1. Introduction
LegalPlant AS (hereinafter “we”, “us” or “LP”) offers access to and use of LP's legal practice management technology platform, portal, software, technical interfaces and related technology (collectively the "LP Platform") as provided by us, for the purpose of enabling efficient digital legal practice management.
This Privacy Policy describes how we collect your information whenever you, whether personally or on behalf of an entity (“you”) use our services. Furthermore this Privacy Policy describes what information we collect, how it is used and with whom the information is shared. “Services” include all the ways you may interact with us; through our LP Platform, or any other interaction that includes use of our tools and products. We are responsible for all the processing and handling of personal data collected through your use of the LP Platform or through your contact with us. This means that we are responsible for complying with the Personal Data Act in the applicable jurisdiction, The General Data Protection Regulation (GDPR) and other applicable privacy regulations. The information that we collect, use and share includes, among others, your account registration information, other data you choose to upload to/on our Services, metadata, location data, and data about your device.
Your information is stored and processed in accordance with the requirements set out in The General Data Protection Regulation (GDPR), as further explained below. We will only keep your information as long as this is necessary in accordance with the purposes described in this Privacy Policy.
This Privacy Policy sets out the terms and conditions for processing and use of the personal information provided by you (or collected from you) when you use our Services. By using our Services, you are accepting our Terms & Conditions and the terms and practices described in this Privacy Policy.
This Privacy Policy applies to any users of our LP Platform or other services related thereto.
2. Collection and Use of Your Information and Data
When you use our Services, there will be certain information and data (collectively called “Data”) that you will send to us, or that we will collect from you. In the following sections below, we will set out important details regarding the collection and use of your Data.
3. Data that we collect and why
Data we collect when you register an account on our LP Platform
During registration of a user account on our LP Platform, we collect your email address and password. This is used to allow you to get a unique user ID and to let you access your account with your registered account details. Your email can also be used to reset a forgotten password, and as a method for us to contact you. This Data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a).
Data we collect when you use and interact with our LP Platform and our Services
We receive and store all Data you upload to our LP Platform such as:
Information about you:
name, occupation, title/position, email address, phone number, payment details or similar. We do this to make our Services fully functional and to provide the Services you request, and this Data is only kept for as long as required. For further information, please see the clause on “Data Deletion” below.
This Data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a).
Information about your use of our Services:
case & client related data that you submit, upload, or otherwise make available through your use and interaction with our Services, whether manually or by automated means, during the management of a legal case. If you submit questions regarding the Service, the Privacy Policy or the Terms & Conditions, this information will be saved and used to resolve your enquiries.
We collect and aggregate identifying information regarding your use of our Service, including your interaction with our Services. We collect timestamps for when certain events occur, including, but not limited to, when an account is created. In addition, we may also collect information about the device on which you are using these Services, including the type of device, the operating system you are running, certain settings on your device such as browser, language and time zone, unique device identifiers, and crash Data. We collect this information in order to provide the best possible user experience, and to improve our production tools and services.
This Data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a).
Data we collect when you browse some of our web pages
When browsing any of our webpages we will collect your Internet Protocol (IP) address used to connect your access device to the Internet and connection information such as browser type, version, preferred languages and time zone settings.
To know our audience and users better we also use Google Analytics Demographics and Interest Reporting. It collects and provides us Data about our visitors in an aggregated, non-personally identifiable way.
This Data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a).
Cookie Policy
We use cookies to better understand those who visit our LP Platform and/or use our Services so we may offer them a more tailored service. Cookies do things like prefill form fields and let you remain logged in.
Cookies are small files saved to your computer’s hard drive that track information about how you use and interact with a website. Some cookies are “session” cookies, which delete automatically when you leave our LP Platform. Others are “persistent” cookies which do not delete themselves and track your use of our LP Platform over time.
Most cookies can be disabled in your browser settings. Please read our Cookie Policy for more information.
The legal basis for this processing is your consent, cf. GDPR art. 6 no 1 letter a).
Third party collection
In order to make our Services work for the purposes intended, it is often necessary to share some of your Data with our third-party service providers. We may share your Data with our affiliates or affiliated entities that provide services or perform data processing on our behalf or for data centralization and / or logistics; with suppliers, consultants, and other service providers who need access to such information to perform work on our behalf and/or to enable them to provide the Services you requested; and with third parties you allow us to share information with, for example, other apps or sites that integrate with our API or our Services, or those with an API or service that we integrate with.
