Litera Group Privacy Notice
The Litera Group takes data privacy very seriously and this privacy notice is designed to help you understand how we use your personal information. We encourage you to read the whole notice. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.
- 1. THE PURPOSE OF THIS PRIVACY NOTICE
- 2. YOUR PERSONAL INFORMATION
- 3. OUR USE OF YOUR PERSONAL INFORMATION
- 4. OTHER IMPORTANT THINGS YOU SHOULD KNOW
- 5. YOUR RIGHTS
We are the Litera Group. We are a group of organizations that, together, form the industry-leading, end-to-end provider of document lifecycle solutions. We have more than 25 years of experience of delivering innovative document technology solutions to thousands of legal, corporate, life sciences and other organizations across the globe. This privacy notice applies to each of the organizations that form part of the Litera Group:
- Legal Holding Company, LLC
- Workshare Limited
- Freedom Solutions Group, L.L.C
- DocsCorp Pty. Ltd.
- Kira Inc.
1.2 Our use of personal information
In common with most global organizations, we collect, use and share information, including personal information, in connection with providing our services and technology solutions and running our business.
1.3 This privacy notice
This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:
- Our operations in specific countries in order to help ensure our compliance with local data protection requirements
- Specific services that we offer to our customers from time to time.
If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice. We have a separate privacy notice that sets out how we process the personal information of our staff, which prospective, current and former members of staff should refer to.
1.4 Updating this privacy notice
This notice may be updated from time to time. This version is dated December 1, 2021.
1.5 What is personal information?
Personal information is information that identifies, relates to, describes, is capable of being associated with you. This includes obvious things like your name, address and telephone number but can also include less obvious things like analysis of your use of our websites. Examples of personal information are provided below in Section 2.2. There are different types of personal information. The most important types for you to know about are:
- Special categories of personal information – these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation.
- Criminal convictions information – this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.
1.6 Our responsibility to you
We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information. The exception to this is where we process your information for and on behalf of one of our customers as part of providing our services and technology solutions to them. In these cases, we act as a processor of our customer and this privacy notice does not apply. You can read more about our role as a processor when we provide our services and technology solutions to our customers under Customer – Data Protection Agreement tab available at here.
1.7 Data protection officer
We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:
- an email to: firstname.lastname@example.org; or
- a letter to: The Data Protection Officer, Litera, Milla Rahmani at 550, West Jackson Blvd., Suite 200, Chicago, IL 60661.
2.1 Why are we collecting personal information about you?
We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:
- you are a prospective, actual or former customer or you represent, work for or own a prospective, actual or former customer
- you provide services to us (or you represent, work for or own an organisation which provides services to us)
- you are a prospective, actual or former reseller of our services and technology solutions or you represent, work for or own a prospective, actual or former reseller
- you represent or work for a regulator, certification body or government body which has dealings with us
- you attend our seminars or events, receive our updates, articles, white papers and other collateral or visit our offices or websites.
2.2 What personal information do we collect about you?
The types of information we process about you may include:
|Types of personal information||Details|
|Individual details||Name, address (including the state or country within which you are based), other contact details (e.g. email and telephone numbers), gender, date and place of birth, nationality, employer, job title|
|Identification details||Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number|
|Financial information||Bank account or payment card details, income or other financial information|
|Credit, anti-fraud and sanctions data||Credit history, credit score and information received from various anti-fraud and sanctions databases relating to you|
|Special categories of personal information||Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership|
|Criminal convictions information||Information relating to your criminal convictions and offences|
|Identifiers, location information and usage of our services and technology solutions||Information which can be traced back to you, such as an IP address, a website tracking code or electronic images of you. Our technology solutions also allow us to track who accesses and use the solutions (including the solution features that are being used) and users' general location (including by region and area). We do this through the collection of information such as your user and login credentials (including your name, registered email address, job title and operating system login name), IP addresses, product keys, licence codes and the data created through the use of the solution and other data collection tools.|
In respect of our customers, we have collected this information from you within the past 12 months, and we may have also collected this information from you more than 12 months ago.
2.3 Where do we collect your personal information from?
We collect your personal information from various sources, including:
- your employer or the organization that you represent, work for or own
- our service providers
- resellers of our services and technology solutions
- credit reference agencies
- anti-fraud databases, sanctions lists, court judgements and other databases
- government agencies and publicly accessible registers or sources of information
- by actively obtaining your personal information ourselves, for example through the use of website tracking devices or the information we collect through your use of our services and technology solutions.
Which of the sources apply to you will depend on the particular types of personal information we are collecting, and why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or the organization that you represent, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.
