EXTENDLAW PRIVACY POLICY

Valid from 25 May 2018

 

1.      DEFINITIONS

For the purposes of this Privacy Policy (hereinafter the Terms), the following definitions apply:

ExtendLaw – legal person ExtendLaw OÜ (registry code 14150878 , address Liivamäe 8-13, 10113 Tallinn, Estonia, e-mail: extendlaw@extendlaw.com).

Personal data any information concerning an identified or identifiable natural person.

Personal Data Processing – any operation or set of operations which is performed on the Personal Data of the Data Subject, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data subject – natural person on whom ExtendLaw has got information or information which enables identification of natural person. For example, Users who are natural persons, Clients, Visitors, cooperation partners and employees.

Website – Websites that are under the control of ExtendLaw. Websites under the control of ExtendLaw are listed at the address: www.extendlaw.com.

Service – any services offered by ExtendLaw, including the information society service.

Application – xLaw, Legal and other legal technology applications that ExtendLaw offers or will offer in the future. The Application is intended in particular for law specialists, and the aim of the Application is optimisation of working processes, management of know- how and systematisation of legal practice (articles on law, court judgments, etc.). The Applications offered by ExtendLaw are listed on the website www.extendlaw.com. An application is at the same time a Service.

User-based function of the Application – enables a User to enter into the Application data visible only to the User, and its aim is storing, tagging and reusing of contractual clauses and legal arguments, and not collecting personal and confidential data.

Account – personal user account of the User, through which the User identifies himself of herself and that gives the User the right to access ExtendLaw Application or other Services or products.

User – visitor of the Website and user of the Application (natural person).

Client – Natural person or Legal person who uses the paid function of the Application or another Service on the basis of an Agreement. A Client who is a natural person is also a User.

Client's User – Client's (legal entity) employee or another person who is entitled to use the Application under the Agreement. The provisions applying to the User apply to the Client's User with the exemptions provided for in Clause 5 of these Terms.

Agreement – a Licence Agreement or another agreement on the provision of a Service or a contract of purchase and sale of a product between ExtendLaw and the Client.

Controller – person who determines the purposes and means of the processing of personal data.

Processor – person who processes personal data on behalf of the Controller.

 

2.         PURPOSES, BASES AND ELEMENTS OF PERSONAL DATA PROCESSING

2.1.      ExtendLaw processes Personal Data on the basis of a consent or the law.

2.2.      On the basis of a consent, personal data are processed within the limits, to the extent and for the purposes determined by the Data Subject. Consent may be given in writing, electronically or orally. Upon subscription to the newsletter or creation of an Application Account on the Website, the Data Subject grants consent freely, with full knowledge and by marking the relevant box on the Website or in the Application.

            Consent may be granted, and Personal Data may be made public on the Website, e.g. upon subscription to the newsletter, opening an Application Account, using the Application, or as a result of ordinary communication (e-mail, telephone or other media).

            On the basis of the law, among other things, Personal Data may be processed on the basis of a legitimate interest and an Agreement.

2.3.      ExtendLaw collects the following types of Personal Data:

             1)        Personal Data that the Data Subject discloses to ExtendLaw;

2)         Personal Data manifestly made public by the Data Subject;

3)         Personal Data created in pre-Agreement negotiations, and in conclusion and fulfilment of an Agreement;

4)         Personal Data received from Third parties (e.g. business partners. See clause 5 of the Terms for Client’s User who is a legal person);

5)         Personal Data created and combined by ExtendLaw (services and e-correspondence relating to the User);

6)         the Website and the Application may also contain, among other things, information containing Personal Data obtained from publicly available sources and/or to which the Public Information Act applies. The Public Information Act provides that everyone may re-use data contained in websites and public databases, access to which is not restricted, in their commercial or other private interests. For re-use, information can be downloaded in machine-readable format and mixed with information collected from elsewhere (Public Information Act § 3.1 subsection 4);

7)         data collected automatically in the Application, upon visiting the Website or upon using the Application.

ExtendLaw may use Cookies and other similar technologies that collect information on the use of the Websites and the Application and may process such data. Such information may contain, among other things, information on the hardware and software used by the User, the time of the use, and the IP-address.

8)         Personal Data obtained in connection with Trainings and question-and-answer sessions. ExtendLaw may carry out trainings, question-and-answer sessions and introductions of the Application or other services, and in connection with that the Personal Data Processing may be oriented to activities relating to training, including informing and marketing. ExtendLaw may also process activities relating to trainings relating to the Data Subject, and the data of training certificates.

