Litera Group Privacy Notice

Identity

We are the Litera Group. We are a group of organizations that, together, form the industry-leading, end-to-end provider of document lifecycle solutions. We have more than 25 years of experience of delivering innovative document technology solutions to thousands of legal, corporate, life sciences and other organizations across the globe.

This privacy notice applies to each of the organization held by Legal Holding Company, LLC and its subsidiaries.

If you want to understand who the relevant controller is for a specific processing activity related to your personal information, please contact us at legal@litera.com.

Our use of personal information

In common with most global organizations, we collect, use and share information, including personal information, in connection with providing our services and technology solutions and running our business.

This privacy notice

This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:

  • Our operations in specific countries in order to help ensure our compliance with local data protection requirements
  • Specific services that we offer to our customers from time to time.

If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.

We have a separate privacy notice that sets out how we process the personal information of our staff, which prospective, current and former members of staff should refer to.

Where we process your personal information for and on behalf of one of our customers as part of providing our services and technology solutions to them, we act as a processor of our customer and this privacy notice does not apply. You can read more about our role as a processor when we provide our services and technology solutions to our customers under Customer – Data Protection Agreement tab available at here.

Updating this privacy notice

This notice may be updated from time to time.

What is personal information?

Personal information is information that relates to an identified or identifiable living individual. This includes obvious things like your name, address and telephone number but can also include less obvious things like analysis of your use of our websites.

Special categories of personal information require additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation. Criminal convictions information – this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.

Our responsibility to you

We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.

Data protection officer

We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:

Why are we collecting personal information about you?

We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:

  • you are a prospective, actual or former customer or you represent, work for or own a prospective, actual or former customer.
  • you provide services to us (or you represent, work for or own an organisation which provides services to us)
  • yu are a prospective, actual or former reseller of our services and technology solutions or you represent, work for or own a prospective, actual or former reseller
  • you represent or work for a regulator, certification body or government body which has dealings with us
  • you attend our seminars or events, receive our updates, articles, white papers and other collateral or visit our offices or websites.

Financial information

Bank account or payment card details, income or other financial information

Credit, anti-fraud and sanctions data

Credit history, credit score and information received from various anti-fraud and sanctions databases relating to you

Special categories of personal information

Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership

Criminal convictions information

Information relating to your criminal convictions and offences

Where do we collect your personal information from?

We collect your personal information from various sources, including:

  • you
  • your employer or the organization that you represent, work for or own
  • our service providers
  • resellers of our services and technology solutions
  • credit reference agencies
  • anti-fraud databases, sanctions lists, court judgements and other databases
  • government agencies and publicly accessible registers or sources of information
  • by actively obtaining your personal information ourselves, for example through the use of website tracking devices or the information we collect through your use of our services and technology solutions. For further details on the same, please refer to our cookie notice.

Which of the sources apply to you will depend on the particular types of personal information we are collecting, and why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or the organization that you represent, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.

What personal data do we collect about you and how do we use it?

In this section we set out in more detail:

  • the main purposes for which we use your personal information
  • the legal bases upon which we are using your personal information

Personal Data

Purpose

Legal basis

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), gender, date and place of birth, nationality, employer, job title

Identification details, as applicable and as required:

ID numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number.

SCPD, as applicable and as required: Ethnic or racial origin.

Political opinions.

Cultural or social identity.

philosophical or religious beliefs;

Trade union memberships.

Genetic data.

Biometric data (that can be used to uniquely identify someone).

Know your customer, supplier and counterparty and other legal obligations

We obtain this information about our (prospective) customers, suppliers and counterparties and their representatives and beneficial owners and others to help us comply with legislation on money laundering, terrorist financing, and sanctions.

We also collect and disclose personal information under applicable legislation and under orders from courts and regulators. Our disclosures will be to those bodies and persons who are entitled to receive the required information.

In some cases, this information will include special categories of personal data. and criminal convictions data

For all information – compliance with a legal obligation.

For special category and Criminal convictions data – preventing ordetecting unlawful acts, and suspicion of terrorist financing or money laundering.

