Privacy Policy

This Privacy Policy describes how Legal Graph Company Limited and its affiliates (“Legra”, “we”, “our” or “us”) collect, use and share information in connection with your use of our websites (including www.legra.com and www.legra.app), social media platforms employed, services and applications and/or other (online and offline) interactions (e.g. customer service inquiries, introductory meetings, attendance of Legra-organised conferences, etc.) you may have with Legra (collectively, the “Services”). This Privacy Policy (the “Privacy Policy”) does not apply to information our customers may process when using our Services.

We may collect and receive information about users of our Services (“users”, “you”, or “your”) from various sources, including: (i) information you provide though your user account on the Services (your “Account”) if you register for the Services; (ii) your use of the Services; and (iii) from third-party websites, services and partners.

We recommend that your read this Privacy Policy in full to ensure your are fully informed. If you have any questions about this Privacy Policy Legra's data collection, use and disclosure practices, please contact us at privacy@legra.com.

Information We Collect

Information You Provide

• Account Registration. When you (or individuals to whom you grant access to our Services) register for an Account, we may ask you for your contact information, including items such as name, company name, address, email address, and telephone number. If you choose to refer a third person to our Services, we may also collect the third person’s email address so that we may send them a referral or promotional code to sign up for our Services.
• Payment Information. When you add your financial account information to your Account, we may collect that information or direct it to our third-party payment processor. Also where we do not store your financial account information on our systems, we generally have access to and may retain, subscriber information through our third-party payment processor.
• User Content. In certain parts of our Services, you may publicly post content on our Services. By registering and interacting with those Services, you agree that your profile information and the content you post may be viewed and used by other users and third parties we do not control.
• Communications. If you contact us directly (such as make an inquiry about our Services, apply for a job or attend our events), we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you read a message from us.

The personal data that you are asked to provide, and the reasons why you are asked to provide it, will (where necessary) be made clear to you at the point we ask you to provide your personal data.

Information We Collect When You Use Our Services

• Cookies and Other Tracking Technologies. We gather certain information automatically and store it on our log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our Services to offer you appropriate content. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your interactions with the Services. We may track your use across different websites and services. Such information may be considered personal data under applicable data protection laws.
• Usage of our Services. When you use our Services, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to produce analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.

Information We Receive from Third Parties

• Third-Party Accounts. If you choose to link our Services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account, to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
• Third-Party Partners or others. We may receive publicly available information about you from our third-party partners and combine it with data that we have about you. We may receive data about organisations, industries, website visitors, marketing campaigns and other matters related to our business from our partners or others. This data may be combined with other information we collect including both aggregate level and user specific data.

How We Use Information

We use the information we collect in various ways, including to:

• Provide, operate and maintain our Services;
• Improve, personalize, and expand our Services;
• Understand and analyze how you use our Services;
• Develop new products, services, features, and functionality;
• Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes;
• Process your transactions, for billing, account management and other administrative matters;
• Send you text messages and push notifications;
• Find and prevent fraud; and
• For compliance purposes, including enforcing our Terms & Conditions and (other) service and customer agreements, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

How We Share Information

We may share the information we collect in various ways, including the following:

• Vendors and Service Providers. We may share information with third-party vendors and service providers, such as those helping to provide our Services, for promotional and/or marketing purposes, and to provide you with relevant information such as product announcements, software updates, special offers, or other information.
• Aggregate Information. Where legally permissible, we may use and share information about users with our partners in aggregated or de-identified forms that can’t be reasonably by used to identify you.
• Advertising. We may work with third-party advertising partners, to show you ads that we think might interest you. These advertising partners may set and access their own cookies, pixel tags, and similar technologies on our Services and they may otherwise have access to information about you which they may collect over time and across different online services.
• Third-Party Partners. We also share information about users with third-party partners in order to receive additional publicly available information about you.
• Information We Share When You Sign Up Through a Referral. If you sign up for our Services through a referral from a third party, we may share information with your referrer to let them know that you used their referral to sign up for our Services.
• Analytics. We use the analytics provider Google Analytics. Google Analytics uses cookies to collect information about users. Google provides some additional privacy options regarding its Analytics cookies at http://www.google.com/policies/privacy/partners/.
• Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
• As Required By Law and Similar Disclosures. We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy, our Terms & Conditions and (other) service and customer agreements, including investigation or potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
• With Your Consent. We may share information with your consent.

