Litera Group Privacy Notice

The Litera Group takes data privacy very seriously and this privacy notice is designed to help you understand how we use your personal information.
We encourage you to read the whole notice. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.

1. THE PURPOSE OF THIS PRIVACY NOTICE

1.1 Identity

We are the Litera Group. We are a group of organizations that, together, form the industry-leading, end-to-end provider of document lifecycle solutions. We have more than 25 years of experience of delivering innovative document technology solutions to thousands of legal, corporate, life sciences and other organizations across the globe.

This privacy notice applies to each of the organizations that form part of the Litera Group. List of the organizations that make up the Litera Group:

  • Legal Holding Company, LLC
  • Workshare Limited
  • Freedom Solutions Group, L.L.C

1.2 Our use of personal information

In common with most global organizations, we collect, use and share information, including personal information, in connection with providing our services and technology solutions and running our business.

1.3 This privacy notice

This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:

  • • Our operations in specific countries in order to help ensure our compliance with local data protection requirements
  • • Specific services that we offer to our customers from time to time.

If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.

We have a separate privacy notice that sets out how we process the personal information of our staff, which prospective, current and former members of staff should refer to.

1.4 Updating this privacy notice

This notice may be updated from time to time. This version is dated May 1, 2021.

1.5 What is personal information?

Personal information is information that relates to you or allows us to identify you. This includes obvious things like your name, address and telephone number but can also include less obvious things like analysis of your use of our websites.
There are different types of personal information. The most important types for you to know about are:

  • • Special categories of personal information – these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation.
  • • Criminal convictions information – this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.

1.6 Our responsibility to you

We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.
The exception to this is where we process your information for and on behalf of one of our customers as part of providing our services and technology solutions to them. In these cases, we act as a processor and controller of our customer and this privacy notice does not apply. You can read more about our role as a processor and controller when we provide our services and technology solutions to our customers by clicking on the following link: Litera Group Policies.

1.7 Data protection officer

We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:

  • • an email to: legal@litera.com; or
  • • a letter to: The Data Protection Officer, Litera, Milla Rahmani.

2. YOUR PERSONAL INFORMATION

2.1 Why are we collecting personal information about you?

We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:

    • • you are a prospective, actual or former customer or you represent, work for or own a prospective, actual or former customer
    • • you provide services to us (or you represent, work for or own an organisation which provides services to us)
    • • you are a prospective, actual or former reseller of our services and technology solutions or you represent, work for or own a prospective, actual or former reseller
    • • you represent or work for a regulator, certification body or government body which has dealings with us
    • • you attend our seminars or events, receive our updates, articles, white papers and other collateral or visit our offices or websites.

2.2 What personal information do we collect about you?

The types of information we process about you may include:

In respect of our customers, we have collected this information from you within the past 12 months, and we may have also collected this information from you more than 12 months ago.

2.3 Where do we collect your personal information from?

We collect your personal information from various sources, including:

  • • you
  • • your employer or the organization that you represent, work for or own
  • • our service providers
  • • resellers of our services and technology solutions
  • • credit reference agencies
  • • anti-fraud databases, sanctions lists, court judgements and other databases
  • • government agencies and publicly accessible registers or sources of information
  • • by actively obtaining your personal information ourselves, for example through the use of website tracking devices or the information we collect through your use of our services and technology solutions.

Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or the organization that you represent, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.

3. OUR USE OF YOUR PERSONAL INFORMATION

3.1 How do we use your personal information?

In this section we set out in more detail:

  • • the main purposes for which we use your personal information
  • • the legal bases upon which we are using your personal information.

4. OTHER IMPORTANT THINGS YOU SHOULD KNOW

4.1 Keeping your personal information safe

We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process.

4.2 Profiling and automated decision making

We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).