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), date and place of birth, nationality, employer, job title

Identifiers, location information and usage of our services and technology solutions

Use of our services and technology solutions 
Access to our services and technology solutions:
Whilst we generally act as our customer's processor in processing personal information as part of our services and technology solutions, when you access and use our services and technology solutions, we may collect certain personal information as part of the initial set-up and registration process and to control access and use of the services and solutions on a day to day basis, including your name, email address and login credentials (for example, your user name). This information is used by us as part of the initial registration process, to manage your use of the application and provide it to you.
Monitoring your use of our services and technology solutions:
Our services and technology solutions allow us to track (i) the general geographic region/area from which you access and use certain of our services and solutions; and (ii) how you use our services and solutions (for example, the type of product features that you click on and use). We use this information to (i) understand how and where the application is being used and to provide, develop and improve the application; and (ii) inform our discussions with our customers about their services and solutions needs and the licensing arrangements that we have in place with them.
Use of technologies to automatically discover patterns in data sets:
We use data analytics to help us make accurate predictions and understand user behavior, for example, to model and forecast customer pipelines, sales efforts, and opportunities. Information on data analytics helps us to discover patterns in data sets (where those data sets may contain personal data) and use them to make predictions, classifications, or risk scores 
Our technology solutions also allow us to track who accesses and use the solutions (including the solution features that are being used) and users' general location (including by region and area). We do this through the collection of information such as your user and login credentials (including your name, registered email address, job title and operating system login name), IP addresses, product keys, licence codes and the data created through the use of the solution and other data collection tools. For further information on the same, please see our cookie policy. 
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.

Access to our services and
technology solutions:

Legitimate interests.
We have a legitimate interest in using your information where this is necessary or appropriate to provide our services and solutions.

Contract

We may use this data to enter a contract with you, for example where we use the details to create an account or in providing cee complying with our contract for services to you. 
Monitoring your use of our solutions:
services and technology

Legitimate interests.

We have a legitimate interest in understanding when and how our services and solutions are used and by whom.

Consent

We rely on your consent to use data analytics to understand the patterns in data sets.

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), employer, job title and other details as required under law

Service providers

We collect information about you in connection with your provision of services to us or your position as a representative or worker of a provider of services to us.
We do not generally look to collect special categories of personal data for this purpose, other than where we are required to do so to meet our legal obligations (see 'Know Your Customer and other legal obligations' above).

Legitimate interests.

We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), date and place of birth, nationality, employer, job title

Events

If you wish to attend one of our events or schedule a catch-up with us at a third party event that we are attending, we ask you to provide us with a limited amount of information (normally your work contact details, your employer's name, your job title, and the topics, services or technology solutions of interest).
We use this information in order to facilitate and communicate with you about our events and third party events we are attending. 
If you provide your details to enter a competition organized by us together with our partners, we may use your details to contact you in relation to the competition. We may also retain your details to contact you for promotional activities in the future based on your consent. 
We do not generally look to collect special categories of personal data for this purpose.

Consent:

We rely on consent to contact you in the future where we collect your personal data during the course of a competition or prize draw.

Legitimate interests.

Our events, the third party events we attend and our updates are intended primarily for customers and potential customers. We have a legitimate interest in confirming that our events and updates are being made available to their intended audience. We also have a legitimate interest in understanding your use of our events and updates, and whether this presents any opportunity for us to improve the services and solutions we offer to you.

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), date and place of birth, nationality, employer, job title
Identifiers, location information such as IP address, a website tracking code or electronic images of you and usage of our services and technology solutions, IP address, a website tracking code or electronic images of you

Marketing

We may use your name and contact details to provide you with our news updates.

Legitimate interests

Where we send you marketing communications without your consent, we do so because we have a legitimate interest in keeping you informed about seminars, events and developments in our business and the topics or technology solutions that may be of interest to you. When we send you marketing communications, there are separate laws regarding marketing communications that we adhere to, in addition to data protection laws. You may opt out of receiving marketing communications from us at any time by contacting us at by clicking the link here and selecting "unsubscribe from all communication". Each communication we send provides a straightforward means of doing so.