 

3.         PURPOSES OF PERSONAL DATA PROCESSING

3.1.      ExtendLaw processes personal data for the following purposes:

-     for identification of the User;

-          for pre-Agreement measures;

-          for communication with the User;

for ensuring compliance with a payment obligation by the Client;

-          for the establishment, exercise or defence of legal claims;

-          for complying with an obligation arising from the law;

-          for meeting the aim of the Application;

-          for analysis and statistics;

The processing of personal data may be further regulated in an Agreement between the Client and ExtendLaw.

3.2.      ExtendLaw processes personal data for offering and provision of services, fulfilment of an Agreement and development of the Service, and for transmitting its advertisements and other information.

3.3.      The User’s identification data (first name and surname and e-mail address) are collected for the purposes of identification of the User’s entitlement to, and the extent of the use of the Application.

3.4.      Upon subscription to the newsletter, Personal Data are used in sending newsletters by e-mail to inform of the services offered by ExtendLaw.        

3.5.      Data entered into the Application by the User, data collected from publicly available sources and public websites, and information collected from public websites and public databases access to which is not restricted, on which the Public Information Act applies, are processed for the purpose of meeting the aim of the Application.

3.6.      ExtendLaw also processes Personal Data for organisational purposes, in particular for financial management and internal administration, including for the processing of the personal data of employees; and for the purposes of the management and analysis of its client base with a view to improving the availability, variety and quality of the Service, and performing User satisfaction studies.

3.7.      Data collected automatically are used for analysis and statistics purposes. Information collected through Cookies and other similar technologies (e.g. IP address) are collected for security reasons and for checking compliance with the terms of use, as well as for analysis and statistical purposes, e.g. to count Users and to ascertain user habits, and to develop and to increase the user-friendliness of the Website and the Application.

3.8.      ExtendLaw does not make automatic decisions or profile analyses regarding the Data Subject.

 

4.         PUBLISHING AND TRANSMISSION OF PERSONAL DATA

4.1.      ExtendLaw may transmit personal data to third parties with whom ExtendLaw cooperates, to perform its obligations and for other purposes described:

-          for identification and authentication of the User;

-          to service providers and developers, e.g. website administrators, providers of cloud service hosting, debt recovery service providers, legal service providers, credit status registers, IT-partners, persons mediating or providing e-mail service, accounting service providers, and payment processing service providers;

-          if it is an obligation arising from law.

4.2.      Upon transmission of data, ExtendLaw undertakes to ensure that the recipient of data follows the same principles of processing of personal data that are provided for in these Terms, and to ensure the existence of confidentiality agreements;

4.3.      ExtendLaw notifies the client immediately of a data leak or if there is a reason to believe that such leakage is likely to occur;

4.4.      ExtendLaw transmits Personal Data outside the European Union only if the European Commission has decided that „sufficient personal data protection” exists in the country, or in other cases where this is permitted under legislation, in pursuance of the requirements provided for in the legislation.

 

5.         CLIENT’S USER

5.1.      The terms and conditions set out in the Agreement with the Client are applied to a Client’s User who is a legal person.

With regard to the Users of a Client who is a legal person, the Client is the Controller, and ExtendLaw is the Processor, with regard to the personal data of the users specified by the Client, to the extent set out in the Agreement.

To obtain Access to the Application, the Client submits the data of his users (first name and surname, and e-mail address) to ExtendLaw.

5.2.      ExtendLaw processes the personal data of the Client’s User, including the data entered into the Application by the Client’s Users, as authorised by the Client, according to the Client’s instructions and pursuant to the Agreement between the Client and ExtendLaw.

A Client who is a legal person has control over the Personal Data and Account of its users, including the right to request information, to correct data, to restrict the processing of data; to restrict, suspend and terminate access to the service, and to delete data.

5.3.      ExtendLaw may transmit to the Client’s User to an e-mail address with the Client’s domain e-mails relating to the use of the Application covered by the Agreement, including newsletters, unless otherwise provided by the Agreement. With regard to Client’s users registered with other domains, the provisions of the Agreement and the relevant consent of the Client’s User are applied.

5.4.      If a Client’s User requests information concerning his or her Personal Data from ExtendLaw, ExtendLaw transmits such request to the Client who is a legal person, who can then request information on such User from ExtendLaw.

 

6.         PROCESSING OF PERSONAL DATA OF CHILDREN

6.1.      The Applications and other Services, including information society services, of ExtendLaw are not intended for children under 16 years of age.