4.3 How long do we keep your personal information?

We do not keep your personal information forever.
We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

4.4 Cross border transfers of your personal information

We are a global business that operates, and provides services and solutions to customers located, in many different countries around the world.
The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.
Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws.
We also have in place a global data protection policy which we follow worldwide and which is based on European Union and Californian data protection principles (known to be some of the toughest privacy principles in the world).
If you would like further details of how your personal information is protected when transferred from one country to another then please email us at legal@litera.com.

4.5 Local differences

Whilst this privacy notice describes the data protection practices adopted by us generally across the world, local data protection laws may vary and our operations in some countries may mean that we are subject to different, or additional, local data protection requirements.
This section of our privacy notice lists those countries/states where our data protection practices differ from those set out in the rest of this notice. In the relevant countries stated below, you can find how our data protection practices differ in that country/state as well as any additional information that we are obliged to provide to you to comply with local data protection laws in that country/state.
If any of the country/state specific privacy practices and additional statements are relevant to you because of the way in which you engage with us and there is a conflict between those practices or statements and the information set out elsewhere in this notice, then the country/state specific practices and statements will take precedence.

California

The Litera Group’s Privacy Notice describes how we may collect, use and share California consumers’ information in compliance with California law, including the California Consumer Privacy Act of 2018 (CCPA). Therefore, the following California-specific additional information should be read in the context of the entire Privacy Notice.

Notice of California Privacy Rights

The CCPA grants California consumers the following rights:

  • • to request that a business disclose the categories and specific pieces of personal information the business has collected about the consumer;
  • • to request deletion of any personal information a business has collected about the consumer;
  • • with respect to any business that sells any of your personal information to third parties [the Litera Group does not], the right to opt out of such sales; and
  • • to request disclosure of the following:
    • o The categories of personal information the business has collected about that consumer
    • o The categories of sources from which the personal information is collected by the business
    • o The business or commercial purpose for collecting or selling the personal information collected
    • o The categories of third parties with whom the business shares personal information
    • o The specific pieces of personal information the business has collected about the requesting consumer

In addition to the above rights, if a business sells the consumer’s personal information to third parties [the Litera Group does not], or discloses it for a business purpose, the consumer may request disclosure of:

  • • categories of personal information that the business disclosed about the consumer for a business purpose.
  • • categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each category of third parties to whom the personal information was sold.

California consumers also have the right not to be discriminated against due to exercise of any of the consumer’s rights including, but not limited to:

  • • Denying goods or services to the consumer
  • • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
  • • Providing a different level or quality of goods or services to the consumer
  • • Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services

Under California’s “Shine the Light” law, California Civil Code Section 1798.83, California residents may also request businesses to provide information regarding any disclosures made within the prior calendar year to third parties who the business knows or reasonably should know may have used the resident’s personal information for the third parties’ direct marketing purposes. Information that California residents are entitled to include the names and addresses of any such third party businesses with whom such information has been shared, if any.

To make any of the any of the above requests related to your California rights, please contact us at: legal@litera.com with the phrase “California Privacy Request” in the subject line. You must include sufficient detail for us to locate your information and contact you. Please include, at a minimum, your name, email and postal address. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to similar requests sent more than once in a calendar year.

5. YOUR RIGHTS

5.1 Contacting us and your rights

If you have any questions in relation to our use of your personal information, please email us at legal@litera.com.

Under certain conditions, you may have the right to require us to:

  • • provide you with further details on the use we make of your personal information
  • • provide you with a copy of the personal information we hold about you
  • • update any inaccuracies in the personal information we hold about you
  • • delete any of your personal information that we no longer have a lawful ground to use
  • • where processing is based on consent, stop that particular processing by withdrawing your consent
  • • object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
  • • restrict how we use your personal information whilst a complaint is being investigated
  • • transfer your personal information to a third party in a standardised machine-readable format

In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.

5.2 Your right to complain

If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority in your country.

If you are unsure of the authority that supervises our processing of your personal information then please email us at legal@litera.com.