LEGID, as an intermediary of legal services, is the controller in connection with the personal data processing activities related to the operation of the Services and finding a service provider through the Services. LEGID is also the controller when sending offers and advertisements related to the mediation of the legal services and sending newsletters to the User. The service provider is the co-responsible controller of the User’s personal data if the processing of personal data takes place for the purpose of providing legal services. LEGID collects the personal data necessary for the service provider by agreement with the latter from the User upon registration with the Services; informs the User about the processing of his/her personal data for the purpose of providing legal services; along with the service provider ensures that the personal data of the User is not accessed by persons who has no need for it, using the necessary technical and organizational measures.
By using the Services the User expresses his/her unconditional agreement with this Policy and the conditions of processing the User’s personal information contained herein; if the User does not agree with these conditions, the User should not use the Services.
1. User Personal Information Processed by LEGID
1.1. According to this Policy, “User personal information” means the following:
1.1.1. Personal information provided by the User during registration (creation of an account) or in the course of using the Services, including the User’s personal details:
(a) name, email, residence, mobile phone number, address, age (personal code/date of birth);
(b) description of legal problem;
(c) language of communication;
(d) bank card number; valid through; security code;
(e) cost of legal services and data related to payments;
(f) details of questions and disputes related to the provision of the legal services.
Information required for the provision of the Services is marked respectively. Other information (e.g. a photo) shall be provided by the User at his/her own discretion.
1.1.2. Data automatically transferred by the software installed on the User’s device to the Services in the course of their use, including, but not limited to, IP address, cookies data, web beacons/pixel tags, http headers, the User’s browser data (or any other software used to access the Services), performance specifications of the User’s hardware and software, date and time of access to the Services, the URL of the page requested, information related to the User’s activity when using the Services (e.g. the User’s search history, email addresses of the User’s contacts, content of the User’s emails together with attachments, as well as files stored in LEGID systems), (geo)location information, and other similar information.
1.1.3 Other information about the User required to be processed according to the terms and conditions governing the use of particular Services.
1.2. This Policy only applies to the information required to be processed during the use of Services. LEGID has no control over, and does not bear responsibility for, processing of the information by third-party websites, which the User may access by hyperlinks available on LEGID’s websites, including hyperlinks in search results, unless LEGID embeds within its Services a social plugin from any social network, and therefore has a duty to inform at the time of data collection about such data processing to the User of the Services.
1.5. LEGID does not perform any form of profiling, which has the potential to significantly impact the User’s rights and freedoms in accordance with applicable laws.
2. Purpose of Processing User Personal Information
2.1. LEGID only collects and stores personal information required for the provision of the Services in order to perform its contractual obligations towards the User including providing it with the Services (i.e. providing the User with the results of its query or execution of agreements and contracts with the User), including where such information is required to be stored by law for a period prescribed by law.
2.2. LEGID will process the User’s personal information in order to/if/for:
2.2.1. identify a party using the Services or a party to an agreement or contract with LEGID;
2.2.2. provide personalized Services to the User and perform agreements and contracts (i.e. delivery of request results in response to the User’s queries, taking into account its preferences, search history and other personal information about it available to LEGID), that is to say:
(a) we process personal data in order to bring the User together with the most suitable service provider to resolve the legal problem and in order to ensure the receipt of trusted, quality, affordable and transparently priced legal services;
(b) we need a description of the User’s legal problem in order to bring the User together with the most suitable service provider, taking into account the areas of specialization of the service provider;
(c) we use the name, email, and mobile phone number to communicate with the User and to introduce legal services to the User;
(d) we collect data on the language of communication in order to provide the User with communication with a service provider in a language that the User understands;
(e) we need (geo)location information of the User in order to bring the User together with the service provider, taking into account the location, in which the User wishes to receive legal services;
(f) we process Users’ payment data in order to submit invoices to Users on behalf of service providers;
(g) customer support information is collected on a case-by-case basis and stored to resolve disputes and improve service quality;
2.2.3. contact the User, as well as forward notices, requests and information related to the Services and performance of agreements and contracts, and process requests and applications of the User;
2.2.4. provide the User with access to its user account;
2.2.5. improve the quality of the Services, convenience of their use, develop new Services, improving user experience, offering more relevant request results and more personalized Services, as well as improving other LEGID products, applications and services, including developing new products, applications and services;
2.2.6. target advertisements, meaning for personalization of advertisements and/or commercial offers based on the User’s preferences, search history and other personal information available to LEGID;
2.2.7. collect, process and present statistical data or big data, or perform other research and/or analysis of personal information in order to carry out statistical and other kinds of research and analysis based on anonymized data;
2.2.8. protect the User’s rights and the rights of LEGID, complying with our legal or regulatory obligations, meaning when the processing is necessary for the legitimate interests of LEGID and does not unduly affect the User’s interests or fundamental rights and freedoms. Processing of personal information on this basis, LEGID will always seek to maintain a balance between its legitimate interest and the protection of the User’s privacy.
