Privacy Policy

Last updated: June 1, 2024

This Privacy Policy (the “Policy”) explains how personal information is collected, used, disclosed, and protected in connection with our website, our services, and our communications with you, and describes the choices and rights available to you. This Policy should be read together with our Refund Policy and is incorporated into and forms a part of the Terms of Service.

1. Scope

This Policy applies to personal information we collect through our website, through our certified and standard translation, apostille assistance, notarization, and related professional services, through our customer support channels, and through our marketing communications. It does not apply to the practices of any third party we do not own or control, including without limitation our payment processors, our shipping carriers, our advertising platforms, and any government or other authority to which a document may be submitted on your instructions.

2. Information We Collect

We collect personal information directly from you when you place an order, create an account, contact us, subscribe to our communications, respond to a survey, or otherwise use our website. We also collect information automatically from the devices you use to access our website, and we receive information from service providers and other third parties acting on our behalf.

Categories of personal information we collect include, without limitation:

  • Identifiers and contact information. Name, email address, mailing address, billing address, shipping address, telephone number, and account credentials.
  • Customer and transaction information. Order history, services purchased, languages and document types ordered, communications about orders, certifications and notarizations issued, delivery information, customer-support history, and feedback.
  • Payment information. Cardholder name, billing address, payment method type, last four digits of the card, and authorization tokens. Full payment-card numbers and security codes are entered directly with our payment processors and are not stored on our systems.
  • Source-document content. The content of the documents and other source materials you submit for translation, certification, notarization, or apostille assistance. These materials frequently contain personal information about you and about third parties, including without limitation names, dates of birth, addresses, government-issued identifiers, immigration data, financial data, employment data, educational data, medical and health data, and family relationships.
  • Device and online-activity information. IP address, device identifiers, browser type and version, operating system, referring URL, pages viewed, links clicked, search terms, session duration, approximate location derived from IP, and cookies and similar technologies.
  • Inferences. Limited inferences drawn from account, transaction, device, and online-activity information to support service delivery, fraud prevention, security, and website analytics. We do not draw inferences from source-document content or Sensitive Personal Information to create consumer profiles or infer characteristics.

3. How We Use Information

We use personal information to operate our business and to provide the services you request. Specifically, we use personal information to: provide, perform, and deliver the services; communicate with you about your account, your orders, our notices, our updates, and your inquiries; process payments and detect, prevent, and investigate fraud, security incidents, and abuse; comply with legal and regulatory obligations and enforce our agreements; improve, develop, and analyze our services, website, and customer support; market and promote our services where permitted by law; and protect the rights, property, and safety of LingvaShop, our personnel, our customers, and the public. For clarity, our use of source-document content and Sensitive Personal Information is subject to the additional restrictions in Section 4 and the California Notice below.

4. Source-Document Content

Source documents you submit are processed for the limited purposes of providing the services you request, performing quality control, addressing customer-support inquiries, retaining records as required by law and as required to respond to subsequent revision requests and disputes, and meeting our compliance and audit obligations. Access to source-document content within our organization is limited to personnel and qualified contractors who have a need to access the content to perform the services or to support the foregoing purposes, and all such personnel and contractors are bound by confidentiality obligations.

Notwithstanding anything else in this Policy, we do not use source-document content or any Sensitive Personal Information contained in customer documents for advertising, cross-context behavioral advertising, third-party marketing, unrelated analytics, the training of public, third-party, or generally available artificial-intelligence or machine-learning models, or the creation of consumer profiles. We use source-document content and Sensitive Personal Information solely as reasonably necessary and proportionate to provide the Services requested by the customer, perform quality control, communicate about the order, prevent and investigate fraud and security incidents, comply with legal obligations, enforce our agreements, maintain business records, and handle support requests, revision requests, disputes, chargebacks, and audits. We do not use Sensitive Personal Information to infer characteristics about any consumer.

5. Cookies and Similar Technologies

We and our service providers use cookies, pixels, tags, local storage, and similar technologies on our website to operate the website, remember your preferences, authenticate you, maintain your cart and session, measure and analyze use of our website, prevent and investigate fraud and abuse, and support our marketing communications. You can manage cookies through your browser settings, although disabling cookies may affect the functionality of parts of the website. We respond to Global Privacy Control (GPC) signals as required by California law where applicable.

6. How We Disclose Information

We disclose personal information for the business and commercial purposes described in this Policy to the following categories of recipients:

  • Service providers. Companies and contractors that perform services on our behalf, including without limitation translators, reviewers, notaries, hosting providers, cloud-storage providers, email and communications providers, payment processors, shipping carriers (United States Postal Service (USPS), FedEx, UPS, DHL Express), customer-support tools, analytics providers, and security and anti-fraud providers, in each case subject to confidentiality and data-protection obligations appropriate to the nature of the service, whether arising from applicable law or the service provider’s published privacy and security commitments, and only to the extent reasonably necessary for the service they provide.
  • Recipients you direct. Persons, agencies, and authorities to whom you direct us to deliver or submit a document on your behalf, including without limitation apostille authorities, courts, and embassies and consulates.
  • Affiliates. Our parent, subsidiaries, and other affiliates, where applicable, for the purposes described in this Policy.
  • Legal and safety. Law-enforcement, regulators, courts, and other authorities, and other persons, where we believe in good faith that disclosure is required by law, by legal process, or to protect our rights, property, safety, or security, our personnel, our customers, or the public, to enforce our agreements, or to investigate or prevent fraud, abuse, or security incidents.
  • Corporate transactions. Acquirers, investors, advisors, lenders, and other participants in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of all or part of our assets, or other corporate transaction, in each case subject to customary confidentiality obligations.