Individual details, as applicable and as required:

Name, address, other contact details (e.g. email and telephone numbers), date and place of birth, nationality, employer, job title
Identifiers, location information such as IP address, a website tracking code or electronic images of you and usage of our services and technology solutions, IP address, a website tracking code or electronic images of you

Relationship management

We use relationship management software to understand the strength of our relationship with our customers and potential customers, which includes individual representatives of those customers – for example records of frequency of contact with those individuals.
Where we have a sales opportunity, we may obtain information about relevant decision makers in order to improve the prospects of our sales pitch or proposal being successful. This information may come from a variety of public databases and information sources.
As part of our marketing analysis, we track how you interact with our marketing activities – in particular whether you click on any of the links in our marketing materials (such as the updates or event invitations we send you). We are able to record this information against your email address by placing 'cookies' on your device. For information on how we use cookies, please see our separate cookies notice. 
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.

Legitimate interests

We have a legitimate interest in understanding our relationship with our customers and potential customers. Using the frequency of your contact with our organization and analysing how you interact with our marketing activities is a reasonable means of doing so.
We also have a legitimate interest in understanding relevant information about you where you are likely to be involved in deciding whether you or the person you represent will buy our services and solutions.

Visitors to our websites

A number of facilities on our websites invite you to provide us with your personal information. Where you provide us with information, we will only use it for the purpose for which it has been provided by you.
Most of our websites use cookies to help them work more efficiently and to provide us with information on how the website is being used. For information on how we use cookies, please see our separate cookies notice. 
We do not look to collect special categories of personal data on our websites.

Legitimate interests.

We have a legitimate interest in providing to you the facilities on our websites that you have requested and in understanding how our websites are used and the relative popularity of the content on our websites.


Consent

We will only use cookies with your consent.

Visitors to our offices

We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need to know basis – for example, to look into an incident. CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis – for example, to look into an incident.
We do not generally look to collect special categories of personal data for this purpose.

Legitimate interests.

We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.

Establishing our legal position

We may use your personal information, including sharing it with our legal advisers, when looking to establish our legal position.
In some cases, this information will include special categories of personal data and criminal convictions data.

For all information – legitimate interests.

We have a legitimate interest in understanding and establishing our legal rights and obligations.
For special category and criminal convictions data – the establishment, exercise or defence of legal claims.

We may also use analytics data to automatically discover patterns in data sets (which may sometime contain personal data) and use them to make predictions, classification, or risk scores. We try to use data analytics in pseudonymized form.

For details on third party analytics being used on our website, please refer to our cookie notice.

  • Do we share your information with anyone else?

We do not sell your information to any third parties. We share your information in the following circumstances:

  • our organization is made up of a number of different entities around the world. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our affiliated companies. All of our affiliates companies covered by this notice manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements. Details of the affiliated companies to which this notice applies are set out in paragraph 1.1 above

     
  • if you are a customer or you work for or are a representative or owner of a customer, then we might provide your relevant information to search companies so they can verify your identity

     
  • we use the services of various external organizations to help us run our business efficiently, particularly in relation to our technology solutions. Some of these services (such as software hosting and data storage) involve the service provider holding and using any of your personal information that we collect. In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes

     
  • where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information

     
  • where we make available our services and technology solutions via resellers, we may need to provide these persons with your relevant information

     
  • if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business

     
  • we share your personal information with other third parties, such as relevant regulators, where we are required to do so to comply with legal or regulatory requirements

     
  • we may share any of your information we collect (including information relating to the access and use of our services and technology solutions) with our business owners who use this information for operational purposes (including to understand the performance of our business)

     
  • if you work for or are a representative or beneficial of a customer, then we might provide any of your information we collect relating to your access and use of our services and technology solutions to that customer.

Keeping your personal information safe

We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the services.

  • Profiling and automated decision making

We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).

  • How long do we keep your personal information? 

