law. The exclusive venue is Linz, Austria.

14. Precedence

In case of conflict, this DPA prevails over the Agreement regarding data protection.

15. Acceptance

This DPA is concluded electronically when the Customer accepts it in the LingoHub Platform or continues to use the service after publication.

Try lingohub 14 days for free. No credit card. No catch. Cancel anytime