We do not sell personal information for money, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the services, to respond to revision and support requests, to maintain business records, to enforce our agreements, to detect and prevent fraud, and to comply with our legal, accounting, tax, and audit obligations. Where personal information is no longer required for these purposes, we delete it, deidentify it, or aggregate it, unless a longer retention period is required or permitted by law.

We determine retention periods based on the category of personal information, the nature of the customer relationship, the type of Service ordered, applicable legal and accounting requirements, fraud-prevention needs, dispute and chargeback risk, and the need to respond to revision, support, audit, and compliance requests. In general:

  • Order, transaction, invoice, payment, and customer-support records are retained for the period reasonably necessary for accounting, tax, audit, fraud-prevention, chargeback, and dispute-resolution purposes.
  • Source documents and deliverables are retained for the period reasonably necessary to provide the Services, support revisions, maintain quality-control records, respond to disputes or chargebacks, and comply with legal obligations.
  • Account, login, and authentication records are retained for the period reasonably necessary for security, fraud prevention, and continuity of the customer relationship.
  • Website, device, cookie, and analytics data are retained for the period reasonably necessary for security, fraud prevention, website operation, analytics, and legal compliance.
  • Marketing contact information is retained until you unsubscribe, opt out, or the information is no longer needed for lawful marketing purposes.
  • Records of privacy requests and related verification information are retained for the period required by applicable law.

8. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. These safeguards include without limitation access controls encryption of data in transit, confidentiality expectations on personnel and contractors appropriate to their role, and ongoing review of our security program. No method of transmission over the internet and no method of electronic storage is fully secure, however, and we cannot and do not guarantee absolute security. You are responsible for safeguarding your account credentials and the devices you use to access our services.

9. International Data Transfers

We are based in the United States and operate primarily from the United States. Personal information we collect may be processed and stored in the United States and in other countries where our service providers operate. Data-protection laws in those countries may differ from those of your country of residence. Where required by applicable law, we use appropriate safeguards to protect personal information that is transferred internationally.

10. Your Rights

Depending on where you reside and on applicable law, you may have rights with respect to your personal information, including without limitation the rights to access, correct, delete, restrict, port, and object to certain processing of your personal information, and to withdraw consent where processing is based on consent. To exercise these rights, please contact us using the details in Section 14. We will respond within the time required by applicable law. We may need to verify your identity before fulfilling your request and may decline a request to the extent permitted or required by applicable law. Specific procedures for California residents are set out in Section 12.

11. Children’s Privacy

Our website and Services are intended for adults and are not directed to children. We do not knowingly collect personal information directly from children under the age of sixteen (16). However, adult customers may submit source documents that contain personal information about minors, including without limitation birth certificates, school and academic records, immigration records, family records, and medical records. In those cases, we process the minor’s information only as reasonably necessary and proportionate to provide the Services requested by the adult customer and for the related purposes described in this Policy, and not for advertising, cross-context behavioral advertising, third-party marketing, unrelated analytics, or the creation of consumer profiles. We do not knowingly sell or share for cross-context behavioral advertising the personal information of any consumer under the age of sixteen (16). If you believe that a child under sixteen has created an account or otherwise provided personal information directly to us, please contact us using the details in Section 14 and we will take appropriate steps to address the matter.

12. Notice to California Residents (CCPA/CPRA)

This Section supplements the rest of this Policy and applies only to natural persons who reside in California. It is provided to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations.

Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information identified by the CCPA: (a) identifiers, including name, postal address, email address, telephone number, IP address, and account identifiers; (b) “customer records” information under California Civil Code §1798.80, including name, address, telephone number, payment information, and similar details; (c) commercial information, including records of services purchased, considered, or obtained; (d) internet or other electronic network activity, including browsing history, search history, and interactions with the website; (e) geolocation data, in the form of approximate location derived from IP; (f) sensory data, where you contact us by recorded voice or video; (g) professional or employment-related information, where you submit such material as a source document or as part of a business order; (h) education information, where you submit such material as a source document; (i) inferences drawn from the foregoing for the purposes described in this Policy; and (j) Sensitive Personal Information, as described below.