6.2.      ExtendLaw does not knowingly collect information about persons under the age of 16, and in the case of a knowing relevant activity, we adhere to the desires of a parent or a guardian.

In the case when ExtendLaw becomes aware that it has collected Personal Data from a Child or about a Child, ExtendLaw will do its best to terminate such Personal Data Processing.

 

7.         STORAGE OF PERSONAL DATA

7.1.      ExtendLaw collects and stores Personal Data in electronic format and makes extracts from them in other formats as necessary. ExtendLaw undertakes to ensure the security of Personal Data, implementing relevant technical or organisational measures, including ensuring the existence of confidentiality agreements with cooperation partners, the employee and other persons who have Access to Personal Data.

7.2.      ExtendLaw stores Personal Data in a format that allows identification of Data Subjects only for as long as is reasonably necessary to fulfil the purpose for which personal data are processed.

7.3.      As a general rule, ExtendLaw stores Personal Data until the Data Subject desires otherwise (except as set out in clause 7.4).

7.4.      In the case of a legitimate interest, ExtendLaw may store Personal Data for a certain period of time after termination of the use of the Application or Services, in order to ensure legal interests of ExtendLaw in the event of disputes within the limitation period for claims provided for in law or in the Agreement, or if a term for storing the data is provided for by law. The term for storing the data on the basis of the purposes of processing is set out in the Processing Operations Register of ExtendLaw.

7.5.      If the term for storage of the personal data has expired, the data are destroyed using the best practices and according to the procedure established therefor by ExtendLaw.

 

8.         RIGHTS OF DATA SUBJECT

8.1.      The Data Subject has the right to notify ExtendLaw at any time by e-mail (see contact details under clause 10) of his or her desire to withdraw his or her consent to the Personal Data Processing.

8.2.      If a User requests deletion of his identification data (first name and surname, and e-mail), he will lose his or her right of access to the Application if ExtendLaw stipulates the abovementioned data as a condition for using the Application.

8.3.      The Data Subject has the right to obtain information on the Personal Data collected about him or her, the right to request the correction of inaccurate personal data and restriction of the processing of Personal Data, and the right to request deletion of his or her Personal Data and data entered into the Application, by addressing ExtendLaw by e-mail (see contact details under clause 10).

8.4.      If processing is carried out automatically and on the basis of the consent of the Data Subject or on the basis of the Agreement, the Data Subject has the right of transfer of data (the right to receive the Personal Data in machine-readable format or, if this is technically feasible, to transfer them directly to another Controller).

8.5.      The provisions of the Agreement apply to the time and form of and procedure for deletion and transmission of the data entered into the Application.

8.6.      The exemptions regarding the requesting, transmission, restriction, transfer and deletion of data provided for in clause 5 of the Terms apply to the Client’s User.

8.7.      ExtendLaw may decline a request by a Data Subject if it is unfounded or excessive, endangers the privacy of other people, is unreasonable or repeated, or requires disproportionate efforts. ExtendLaw may refuse a request to delete Personal Data if there is a legitimate interest (see clause 7.4 of the Terms).              

8.8.      The Data Subject has the right to unsubscribe from ExtendLaw information sheets at any time by clicking the button "Unsubscribe" at the bottom of the newsletter, or by notifying via e-mail: extendlaw@extendlaw.com.

ExtendLaw notes that newsletters may contain information on the services of ExtendLaw useful to the Data Subject, and other useful offers.

 

9.         OTHER TERMS

9.1.      The Data Subject has the right to address ExtendLaw by e-mail (contact details in clause 10) with questions, requests and complaints relating to the Personal Data Processing.

9.2.      The Data Subject has the right to file a complaint to ExtendLaw, the Estonian Data Protection Inspectorate or a court if the Data Subject finds that his or her rights are violated in the Personal Data Processing. The contact details of the Estonian Data Protection Inspectorate: address Väike-Ameerika 19, 10129 Tallinn, info@aki.ee; phone: +372 627 4135, http://www.aki.ee/et/inspektsioon/kontaktid-nouandetelefon.

9.3.      ExtendLaw has the right to change these Terms unilaterally. Amendments are notified on the Website, in the Application, by e-mail or by other means.

 

10.       CONTACT DETAILS

Questions and comments relating to these Terms or data processing can be addressed to the e-mail: extendlaw@extendlaw.com.

ExtendLaw OÜ

Registry code 14150878

Liivamäe 8-13

10113 Tallinn

            e-mail: extendlaw@extendlaw.com