Legal Basis for Processing Personal Data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

We will as a rule collect personal data only (i) where we need the personal data to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform and applications, undertaking marketing, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide your personal data).

Third-Party Services

You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.

Security

Legra is committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.

Data Retention

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from further processing until deletion is possible.

Access

If you are a registered user of our Services, you may access certain information associated with your Account by logging into our Services or emailing privacy@legra.com. If you terminate your Account, any public activity on your Account prior to deletion may remain stored on our servers and may remain accessible to the public.

To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your information. The information you provide may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: (i) inhibit Legra's ability to investigate, make or defend legal claims; (ii) result in disclosure of personal data about a third party; or (iii) result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to Legra or a third party.

Your Data Protection Rights

You have the following data protection rights:

• If you wish to access, correct, update, or request deletion of your personal data, you can do so at any time by emailing privacy@legra.com.
• In addition, you can object to processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data. Again, you can exercise these rights by emailing privacy@legra.com
• You have the right to opt-out of marketing communications we send you at any time. You can exercise this by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing privacy@legra.com.
• Similarly, if we collect and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing if your personal data conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority, or the UK Information Commissioner's Office (ICO), which is Legra's supervisory authority in the European Union:

UK’s Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: +44 303 123 1113 (local rate) or
+44 1625 545 745 if you prefer to use a national rate number
Fax: +44 1625 524 510
Email: casework@ico.org.uk

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Your Choices

You can use some of the features of the Services without registering, thereby limiting the type of information we collect.

You may unsubscribe from receiving certain promotional emails from us. If you wish to do so, simply follow the instructions found at the end of the email. Even if you unsubscribe, we may still contact you for informational, transactional, account-related or similar purposes.

Many browsers have an option for disabling cookies, which may prevent your browser from accepting new cookies or enable selective use of cookies. Please note that, if your choose not to accept cookies, some features and the personalization of our Services may no longer work for you. You will continue to receive advertising material but it will not be tailored to your interests.

Children’s Privacy

Legra does not target and is not intended to attract children under the age of 13 (thirteen). Although visitors of all ages may navigate through our website, we do not knowingly collect or request personal data from those under the age of 13 without parental consent. If, following a notification from a parent or guardian, or discovery by other means, a child under 13 has been improperly registered on our website by using false information, we will delete the child’s personal data from our records.

Changes to this Privacy Policy

This Privacy Policy may be modified from time to time, so please review it frequently. Changes to this Privacy Policy will be posted on our websites. If we materially change the ways in which we use or share personal data previously collected from you through our Services, we will notify you through our Services, by email, or other communication.

International Data Transfers

Legra is a global business. We may transfer personal data to recipient territories or institutions outside of the territory in which the data was originally collected. These outside recipients may not be subject to the same data protection laws as the territory from which you initially provided the information. When we transfer your personal data to outside recipients, we will protect that information as described in this Privacy Policy.

Personal data collected by Legra may be stored and processed in your region or in any other country where Legra or its affiliates, subsidiaries or service providers are located or maintain facilities. Legra has put in place adequate mechanisms to protect personal data when it is transferred internationally, including, but not limited to, ensuring adequate levels of protection in recipient countries (under Article 45 of the European General Data Protection Regulation), using the Standard Contractual Clauses as approved by the European Commission, or mechanisms derived from special agreements like the EU-U.S. Privacy Shield Frameworks.

Contact Us

If you have any questions or concerns about this Privacy Policy, please feel free to email us at privacy@legra.com, or at our mailing address below:

Legal Graph Company Limited
11 Wood End
Milton Keynes
MK17 0PE
United Kingdom

To communicate with our Data Protection Officer, please email dpo@legra.com.

Effective date: 7 April 2022