Sensitive Personal Information. Because we provide translation and document services, source documents you submit frequently contain Sensitive Personal Information, as that term is defined under the CCPA, including without limitation Social Security numbers, driver’s license numbers, state-identification-card numbers, passport numbers and other government-issued identifiers, immigration-status information, account log-in credentials, financial-account information, precise geolocation in certain documents, racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric information, health information, and information about sex life or sexual orientation. We use and disclose Sensitive Personal Information only for the limited purposes permitted by Section 7027 of the CPRA regulations, including without limitation to perform the services you have requested, to prevent and investigate security incidents and fraud, to ensure the physical safety of natural persons, to perform short-term and transient uses, to provide services on our behalf, and to verify and maintain the quality and safety of our services. We do not use or disclose Sensitive Personal Information to infer characteristics about you.

Sources of Personal Information. We collect personal information from the categories of sources described in Section 2, including: directly from you and from devices you use; automatically from your interactions with our website and emails; from our service providers and contractors acting on our behalf; and from third parties to whom you direct us to interact, such as recipients of documents.

Business and Commercial Purposes. We collect and disclose personal information for the business and commercial purposes described in Sections 3 through 6 of this Policy, including without limitation: providing, performing, and improving the services; communicating with you; processing payments; preventing, detecting, and investigating fraud, security incidents, and abuse; complying with law and enforcing our agreements; marketing where permitted by law; and conducting analytics and research.

Categories of Third-Party Recipients. We disclose personal information for the business purposes described above to the categories of recipients identified in Section 6, including service providers and contractors, recipients you direct, affiliates, legal and safety recipients, and parties to corporate transactions.

Twelve-Month Disclosure. In the preceding twelve (12) months, we have collected the categories of personal information listed above for the business and commercial purposes described in this Policy and have disclosed those categories of personal information for business purposes to the categories of recipients described above, including service providers and contractors, recipients you direct, affiliates where applicable, legal and safety recipients, and parties to corporate transactions. We have not sold any category of personal information in exchange for monetary or other valuable consideration, and we have not shared any category of personal information for cross-context behavioral advertising, as those terms are defined under the CCPA.

No Sale; No Sharing for Cross-Context Behavioral Advertising. We do not sell personal information in exchange for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. We do not knowingly sell or share the personal information of consumers under the age of sixteen (16).

Opt-Out Preference Signals. Where required by applicable law, we process browser-based opt-out preference signals, including Global Privacy Control (GPC) signals, as a request to opt out of the sale or sharing of personal information for the browser or device through which the signal is sent. Because we do not sell personal information and do not share personal information for cross-context behavioral advertising, honoring such a signal will not materially change our practices, but we will treat the signal as a valid opt-out request to the extent required by the CCPA. If you are logged into an account when the signal is received, and we can reasonably associate the signal with that account, we may apply the opt-out to the account as required by law.

California Privacy Rights. Subject to verification and to the limits and exceptions of the CCPA, California residents have the following rights:

  • Right to Know. The right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting, selling, or sharing the information, the categories of third parties to whom we have disclosed the information, and the specific pieces of personal information we have collected.
  • Right to Delete. The right to request deletion of personal information we have collected from you, subject to the exceptions provided by law.
  • Right to Correct. The right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale or Sharing. The right to opt out of any sale or sharing of personal information. Because we do not sell or share personal information as those terms are defined under the CCPA, this right has no practical effect, but we recognize the right.
  • Right to Limit Use of Sensitive Personal Information. The right to direct us to limit our use and disclosure of Sensitive Personal Information to the purposes permitted by Section 7027 of the CPRA regulations. Because we use Sensitive Personal Information only for those limited purposes, this right has no practical effect, but we recognize the right.
  • Right to Non-Discrimination. The right not to receive discriminatory treatment for exercising any right under the CCPA. We will not deny services, charge different prices, or provide a different level or quality of services because you exercise a CCPA right, except as permitted by law.

How to Submit a Request. California residents and their authorized agents may submit a verifiable request by sending an email to info@LingvaShop.com with the subject line “California Privacy Request”. Please include sufficient information for us to identify you, the nature of your request, and any account or order references. We will acknowledge receipt within ten (10) business days and will respond within forty-five (45) days of receipt, with one additional forty-five (45) day extension where reasonably necessary, in which case we will notify you within the initial period.

Identity Verification. To protect your information, we will take reasonable steps to verify your identity before responding to a request to know, delete, or correct. The level of verification will depend on the sensitivity and value of the information requested. We may ask you to provide additional information to match against information we already have on file, including without limitation information sufficient to confirm your identity and the existence of any account or order with us. We will not use information you provide for verification for any other purpose.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. The agent must provide a copy of a valid written authorization signed by you, and we may require you to verify your own identity directly with us and confirm that you have authorized the agent. We may deny a request from an agent that does not submit proof of authorization.

Shine the Light. California Civil Code §1798.83 permits California residents to request information concerning disclosure, if any, of personal information to third parties for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes. California residents wishing to request more information may contact us using the details in Section 14.

13. Changes to This Policy

We may modify this Policy at any time by posting the revised Policy on the website and updating the “Last updated” date above. Modifications are effective immediately upon posting unless a later effective date is stated. Where required by applicable law, we will provide additional notice or obtain consent for material changes. Your continued use of the website or the services after the effective date constitutes your acceptance of the revised Policy.

14. Contact

Questions, comments, or requests regarding this Policy or our privacy practices may be directed to info@LingvaShop.com