Privacy Policy

INTRODUCTION

This Privacy Policy governs the practices of how LegalBison.com (referred to herein as “we”, “our”, “ours” or “us”) collects, uses, transfers, and shares personal information related to your use of our Services. This Policy is designed to align with the provisions of the European General Data Protection Regulation (“GDPR”) and is committed to ensuring the transparent, lawful, equitable, and secure management of the personal data of our customers.

Our Privacy Policy explains what kind of personal data we gather through our website and Services, how and why we collect it, our purposes for its use, and the third parties with whom we may share it. Moreover, it explains how you as a data subject may exercise your rights in relation to your personal data.

Should any alterations be made to this Policy (alongside other policies, including our Terms of Service), we will notify of such changes via email as well as directly on this page.

We strongly encourage you to read this Policy in its entirety to acquire a comprehensive understanding of the processes involving your data and your associated rights. For inquiries related to this Privacy Policy, data collection and usage, data disclosure, and sharing, or any other concerns or requests related to your personal data, please do not hesitate to get in touch with us via the communication channels mentioned above.

DEFINITIONS

The following section covers the basic definitions used in this Privacy Policy. It describes what is meant by your personal data and who controls and processes your personal data.

Personal Data: Personal data means any information that relates to an identified or identifiable natural person. This includes details like names, addresses, email addresses, identification numbers, and even things like IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.

Data Subject: The data subject is the person who the personal data is about. In simpler terms, it’s you or any other individual whose personal information is being collected and processed.

Data Controller: The data controller is the one who determines the purposes and means of processing personal data. In other words, they’re the boss when it comes to deciding why and how your data is used. In this case, it would be us.

Data Processor: The data processor, on the other hand, processes personal data on behalf of the data controller. In our case, they are vendors and partners we collaborate with that process your personal data for purposes determined by us.

INFORMATION WE COLLECT

In order to provide our Services, we need to gather information about you.

 

Information that You Provide

This category covers content and details that you provide while using our Services.

When you reach out to us, we may request your contact information, including your full name, personal address, email address, and phone number. Additionally, for the purpose of verifying your identity in compliance with legislative requirements, we may collect the following personal information as outlined in the table below:

 

Category of personal information	Examples of personal information (list non-exhaustive)
Identity data	● Full name ● Date of birth ● Gender ● Nationality ● Passport number ● Social security number ● Driver’s licence number ● National ID card details
Contact data	● Email address ● Phone number ● Physical address ● Mailing address ● Emergency contact information
Financial data	● Bank account numbers ● Credit card information ● Income details ● Tax identification number ● Financial transaction history
Employment data	● Employment details ● Job titles and descriptions ● Workplace location ● Professional qualifications ● CV and resumes
Professional data	● Professional licenses ● Authorisations ● Industry certifications ● Memberships in professional bodies and associations
Technical data	● IP address ● Device type ● Browser type ● Operating system ● Geolocation data
Transaction data	● Transaction amounts ● Payment methods used ● Billing addresses
Usage data	● Website usage patterns ● Session durations ● Pages visited ● Clickstream data ● Error logs and crash reports
Communication data	● Records of communication wih us, including emails, chat logs, video and voice recordings.
Education data	● Educational history ● Degrees ● Certifications ● Transcripts ● Diplomas
Audio and Visual Data	● Photographs ● Video recordings ● Audio recordings ● Social media accouny information, including public posts
Family data	● Information about marital status ● Number of dependents ● Family member names
Marketing data	● Marketing preferences ● Subscriptions and newsletter preferences ● Responses to marketing campaigns ● Engagement with promotional materials ● Referral sources
Special (sensitive) data	● Racial or ethnic origin ● Political opinions ● Membership of a trade union ● Physical or mental health or condition ● Biometric data
Information related to convictions	Personal data related to criminal convictions and offences

 

 

Communications

If you reach out to us directly, we may request additional information such as your name, email address, personal address, phone number, and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.

Payment Information

We enable Customers to select their preferred payment method for executing payments for our Services via third-party credit and financial institutions and payment service providers. Please note that we do not retain any of your financial account information; it is securely handled by the respective payment provider. Note that these vendors may, in turn, collect and process your personal information on their behalf and in accordance with their own purposes and obligations. To learn more about how third-party payment service providers and financial institutions collect, use, and share your personal information, you are encouraged to read their privacy policies or notices provided on the official websites of the respective service providers.

Information from Third Parties

In our continuous effort to provide you with seamless and comprehensive Services, we may obtain personal data from third-party partners and vendors. In case of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process, and use your personal data before sharing it with us. These third-party partners and vendors play a vital role in enhancing the functionality and utility of our platform. Here’s how personal data from these sources may be used:

Third-Party Partners
In the course of our business operations, we may collaborate with third-party partners who refer clients to our services. These third-party partners may include but are not limited to business affiliates, referral partners, and other intermediaries. In such cases, we may receive information from these third-party partners that you have shared with them. This information may include personal, business, financial, or other relevant data that the client has provided to our partners during your interactions. Please note that prior to receiving any information from our third-party partners referring your personal information to us, we ensure that the respective third-party partners have received your consent for the sharing of your data with other entities. Thus, all the personal information shared by our third-party partners may be disclosed to us only in accordance with your consent.

