Last Updated: 4/30/2018
This Privacy Notice explains how information is collected, used, stored, and disclosed by Everlaw. It applies to information collected when you use or access our public websites (everlaw.eu and everlaw.co.uk) or software product (“Product”) (collectively, the "Everlaw Service"), attend an Everlaw event, or otherwise interact with us.
If you use the Everlaw Service as part of an entity or organisation that has an agreement with Everlaw (like your employer), the terms of that organisation’s contract for the Everlaw Service prevail for any conflicting or inconsistent provisions.
Please read the following carefully to understand how we will collect, use, and maintain your personal information. It also describes your rights regarding the correction and removal of your personal information.
Changing our Notice
We may change this Privacy Notice from time to time. If we make any changes, we will notify you by revising the "Last Updated" date at the top of this Privacy Notice and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you an email notification).
If there are material changes to this Privacy Notice, we will notify you directly by email or by means of a notice on the homepage prior to the change becoming effective. We encourage you to review our Privacy Notice whenever you access the Everlaw Service to stay informed about our information practices and the ways that you can help protect your privacy.
If you disagree with any changes to this Privacy Notice and do not wish your information to be subject to the revised Privacy Notice, you will need to deactivate your account with us by contacting email@example.com and stop using the Everlaw Service. Your use of the Everlaw Service shall constitute your consent to the present Privacy Notice.
What Information We Collect
We may collect certain user information, including personal data, after obtaining your consent or through contractual provisions governing our relationship with you.
Information You Provide To Us. We collect information you provide directly to us including when you use the Everlaw Service. This information includes personal data.
- We collect information, including personal data, from you after obtaining your consent and/or when you enter into an agreement with Everlaw for a Product account in order to perform our contractual obligations in providing the Everlaw Service.
- This includes personal data required to create or modify your profile and account, access and use the Everlaw Service (including but not limited to when you upload, download, collaborate on, or share files or other information), participate in any interactive features of the Everlaw Service, submit a contact or consent form, participate in a survey or event, or request customer support.
- The personal data that we may collect directly from you include your name, username, email address, postal address, phone number, information about your Product account preferences, employer’s name, job title, transactional information (including services purchased or subscribed to and billing address), as well as any contact or other information you choose to provide.
- Upon your consent, this personal data will be processed for the purpose of facilitating the provision of the Everlaw Service to you and engaging with you about our product and offerings.
- We store the files or other information that you upload or provide to the Everlaw Services ("Content") in order to provide you with the features and functionality of the Everlaw Service.
Information We Collect Automatically When You Use the Everlaw Service. When you access or use the Everlaw Service, we may automatically collect information, including personal data, about you, including:
- Usage, Log, and Device Information: We collect information from your use of the Everlaw Service, such as number of visitors and visits, geo-location data, length of time spent on the site, IP address, pages clicked on, system activity, hardware settings, browser type, browser language, the date and time of your visit, and the referral URL. We collect information on user activity in connection with the Everlaw Service and may collect information about the features you use, the Content you upload, download, share, or access while using the Everlaw Service, the Content you access, and any actions taken in connection with the access and use of your Content in the Everlaw Service.
- Collaboration and Sharing Features: The Everlaw Service offers collaboration features which allow you to share your Content through the Everlaw Service. As a function of the collaborative nature of the Everlaw Service, and based on the permissions and settings you choose, the use of such features enables the sharing of Content with those you wish to collaborate. For more information about such collaboration and sharing features, we encourage you to review the information provided on https://support.everlaw.com.
Updating Your Information and Deactivating Your Account. You can update, correct, or modify your account information at any time by logging into your Everlaw Product account. If you need help accessing, modifying, or deactivating your account within the Product, please email firstname.lastname@example.org.
A Note about Do Not Track (“DNT”). Some browsers offer a “do not track” (“DNT”) option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
How We Use Information Collected
We use the information collected through the Everlaw Service as part of our processing of personal data in order to facilitate provision of the Everlaw Service and engage with you about our product and offerings. The following are examples of how we use the information that we collect:
- To provide, operate, maintain, and improve the Everlaw Service;
- To enable you to access and use the Everlaw Service that you request, including sending you technical notices, updates, security alerts, and support and administrative messages;
- To provide and deliver the services and features you request, process, and complete transactions, and send you related information, including purchase confirmations and invoices;
- To respond to your comments, questions, and requests, and provide customer service and support;
- Following your consent, to communicate with you about services, features, surveys, newsletters, offers, promotions, events, and provide other news or information about Everlaw and our select partners;
- To process and deliver survey entries and rewards;
- To review and analyse trends, usage, and activities in connection with the Everlaw Service and following your consent, for marketing or advertising purposes;
- To investigate and prevent fraudulent transactions, unauthorised access to the Everlaw Service, and other illegal activities;
- To personalise and improve the Everlaw Service, and provide content and/or features that match your interests and preferences or otherwise customise your experience on the Everlaw Service; and
- For other purposes about which we notify you in advance or for which we receive your consent.
What Information We Share or Disclose to Others
We will not share personal data about you or any Content with any third parties except as described in this Privacy Notice, or as defined in an agreement with us in connection with the Everlaw Service (including a Data Processing Addendum, as applicable). Information that may be shared, pursuant to any applicable agreements, includes:
- Third-Party Service Providers. We may share your information with third-party service providers who are working on our behalf and require access to your information to carry out that work, such as to process billing or as it relates to a Product feature. These service providers are authorised to use your personal data only as necessary to provide services to Everlaw. Everlaw enters into Data Processing Addendums as required.
