Informative note

Position of the Company as an independent data controller

Servicios de traducción jurada y jurídica, S. L. 

 Last updated: 02/03/2026

**Puede consultar esta nota informativa en español aquí

1. Purpose of this note

This informative note sets out the legal position of Servicios de traducción jurada y jurídica, S. L. (hereinafter referred to as the “Company”) in relation to the processing of personal data carried out in the course of providing sworn translation services. It explains why the Company acts as an independent data controller and not as a data processor within the meaning of Article 28 of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”).

This document is made available to clients who request the execution of a data processing agreement (DPA) with the Company.

2. Nature of sworn translation services

Sworn translation (traducción jurada) is a regulated professional activity whose exercise requires official appointment by the Spanish Ministry of Foreign Affairs, European Union and Cooperation, which authorises sworn translators to certify the accuracy and completeness of their translations. In the exercise of their professional activity, sworn translators:

a)   Act with full professional autonomy and independence, determining the means, methodology and resources employed for the translation.

b)   Do not receive and cannot receive instructions from the client on how to process the personal data contained in the documents, beyond the identification of the language pair and the document to be translated.

c)   Are subject to a strict duty of professional secrecy, inherent to their status as sworn translators and recognised under applicable legislation.

d)   Assume personal and professional liability for the accuracy of the translation, which implies a degree of independence incompatible with the role of a data processor.

The Company provides its sworn translation services in accordance with these principles of professional independence and autonomy.

3. Legal basis

3.1. The distinction between controller and processor

Article 4 of the GDPR defines the data controller as the person who “determines the purposes and means of the processing”, and the data processor as the person who “processes personal data on behalf of the controller”.

A fundamental element of the controller–processor relationship is that the processor acts “following the documented instructions of the controller” (Article 28(3)(a) GDPR). This element of subordination is incompatible with the professional independence of sworn translators, who independently determine how to carry out their work.

3.2. The independent professional as a separate controller

Both legal scholarship and data protection authorities have recognised that professionals who exercise their activity independently (lawyers, expert witnesses, auditors, translators) act as independent data controllers when they receive a specific professional commission. In such cases, a communication of data takes place between two separate controllers —the client and the professional— rather than a controller–processor relationship.

This interpretation is consistent with the position adopted by authoritative sources in the field of data protection under Spanish law, which recognise that the freedom and independence of the professional, including vis-à-vis the client, is not consistent with the obligation to follow the documented instructions of the controller, which is characteristic of a data processing agreement.

3.3. Professional secrecy as an enhanced safeguard

Recital 164 of the GDPR, together with Section 90 of Spanish Organic Law 3/2018 (LOPDGDD), expressly recognise obligations of professional secrecy as a relevant factor in the configuration of personal data processing. The professional secrecy of sworn translators constitutes an additional and enhanced guarantee of confidentiality that operates independently of any data processing agreement.

4. Why a data processing agreement is not appropriate

The execution of a data processing agreement (DPA) pursuant to Article 28 GDPR is not appropriate in the relationship between the client and the Company for the following reasons:

•     Sworn translators do not act “on behalf of” the client or “following their instructions” in the processing of personal data; they act with full professional autonomy.

•     Signing a DPA would entail formally accepting a position of subordination that does not reflect the reality of the professional relationship and could be detrimental to the Company by imposing obligations proper to a data processor without being one.

•     The Company already fulfils, as an independent data controller, all obligations imposed on controllers by the GDPR and the LOPDGDD, including those relating to information, security measures, data subjects’ rights and breach notification.

•     The duty of professional secrecy of sworn translators provides a guarantee of confidentiality equivalent to or greater than that afforded by a data processing agreement.

5. Safeguards provided by the Company

Without prejudice to the foregoing, the Company assures its clients that personal data are processed with the highest standards of security and confidentiality:

•       A comprehensive and publicly available privacy policy, accessible at https://www.juradayjuridica.es, which provides transparent information about data processors, international transfers and security measures in place.

•       Duty of professional secrecy derived from the official appointment as sworn translators by the Spanish Ministry of Foreign Affairs, European Union and Cooperation.

•       Appropriate technical and organisational measures: encryption of communications (HTTPS/TLS), secure storage with restricted access, strong passwords and enhanced authentication, and deletion of documents in accordance with legally established retention periods.

•       Data processing agreements formalised with all technology providers that access personal data in the performance of their functions (Article 28 GDPR).

•       Availability to attend to the exercise of the rights of access, rectification, erasure, restriction, portability and objection of data subjects.

6. Conclusion

The Company acts as an independent data controller in respect of the personal data contained in the documents submitted for sworn translation. The relationship with the client constitutes a communication of data between separate controllers, based on the performance of a contract for the provision of services (Article 6(1)(b) GDPR), and not a controller–processor relationship.

For these reasons, the Company respectfully declines to enter into data processing agreements (DPAs) as these do not reflect the legal nature of the professional relationship. The Company remains at the disposal of its clients to address any queries or to provide further information regarding its compliance with data protection legislation.

Servicios de traducción jurada y jurídica, S. L.

Plaza de España 4, 1.º B, 28231 Las Rozas de Madrid, Spain

Registered at the Commercial Registry of Madrid, Spain, electronic folio of the General Companies Section records, sheet M-859685, 1st entry, VAT no. ESB22732143

info@juradayjuridica.es · www.juradayjuridica.es