We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

For more information on how long we keep your personal information please contact us at legal@litera.com 

  • Cross border transfers of your personal information

We are a global business that operates, and provides services and solutions to customers located, in many different countries around the world.

The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.

Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws.

We also have in place a global data protection policy which we follow worldwide and which is based on UK, European Union and Californian data protection principles (known to be some of the toughest privacy principles in the world).

If you would like further details of how your personal information is protected when transferred from one country to another then please email us at legal@litera.com.

  • Your rights
  • Contacting us and your rights

Under certain conditions, you may have the right to require us to:

  • provide you with a copy of the personal information we hold about you
  • update any inaccuracies in the personal information we hold about you
  • delete any of your personal information that we hold about you
  • where processing is based on consent, stop that particular processing by withdrawing your consent
  • object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
  • restrict how we use your personal information
  • transfer your personal information to a third party in a standardised machine-readable format

If you would like to exercise any of your rights please contact us at legal@litera.com.

  • Your right to complain

If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority (DPA) in your country. A list of DPAs from the European Commission may be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-be. The information Commissioner is the relevant authority for the UK  https://ico.org.uk. 

If you are unsure of the authority that supervises our processing of your personal information then please email us at legal@litera.com.

  • Local differences

Whilst this privacy notice describes the data protection practices adopted by us generally across the world, local data protection laws may vary and our operations in some countries may mean that we are subject to different, or additional, local data protection requirements.

This section of our privacy notice lists those countries/states where our data protection practices differ from those set out in the rest of this notice. In the relevant countries stated below, you can find how our data protection practices differ in that country/state as well as any additional information that we are obliged to provide to you to comply with local data protection laws in that country/state.

If any of the country/state specific privacy practices and additional statements are relevant to you because of the way in which you engage with us and there is a conflict between those practices or statements and the information set out elsewhere in this notice, then the country/state specific practices and statements will take precedence.

California

The Litera Group’s Privacy Notice describes how we may collect, use and share California consumers’ information in compliance with California law, including the California Consumer Privacy Act of 2018 (CCPA) and the California Rights Privacy Act (CPRA). Therefore, the following California-specific additional information should be read in the context of the entire Privacy Notice.

Notice of California Privacy Rights

The CCPA and CPRA grants California consumers the following rights:

  • to request that a business disclose the categories and specific pieces of personal information the business has collected about the consumer;
  • to request deletion of any personal information a business has collected about the consumer;
  • to request correction of any personal information a business has collected about the consumer
  • to request limitation of the use and disclosure of certain sensitive personal information;
  • with respect to any business that sells any of your personal information to third parties [the Litera Group does not], the right to opt out of such sales; and
  • to request disclosure of the following:
    • The categories of personal information the business has collected about that consumer

       
    • The categories of sources from which the personal information is collected by the business

       
    • The business or commercial purpose for collecting or selling the personal information collected
    • The categories of third parties with whom the business shares personal information
    • The specific pieces of personal information the business has collected about the requesting consumer

California consumers also have the right not to be discriminated against due to exercise of any of the consumer’s rights including, but not limited to:

  • Denying goods or services to the consumer

     
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties

     
  • Providing a different level or quality of goods or services to the consumer

     
  • Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services

Under California’s “Shine the Light” law, California Civil Code Section 1798.83, California residents may also request businesses to provide information regarding any disclosures  made within the prior calendar year to third parties who the business knows or reasonably should know may have used the consumer’s personal information for the third parties’ direct marketing purposes. Information that California residents are entitled to include the names and addresses of any such third party businesses with whom such information has been shared, if any.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by contacting us at: legal@litera.com with the phrase “California Privacy Request” in the subject line . You must include sufficient detail for us to locate your information and contact you. Please include, at a minimum, your name, email and postal address. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to similar requests sent more than once in a calendar year.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request to know or delete related to your personal information. You may only submit a verifiable consumer request to know twice within a 12-month period. The verifiable consumer request to know or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

     
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.  

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. 

You do not need to create an account with us to submit a request to know or delete. 

We will only use personal information provided in the request to verify the requestor's identity or authority to make the request.