Examples of such ‘legitimate interests’ are:
(a) to better understand how the User interact with our Services;
(b) to enhance, maintaining accessibility, modify, personalize or otherwise improve the Services for the benefit of all users; and
(c) to offer the User other products and services from LEGID or other companies which might be of interest to the User (i.e. personally-targeted advertising).
2.2.9. specific purposes or if consent is required under the applicable laws and regulations, LEGID may ask the User’s consent for processing of the User’s personal information. In those jurisdictions in which consent is the legal basis, the User provides such consent by agreeing to use our Services. LEGID hereby informs the User, and the latter hereby acknowledges, that it has no legal obligation to provide LEGID with any personal information when it uses the Services, and the provision of it is solely based on its free will. However, the User is aware that without the provision of personal information, LEGID will not be able to provide the User with the Services and the User’s use of the Services will be limited.
3. Conditions of Processing User Personal Information and Its Provision to Third Parties
3.1. LEGID shall store User personal information according to internal regulations on particular services.
3.2. The confidentiality of User personal information shall be maintained, except if the User willingly makes his/her details available to the general public. By creating an account in particular Services, the User agrees that a certain part of his/her personal information becomes public.
3.3. LEGID has the right to provide User personal information to third parties subject to the following conditions:
3.3.1. the User has expressed his/her explicit consent to such actions;
3.3.2. such provision is required for the User’s use of a certain Service or performance of a particular agreement or contract with the User, that is to say:
(a) we transfer personal information only to those service providers who have activated the application. In this case, the service provider who received the request will see the Users’s name, residence, language of communication and a description of the legal problem;
(b) the User’s rating of the quality of the legal services is generally anonymous and the service provider will not know the name of the person who provided the rating, unless the User has requested disclosure of his/her data or the disclosure is necessary to resolve the User’s dispute;
3.3.3. where LEGID is required to do so by applicable laws or regulations at the request of any national or international regulatory, enforcement, exchange body, central or local government department and other statutory or public bodies or court;
3.3.5. when LEGID needs to assign or novate any of our rights or obligations under a relevant agreement to any third party, including partners, such as media publishers, advertising networks and other partners providing LEGID with services related to the placement and display of advertisement on the websites, programs, products and/or services owned or operated by such partners, advertisers or other partners serving targeted advertisement on the Services; and third parties who process personal information, such as our (IT) systems providers and/or consultants;
3.3.6. anonymized statistical data generated as a result of processing of the User personal information by way of anonymization are provided to a third party to carry out research activities, perform works or render services as requested by LEGID.
3.4. When processing the User personal information, LEGID shall follow the regulations stipulated by the General Data Protection Regulation (GDPR).
4. Change and Deletion of Personal Information. Obligatory Data Storage. User’s rights
4.1. The User may at any time access to its personal information and correct or change (update, supplement) the provided personal information or its part by editing his/her personal details in the Dashboard section (https://ask.legid.app/client/account/settings) or in the personal section of a respective Service.
4.2. The User may require deletion, erasure or transfer of the personal information it has provided for a particular account by contacting LEGID using Contact Form or contacts below. Deleting an account may render certain Services unavailable.
4.3. The User may withdraw consent to, request restriction of, and object to the processing of the personal information.
4.4. If provided by applicable law, the User may be subject to other rights not specifically mentioned in this Policy.
4.5. In order to exercise the User’s rights in relation to its personal information, the User shall log in to a User’s account, or in case of absence of special function in a User’s account interface contact LEGID. If the User is not satisfied with how LEGID processes its personal information, the User shall inform LEGID regarding this matter and LEGID will investigate the concern. If the User is not satisfied with LEGID’s response, the User has the right to make a complaint to the competent data protection authority.
4.6. The rights under clauses from 4.1. to 4.4. may be restricted in accordance with the legislative requirements. In particular, such restrictions may require that LEGID store the information changed or deleted by the User for a period specified by law and provide such information to governmental authorities according to a relevant legal procedure.