3.1 How do we use your personal information?
In this section we set out in more detail:
- the main purposes for which we use your personal information
- the legal bases upon which we are using your personal information.
|Know your customer, supplier and counterparty and other legal obligations We obtain information about our (prospective) customers, suppliers and counterparties and their representatives and beneficial owners and others to help us comply with legislation on money laundering, terrorist financing, and sanctions. We also collect and disclose personal information under applicable legislation and under orders from courts and regulators. Our disclosures will be to those bodies and persons who are entitled to receive the required information. In some cases, this information will include special categories of personal data and criminal convictions data.||For all information – compliance with a legal obligation. For special category and criminal convictions data –preventing or detecting unlawful acts, and suspicion of terrorist financing or money laundering.|
|Use of our services and technology solutionsAccess to our services and technology solutions: Whilst we generally act as our customer's processor in processing personal information as part of our services and technology solutions, when you access and use our services and technology solutions, we may collect certain personal information as part of the initial set-up and registration process and to control access and use of the services and solutions on a day to day basis, including your name, email address and login credentials (for example, your user name). This information is used by us as part of the initial registration process, to manage your use of the application and provide it to you.||Access to our services and technology solutions:Legitimate interests. We have a legitimate interest in using your information where this is necessary or appropriate to provide our services and solutions.|
|Monitoring your use of our services and technology solutions: Our services and technology solutions allow us to track (i) the general geographic region/area from which you access and use certain of our services and solutions; and (ii) how you use our services and solutions (for example, the type of product features that you click on and use). We use this information to (i) understand how and where the application is being used and to provide, develop and improve the application; and (ii) inform our discussions with our customers about their services and solutions needs and the licensing arrangements that we have in place with them. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.||Monitoring your use of our services and technology solutions:Legitimate interests. We have a legitimate interest in understanding when and how our services and solutions are used and by whom.|
|Service providers We collect information about you in connection with your provision of services to us or your position as a representative or worker of a provider of services to us. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose, other than where we are required to do so to meet our legal obligations (see 'Know Your Customer and other legal obligations' above).||Legitimate interests. We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.|
|Events and updates If you wish to attend one of our events, schedule a catch-up with us at a third party event that we are attending or receive our updates, we ask you to provide us with a limited amount of information (normally your work contact details, your employer's name, your job title, and the topics, services or technology solutions of interest). We use this information in order to communicate with you about our events, third party events we are attending and our updates to ensure that you are an appropriate audience for them, and to conduct analysis for marketing purposes. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. (Please also see 'Marketing' below.)||For communications with you – legitimate interests. We have a legitimate interest in keeping you informed about seminars, events and developments in our business and the topics or technology solutions that may be of interest to you. When we send you marketing communications, there are separate laws regarding market communications that we adhere to, in addition to data protection laws. You may opt out of receiving marketing communications from us at any time and each communication we send provides a straightforward means of doing so. For all other purposes – legitimate interests. Our events, the third party events we attend and our updates are intended primarily for customers and potential customers. We have a legitimate interest in confirming that our events and updates are being made available to their intended audience. We also have a legitimate interest in understanding your use of our events and updates, and whether this presents any opportunity for us to improve the services and solutions we offer to you.|
|Visitors to our offices We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need to know basis – for example, to look into an incident. CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis – for example, to look into an incident. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.||Legitimate interests. We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.|
|Establishing our legal position We may use your personal information, including sharing it with our legal advisers, when looking to establish our legal position. In some cases, this information will include special categories of personal data and criminal convictions data.||For all information – legitimate interests. We have a legitimate interest in understanding and establishing our legal rights and obligations. For special category and criminal convictions data – the establishment, exercise or defence of legal claims.|
We do not generally process your personal information based on your consent (as we can usually rely on another legal basis). Where we do process your personal information based on your consent, you will have the right to withdraw your consent at any time. To withdraw your consent please email us at email@example.com or, to stop receiving our marketing emails or updates, please click on the unsubscribe link in the relevant email you receive from us. Please note that withdrawing consent, or unsubscribing may affect some of the services we provide to you, but will not alter our processing of your personal information to the extent we have a legal obligation to do so.
3.3 Do we share your information with anyone else?
We do not sell your information to any third parties. We share your information in the following circumstances:
- our organization is made up of a number of different entities around the world. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our affiliated companies. All of our affiliates companies covered by this notice manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements. Details of the affiliated companies to which this notice applies are set out in paragraph 1.1 above
- if you are a customer or you work for or are a representative or owner of a customer, then we might provide your relevant information to search companies so they can verify your identity
- we use the services of various external organizations to help us run our business efficiently, particularly in relation to our technology solutions. Some of these services (such as software hosting and data storage) involve the service provider holding and using any of your personal information that we collect. In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes
- where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information
- where we make available our services and technology solutions via resellers, we may need to provide these persons with your relevant information
- if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business
- we share your personal information with other third parties, such as relevant regulators, where we are required to do so to comply with legal or regulatory requirements
- we may share any of your information we collect (including information relating to the access and use of our services and technology solutions) with our business owners who use this information for operational purposes (including to understand the performance of our business)
- if you work for or are a representative or beneficial of a customer, then we might provide any of your information we collect relating to your access and use of our services and technology solutions to that customer.