We may also allow other entities and third party’s to use cookies and similar tracking services on our LP Platform or other services related thereto.
We may share the information we collect about you with third parties as described below or as described at the time of collection or sharing, including as follows:
Third party service providers | Information and Data that are being processed | Why we use it (Purpose) | Where Data is stored |
---|---|---|---|
Google Cloud Platform | All application data such as data about clients, cases and documentation, as well as logging and application user data | Infrastructure for operating applications, including all necessary data processing in this context. | Google hosting, in EU |
Google Workspace | Documents and mail messages | Information access management and document processing | Google hosting, in EU |
Microsoft 365 | Documents and mail messages | Information access management and document processing | Google hosting, in EU |
Click Up | Support requests and onboarding processes | Used to record customer requests and to manage onboarding and customer success flows | AWS ClickUp hosting in US |
Slack | Instant messages | Communication and support system for various work flow | AWS Slack hosting, US |
PowerOffice Go | Client data, case data, hours and invoice data | Used to record hours and to present financial data about clients and cases if the user has decided to integrate with PowerOffice GO | PowerOffice Go hosting |
Tripletex | Client data, case data, hours and invoice data | Used to record hours and to present financial data about clients and cases if the user has decided to integrate with Tripletex | Tripletex hosting |
Google Tag Manager | Language, browsertype, web sessions start/stop, source of usage for each LP page, if user is new or returning, country of usage (IP based) | Used to send behavioral data to both Google Analytics and to the Amplitude Digital Optimization System | Google hosting |
Google Analytics 4 | Language, browsertype, web sessions start/stop, source of usage for each LP page, if user is new or returning, country of usage (IP based) | Used to measure how people use and interact with our service as well the effectiveness of our communication activities and advertisements. | Google hosting |
Intercom | Support request messages, name & email address, web sessions start/stop, signup/login events | Used to provide efficient support and assist your success on the platform as a user. | Intercom hosting in EU |
These third party service providers have their own privacy policies that determines how personal Data is collected and processed by the applicable third party service provider. We recommend that you familiarize yourself with such third party service providers’ privacy policies.
4. General information regarding your Data
Data - Data uploaded to our LP Platform, will be available to our personnel with the right and lawful permissions to access such Data. Personnel on our behalf, will be able to access and process the Data you upload for the purposes mentioned in this Privacy Policy. Your Data is not publicly available to other users and people outside of your organization, unless you or anyone in your organization shares access to your user account to other users or people. By sharing Data with other users and people, you acknowledge that it is possible for other users and people that have access to your account, to reproduce and store content externally, and without your consent. In such case, you are aware that your Data may be exploited by such users and people that have access to your user account, subject to their sole direction and responsibility. Such exploitation may include: to copy, modify, create derivative works of, distribute, publicly display, publicly perform, and otherwise exploit in any manner such Data in all formats and distribution channels now known or hereafter devised.
We reserve the right to immediately remove, with no prior warning, any Data or user generated content that violates our Terms & Conditions.
Compliance - We can share your Data in response to an information request from a competent authority if we believe disclosure is required by applicable law, regulation or legal process; With police officers, government agencies or other third parties if we believe your actions are not in accordance with our Terms & Conditions, Privacy Policy, code of conduct or to protect the rights, property, or security of LP or others. We will notify the users of any such disclosure as mentioned herein, if such notice (to the best of our knowledge) is not prohibited by law.
5. How we process your data
5.1. Data processing agreement
In addition to this Privacy Policy, we will enter into a data processing agreement with your company or your employer (as applicable) which sets and describes the detailed instructions in relation to the data processing activities we will carry out, as a data processor, on behalf of your company or employer (as applicable), which will be the data controller.
The Sub-processors we engage shall only Process Personal Data on the instructions from us and strictly in accordance with such instructions. This Privacy policy, our Data Processor Agreement with your company or your employer (as applicable), including its annexes, constitute the instructions on the date of your sign up to our LP Platform.
We may at any time have agreements with Sub-processors in other parts of the world, including in America, Asia or Europe, who will process your Data on our behalf and in accordance with the applicable data privacy law. Any transfer of Personal Data outside the EU/EEA area or to international organizations shall always take place in compliance with Chapter V in GDPR.