4.7. LEGID shall keep personal information as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal and regulatory requirements. Unless otherwise legally required or agreed, the emails and documents, which are stored by the User on systems as part of the Service, will remain stored as long as the User have an account with the Services, but the User can delete them at any time. If the User wishes to have any personal information removed from databases of the Services, the User can have it removed via the User’s LEGID account or using interface of the Services (where available). Personal information is stored the following way:
4.7.1. following the provision of legal services, the User’s personal data and the data on the legal problem remain visible to the service provider unless the Users requests otherwise. The service provider sees the data of the legal problems that he/she solved. This is necessary for the service provider in order to be able to resolve issues related to the provision of the service;
4.7.2. payment data will be kept for three years after the last invoice was issued;
4.7.3. the data required for the accounts shall be kept for seven years;
4.7.4. in case of suspicion of crime, fraud or false information, the data shall be kept for 10 years;
4.7.5. in the event of a dispute over payment, the data shall be kept until the claim has been met or the limitation period has expired;
4.7.6. If the User wishes to transfer or delete personal data, he /she must submit a corresponding application to LEGID. LEGID satisfies the User’s application within one month, inclunding specifying the details on deleting and transferring data during the application procedure.
4.8. LEGID stores personal information in the territory of the European Union (EU).
5. Processing of personal information by using Cookies and counters
Cookie is a small piece of data stored on the User’s device while using a website. Cookies allow to record the User’s activity on each subsequent visit to remember the User’s actions and preferences over time.
5.1. Cookies transferred by LEGID to the User’s devices and by the User’s devices to LEGID may be used by LEGID to provide customized Services to the User, to target advertising displayed to the User, for statistical and research purposes and to improve the Services (further clarified in clause 5.4.). The data collected will remain stored on the User’s device for a period that may depend on cookies type, but no longer than necessary to achieve the purpose and will be automatically removed from the system thereafter.
5.3. LEGID may determine that provision of a particular Service is available only subject to the User’s consent to acceptance and receipt of cookies.
5.4. The following types of cookies are used within the Services:
5.4.1. technical cookies: those are required to run the Services and provide the User with the Services and may, among other, allow LEGID to identify the hardware and software being used, including a browser type;
5.4.2. analytical cookies: those are required to recognise users, count the number of users and collect information such as actions on the Services, including the web pages the User visits and the content it retrieves;
5.4.3. performance cookies: those are required to collect information about how users interact with the Services, enabling to identify errors and test new functionalities to improve the performance of the Services;
5.4.4. functionality cookies: those are required to enable to provide specific functionalities in order to improve user experience on the Services, for example by storing preferences (e.g. language and location);
5.4.5. (third party) advertising cookies: those are required to collect information about users, sources of traffic, page visits and advertising displayed to the User and followed by the User; enable to display advertising which may be of interest to the User based on collected personal information.
5.5. LEGID may also use web beacons (pixel tags) in order to access the cookies previously placed on the User’s computer systemfor the following purposes:
5.5.1. to track the User’s actions on the Services and when using the Services, by accessing and interacting with the cookies stored on the User’s computer system;
5.5.2. to collect analytical information related to operating the Services or products, utilities, advertisements or other LEGID’s offerings.
6. User Personal Information Protection Measures
6.1. LEGID shall take necessary and sufficient organizational and technical measures to protect User personal information from unathorized or accidental access, deletion, alteration, blocking, copying, distribution, as well as from other unlawful forms of processing or unlawful actions of third parties. The security measures are implemented in consideration of the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of personal information provided by the User.
6.2. Personal information is processed automatically without access to it by personnel. In case an access by personnel is necessary, the personal information shall be accessed exclusively by those persons whose professional tasks require using this information. To protect the User’s personal information and ensure its confidentiality, these persons must comply with internal rules, non-disclosure provisions and follow regulations for processing of personal information.
7.2. LEGID shall avoid any changes imposing additional obligations or reducing the User’s rights under this Policy without a notice in advance to the User. The changes shall be announced within the Services prior to such changes taking effect, and the User shall be notified using available channels if the User has provided LEGID with its contact details.
7.3. This Policy and relations between the User and LEGID arising out of the Policy shall be governed by the GDPR.
8. Feedback. Questions and Suggestions
8.1. Any questions or suggestions regarding this Policy may be addressed by the User to the Help Desk Service (https://www.legid.app/#contacts) or to LEGID LawTech OÜ, address 3 Parda Str., Tallinn, 10151, Harju, Estonia
8.2. The User may also use this form to exercise its rights or report any inaccuracies in its personal information or object its processing.
8.3. The supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee, email@example.com).
Date of publication: 27.08.2020