In respect of our customers, we have shared your information as described above within the past 12 months, and we may have also shared your information as described above more than 12 months ago.
4.1 Keeping your personal information safe
We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the services.
4.2 Profiling and automated decision making
We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).
4.3 How long do we keep your personal information?
We do not keep your personal information forever. We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.
4.4 Cross border transfers of your personal information
We are a global business that operates, and provides services and solutions to customers located, in many different countries around the world. The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country. Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws. We also have in place a global data protection policy which we follow worldwide and which is based on European Union and Californian data protection principles (known to be some of the toughest privacy principles in the world). If you would like further details of how your personal information is protected when transferred from one country to another then please email us at firstname.lastname@example.org.
4.5 Local differences
Whilst this privacy notice describes the data protection practices adopted by us generally across the world, local data protection laws may vary and our operations in some countries may mean that we are subject to different, or additional, local data protection requirements. This section of our privacy notice lists those countries/states where our data protection practices differ from those set out in the rest of this notice. In the relevant countries stated below, you can find how our data protection practices differ in that country/state as well as any additional information that we are obliged to provide to you to comply with local data protection laws in that country/state. If any of the country/state specific privacy practices and additional statements are relevant to you because of the way in which you engage with us and there is a conflict between those practices or statements and the information set out elsewhere in this notice, then the country/state specific practices and statements will take precedence. California The Litera Group’s Privacy Notice describes how we may collect, use and share California consumers’ information in compliance with California law, including the California Consumer Privacy Act of 2018 (CCPA) and the California Rights Privacy Act (CPRA). Therefore, the following California-specific additional information should be read in the context of the entire Privacy Notice.
Notice of California Privacy Rights
The CCPA and CPRA grants California consumers the following rights:
- to request that a business disclose the categories and specific pieces of personal information the business has collected about the consumer;
- to request deletion of any personal information a business has collected about the consumer;
- to request correction of any personal information a business has collected about the consumer;
- to request limitation of the use and disclosure of certain sensitive personal information;
- with respect to any business that sells any of your personal information to third parties [the Litera Group does not], the right to opt out of such sales; and
- to request disclosure of the following:
- The categories of personal information the business has collected about that consumer
- The categories of sources from which the personal information is collected by the business
- The business or commercial purpose for collecting or selling the personal information collected
- The categories of third parties with whom the business shares personal information
- The specific pieces of personal information the business has collected about the requesting consumer
California consumers also have the right not to be discriminated against due to exercise of any of the consumer’s rights including, but not limited to:
- Denying goods or services to the consumer
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
- Providing a different level or quality of goods or services to the consumer
- Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services
Under California’s “Shine the Light” law, California Civil Code Section 1798.83, California residents may also request businesses to provide information regarding any disclosures made within the prior calendar year to third parties who the business knows or reasonably should know may have used the consumer’s personal information for the third parties’ direct marketing purposes. Information that California residents are entitled to include the names and addresses of any such third party businesses with whom such information has been shared, if any. Exercising Your Rights to Know or Delete To exercise your rights to know or delete described above, please submit a request by contacting us at: email@example.com with the phrase “California Privacy Request” in the subject line . You must include sufficient detail for us to locate your information and contact you. Please include, at a minimum, your name, email and postal address. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to similar requests sent more than once in a calendar year. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request to know or delete related to your personal information. You may only submit a verifiable consumer request to know twice within a 12-month period. The verifiable consumer request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor's identity or authority to make the request. Please be aware that under certain circumstances, the CCPA or CPRA may limit your exercise of these rights.
5.1 Contacting us and your rights
If you have any questions in relation to our use of your personal information, please email us at firstname.lastname@example.org. Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your personal information
- provide you with a copy of the personal information we hold about you
- update any inaccuracies in the personal information we hold about you
- delete any of your personal information that we no longer have a lawful ground to use
- where processing is based on consent, stop that particular processing by withdrawing your consent
- object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
- restrict how we use your personal information whilst a complaint is being investigated
- transfer your personal information to a third party in a standardised machine-readable format
In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.
5.2 Your right to complain
If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority (DPA) in your country. A list of DPAs from the European Commission may be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-be. If you are unsure of the authority that supervises our processing of your personal information then please email us at email@example.com.