By registering a user account on our LP Platform or by using any of our Services you acknowledge that your Data may be transferred, stored, processed and used in the EU/EEA, and other countries (outside of the EU/EEA area) where any third party service providers are operating on our behalf. You also confirm that you are aware that the privacy and data protection laws in some of these countries may vary from the laws in the country where you live. Where this is the case, we will take appropriate precautions to protect your personal information pursuant to this Privacy Policy, our Data processing agreement with your company or employer (as applicable), and the applicable data protection law.
5.2. Purpose for processing your Data
We may not use your Data for any purposes other than those stated in this Privacy Policy, and in accordance with the instructions given by your company or employer (as applicable) in the data processing agreement. We will only store your Data for as long as necessary in order to fulfill the specific purpose for the processing.
5.3. Securing your Data
A description of the information security measures implemented for the protection of your Personal Data follows below:
5.3.1. Personnel and access control
- Only authorized staff with signed confidential agreements can grant, modify or revoke access to an information system that uses or houses Personal Information about our customers and users. Authorized personnel will only have access to Data needed to provide and improve our Services.
---
5.3.2. Data protection:
- We always consider suitable security measures to keep your Data protected. Like hashing of passwords and encryption of Data during transit and rest.
---
5.3.3. Contractual Control:
- We enter into data processing agreements with third parties that are processing Data on our behalf.
---
5.3.4. Logical access Control
- Your Data is logically separated from other data.
- Our database is protected from unauthorized access using passwords and IP-address whitelisting.
---
5.3.5. Business Continuity
- We ensure that Personal Information is protected against accidental destruction or loss (availability control); by performing backups either ourselves or through some of our sub-processors like Google Cloud.
6. Communications between you and LP
Email - We may send you emails regarding your account, the LP Platform and Service updates, and changes to the Terms & Conditions and Privacy Policy.
7. Data Deletion
If you want to delete your account created on our LP Platform, you can do so by automated means through the LP Platform or by contacting us at [email protected].
Note that your account data may still be present in database backups for up to 3 days, until those backups are deleted.
With regards to analytical data, such as crash reporting, we will only retain these on our 7-party servers for as long as they are required to fulfill the purposes set out above.
Please note that LP's legal obligations, e.g. statutory rules related to storage for accounting purposes, may render necessary that your Personal Data is stored after your registration with the Service is canceled.
8. Correcting and Receiving information about your Data
If you discover that any information about you on our LP Platform or in the Services we offer is incorrect or missing, please use the applicable functions to change the incorrect information on our LP Platform. If this is not possible, or you are unable to do so, please contact us at [email protected].
Subject to any laws requiring confidentiality, you have a right to receive general information about how we use your Personal Data. If you wish to receive such information, please contact us at [email protected]. Furthermore, to exert your “right to erasure” (EU GDPR, Article 17) or “right to data portability” (EU GDPR, Article 20), please contact us at the email address mentioned above.
9. Children
We do not knowingly collect or store personally identifiable information from anyone under the age of 18 years. Anyone that provides personally identifiable information through the LP Platform affirms that they are over 18 years of age. If you become aware of users under the age of 18 we advise that you contact us, and we will use reasonable efforts to prevent this particular under ages user of using the LP Platform.
10. Notices and Updates
We reserve the right to change or modify the Privacy Policy at any time without prior notice. Your continued use of our LP Platform and Services related thereto will constitute your acceptance of any revised agreements. If we make significant changes to this Privacy Policy we will notify you. We recommend that you periodically check these agreements for changes.
If you choose to use our Services, then any dispute regarding privacy matters will be subject to this Privacy Policy and our Terms & Conditions. Unless stated otherwise, our current Privacy Policy and our data processing agreement with your company or employer (as applicable) applies to all information that we collect about you and your account, including other Data and information that we collect when you interact with our Services.
If you have any concerns about privacy at LP, please contact us at [email protected], and we will try to resolve it.
If you believe that LP's processing of your Personal Data infringes relevant data protection regulations, you are entitled to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement, or other relevant supervisory authority.
11. Choice of Law and Jurisdiction
The laws of Norway shall govern the Terms & Conditions and this Privacy Policy. Should you have a dispute with us, you will first contact us by sending an email to [email protected]. Any disputes arising under the Terms & Conditions and this Privacy Policy shall be sought settled amicably. Unless an amicable solution can be obtained, the dispute shall be subject to ordinary court proceedings. The legal venue for disputes shall be Oslo District Court.
Last updated: 08.03.2023.