- Compliance with Laws. We may disclose your information to a third party: (a) if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or government request; (b) to enforce our agreements and policies; (c) to protect the security or integrity of the Everlaw Service; (d) to protect Everlaw, our customers, or the public from harm or illegal activities; (e) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or (f) as otherwise directed by you.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Your personal data may be part of the transferred assets. Data processing for this purpose is a legitimate business interest. You may be notified thereafter of any such change in ownership or control.
- Aggregated and/or Anonymised Data. We may also share aggregated and/or anonymised information with third parties that does not directly identify you. For example, in an ongoing effort to better understand and serve the users of the Everlaw Service, we may conduct research on customer demographics, interests and behavior based on the personal information, interviews, and other data provided to us. This research may be compiled and analysed on an aggregate basis, and we may share this aggregated data with our agents and business partners. This aggregated information does not identify you personally. We may also disclose aggregated user statistics in order to describe the Everlaw Service to current and prospective business partners, and to other third parties for other lawful purposes.
Links To Third-Party Websites
We may place links on the Everlaw Service, including the Everlaw Blog. When you click on a link from our website to a third-party website, your activity and use is governed by that website’s policies; not by those of Everlaw. We encourage you to review their privacy and user policies.
How We Store Information
By using and accessing the Everlaw Service, you understand and agree to the storage of information and any other personal data in the region of which data and information is stored on Everlaw’s server, or as defined in an agreement with us (including a Data Processing Addendum, as applicable).
How We Secure Information
We have adopted reasonable physical, technical and organisational safeguards against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, access, use or processing of information we collect. We also choose to undergo security testing by an independent third-party auditor.
You may access your Product account information and our Product only through the use of an individual user ID and password. To protect the confidentiality of personal data and information, you must keep your password confidential and not disclose it to any other person. Please advise us immediately if you believe your password has been compromised in any way. In addition, always log out and close your browser when you finish your session. Please note that we will never ask you to disclose your password to us.
If you have any questions about the security of your personal information, you can contact us at email@example.com.
Our Global Data Privacy and Protection Practices
Everlaw updated our internal governance structure in light of the General Data Protection Regulation (“GDPR”), including policies, procedures, staff training, security measures, and this Privacy Notice.
Currently, Everlaw uses Standard Contractual Clauses, under Directive 95/46/EC of the European Parliament and of the Council (“Directive”), as the basis for Everlaw’s approach to global data privacy protection. These Standard Contractual Clauses provide appropriate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and the exercise of the corresponding rights.
If you or your organisation is required under the GDPR to enter into a contract or other binding legal act under EU or Member State law with your data processors, and Everlaw is acting as a processor for you, as a controller, as those terms are defined by GDPR, you need to review and accept Everlaw’s Data Processing Agreement by contacting firstname.lastname@example.org.
For all requests surrounding your personal data or questions about your rights per this Privacy Notice, please contact us at email@example.com, and we will respond promptly.
- Right to Access, Rectification, or Erasure. You have the right to access, update, correct, or delete your personal data. You also have the right to rectify any inaccuracies in your personal data.
- Right to Restrict Data Processing. You have the right to restrict the processing of your personal data upon request if it is (a) inaccurate or unlawful, (b) under contest, or (c) no longer being processed for the original purpose. Everlaw may continue to process the data if it is necessary to resolve legal claims, for the protection of the rights of another person, or for reasons of important public interest. If Everlaw objects to the restriction of data processing, we will notify you promptly after receiving your request.
- Right to Data Portability. You have the right to request and obtain your personal data that you provided to us or that we collected through your consent or contractual agreements. We will provide your information in a commonly used, machine-readable format promptly, but no longer than 90 days from the initial request depending on the complexity and volume of requests. If circumstances arise where we are unable to complete your request, we will promptly provide a relevant explanation, as well as inform you of additional steps that you may take.
- Retaining Your Personal Information and Data. We will retain your personal data to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for as long as your Everlaw Product account is active or as needed to provide you with the Everlaw Service, but no longer than the period necessary to fulfill the purposes outlined in this Privacy Notice.
- Receiving Promotional and Other Communications. We will obtain your consent before sending you promotional, newsletter or Product information emails that we feel may interest you. We may obtain consent from you through in-person interactions, a website contact or consent form, by phone, or by email. You may opt out by either checking the relevant box on the communication consent form, by following the opt-out instructions provided in our emails to you, or by emailing us with your specific request. If you opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Everlaw Service or those about your Product account or our ongoing business relations.
- Disabling Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies or to prompt you before accepting such a cookie. Please note that, if you choose to remove or reject browser cookies, this could affect the availability or functionality of the Everlaw Service. When accessing the Everlaw websites, you will be prompted to choose to continue or learn more about adjusting your browser settings.
- Withdrawing Your Consent. You may withdraw any consent you previously provided to us for the processing of your personal data. As required by applicable law, we will apply your preferences going forward, within a reasonable amount of time. Even where you withdraw your consent, we may still process your personal data for limited purposes, for example, to give effect to your request or to safeguard our business. In some circumstances, withdrawing your consent to our use or disclosure of your personal information will mean that you cannot use our Product or Everlaw Service.
- Lodging a Complaint with a Supervisory Authority. You have the right to submit a complaint to an EU supervisory authority if you believe that your personal data has been processed in a manner that is not compliant with the GDPR. You also have the right to submit a complaint to an EU supervisory authority if Everlaw is unable to comply with your right of data portability or does not respond to your request within a timely manner.
Data Protection Officer
Effective from 25 May 2018, Everlaw will appoint a Data Protection Officer if and when required by GDPR Article 37 and by the Data Protection Laws. The Privacy team, including any appointed Data Protection Officer, may be reached at firstname.lastname@example.org or via the contact information provided below.