Lingfaro
DPA

Data Processing Addendum (DPA)

For State and county agencies, schools, and other institutional clients

Template — not legal advice. TEMPLATE — NOT LEGAL ADVICE. This document is a sample template provided for informational purposes only. It is not legal advice, not an offer, and not an executed agreement. It may not fit your jurisdiction, your regulatory obligations, or the specifics of your engagement. Have it reviewed and adapted by qualified legal counsel before use. Enhanced Language & Cultural Services, LLC (d/b/a Lingfaro) makes no warranty, express or implied, regarding this template and disclaims all liability for its use.
Download .txt 
DATA PROCESSING ADDENDUM (TEMPLATE)

This Data Processing Addendum ("DPA") supplements the agreement between
[CLIENT LEGAL NAME] ("Controller") and Enhanced Language & Cultural Services,
LLC, d/b/a Lingfaro ("Processor"), effective [EFFECTIVE DATE].

1. SCOPE AND ROLES
   Controller determines the purposes and means of processing Personal Data.
   Processor processes Personal Data only on Controller's documented
   instructions, including those set out in this DPA and the underlying
   agreement.

2. NATURE OF PROCESSING
   2.1 Subject matter: interpreter dispatch and related services.
   2.2 Categories of data subjects: Controller's staff and authorized users;
       limited end-client identifiers needed to schedule sessions.
   2.3 Categories of Personal Data: names, business contact details, account
       identifiers, scheduling metadata (language, modality, time, location).
   2.4 Processor is designed to avoid receiving special-category or clinical
       content during ordinary use.

3. CONFIDENTIALITY
   Processor ensures persons authorized to process Personal Data are bound by
   confidentiality obligations.

4. SECURITY
   Processor implements appropriate technical and organizational measures,
   including encryption in transit and at rest, access controls, and logging,
   appropriate to the risk.

5. SUB-PROCESSORS
   Controller authorizes Processor to engage sub-processors for payments,
   authentication, transactional email, hosting, product analytics, and trusted
   timestamping. Processor maintains a current, public list of named
   sub-processors at https://lingfaro.com/subprocessors/ and imposes
   data-protection terms on each sub-processor no less protective than this DPA.

6. DATA SUBJECT RIGHTS
   Processor assists Controller, by appropriate measures, in responding to
   requests to exercise data-subject rights, taking into account the nature of
   the processing.

7. PERSONAL DATA BREACH
   Processor notifies Controller without undue delay after becoming aware of a
   Personal Data Breach affecting Controller's data, and provides information
   reasonably available to assist Controller's own notification obligations.

8. DELETION AND RETURN
   On termination, Processor deletes or returns Personal Data at Controller's
   choice, except where retention is required by law.

9. AUDITS
   Processor makes available information necessary to demonstrate compliance and
   allows for and contributes to audits, including inspections, conducted by
   Controller or an auditor it mandates, subject to reasonable confidentiality
   and scheduling terms.

10. GOVERNING LAW
    This DPA is governed by the laws of the State of Minnesota, without prejudice
    to mandatory data-protection laws applicable to Controller.

CONTROLLER                              PROCESSOR (LINGFARO)
By: ____________________________        By: ____________________________
Name: __________________________        Name: __________________________
Title: _________________________        Title: _________________________
Date: __________________________        Date: __________________________

Other templates