Public Databases
We may obtain personal data from publicly available databases to enhance our Services and fulfill our legal and regulatory obligations. The information retrieved from these databases may include names, addresses, contact information, employment details, affiliations with restricted, sanctioned, or prohibited groups and associations (as defined by relevant legal acts) as well as other publicly accessible data. This data assists us in various functions, such as identity verification, fraud prevention, and compliance with relevant laws and regulations.

Identity Verification Partners
To ensure the security and integrity of our Services, we collaborate with identity verification partners who provide us with access to specific personal data required for identity verification purposes. This data may comprise full names, address information, identification document images and data, personal identification codes, identification document holder photos, date of birth, citizenship, place of birth and other relevant identity-related data.

Credit and Financial Institutions
In compliance with the law and industry standards, we may obtain personal data from financial and credit institutions. This data can encompass financial transaction history, account balances, credit scores, account details as well as other financial information. This information is crucial for enabling financial transactions and ensuring compliance with relevant regulations.

Marketing Partners, Advertisers and Analytics
In collaboration with marketing partners, we may collect personal data to better understand your interaction with our website and Services. This data aids us in refining our marketing strategies and offering you personalized recommendations. In turn, advertisers may provide us with personal data to assess the effectiveness of advertising campaigns and optimize ad targeting, while analytics partners help us gain insights into how you use and interact with our platform. The data shared with us by the aforementioned partners may include user preferences, interaction patterns, user behavior on our website, response to marketing campaigns, interest-based data, click-through rates, conversion data, session durations, traffic sources, clickstream data as well as other relevant data.

HOW WE USE YOUR DATA

Lawful Basis and Legitimate Interest
Our collection, use, and sharing of your personal data are founded on various lawful bases, depending on the context. The following scenarios represent the circumstances in which we engage in data collection:

Consent: We process your personal data when you grant your explicit consent. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them. Examples include subscribing to our marketing notifications and campaigns or permitting the use of your personal information to enhance your experience while using our website and Services.

Performance of a contract: We process your information when it is essential to perform a contract with you (for example, our Terms of Service). This encompasses situations where your data is required for processing and finalizing your orders or adhering to the terms of any other contractual agreement we have entered into with you. It also includes enforcing the terms of this Policy and other agreements, providing our Services, ensuring the quality of our Services, and offering customer service and support.

Legal Obligation: We use your data when there is a legal obligation that necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.

Legitimate Interests: We may process your personal data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our website and Services, maintaining proper security measures, and preventing illegal activities related to your data. Our legitimate interests are pursued only when they do not infringe upon your fundamental rights.

In the section below you will find the list of purposes for which we process and use your data, and what lawful bases we invoke for its processing and use.

I. Visitors to our website

When you visit our website, we collect various categories of personal data. These categories include аilling out online forms to contact us, subscribing to newsletters, opting in to receive marketing communications, participating in surveys, and so forth. Information that we collect about you may include any of the following:

• Name
• Job title, job function, or role
• Educational background
• Company or organization details
• Company-related data
• Contact details, such as primary email address and phone numbers
• Demographic information, like industry, location, postal code, preferences, and interests
• Any other data relevant to customer information forms or surveys
• Information necessary for providing our services to you
• Any additional personal data voluntarily provided by you in regard to the above-mentioned

Please note that we do not intentionally collect sensitive category data unless you choose to share such data with us voluntarily. You are under no obligation to disclose sensitive personal information, and we do not intend to process it. If you choose to share sensitive personal information with us, you shall give your explicit consent to such collection and processing, reproducible in writing. Unless such concern is received from you, we will not process any sensitive data shared by you, whether accidentally or on purpose.

If you contact us through our website, your personal data will be stored in our CRM system. Data of registrants is deleted if there has been no active engagement with our company for 24 months, or earlier if required by applicable law.

If you have opted out of receiving our newsletter and other publications, your basic contact details will be retained on our opt-out list.

Purposes for which we process your personal data related to your visits to our website and lawful bases for processing are as follows:

 

Purposes

Lawful bases

Website Administration and Security: administering and managing our website, including verifying and authenticating your identity, preventing unauthorized access to restricted areas of our website.   Personalized Browsing Experience: enhancing your browsing experience by presenting content, including targeted advertising, that is more relevant and interesting to you.   Data Analysis: analyzing visitor data and website traffic information, gathering web metrics to understand how users navigate our website, assessing website usage and demographic characteristics of our visitors.   Identification of Affiliation: identifying the company, organization, institution, or agency with which you are associated.   Business Development: developing and improving our business and services. Marketing Communications: providing you with marketing communications, materials, and information.   User Experience Enhancement: understanding how visitors utilize our website’s features and functions.   Compliance Monitoring: monitoring and enforcing compliance with applicable Terms of Service.   Quality and Risk Management: conducting reviews for quality and risk management purposes.   Effective Information Delivery: ensuring effective delivery of services and information to you.   Other Purposes: processing your data for any other purposes for which you have provided information to us.

Legitimate Interests:   ● Our legitimate interest in delivering information and services effectively to you. ● Our legitimate interest in enhancing and improving our website and your user experience.   Explicit consent provided by the website visitor.

 

 

II. Clients

When you engage our professional services, we collect and process personal data for legitimate business reasons related to those services.

The majority of the personal data we gather and employ to deliver our services is either voluntarily provided by our clients or obtained from third-party sources at the request of our clients. As a result, if you are our client, you will generally have a clear understanding of the personal data we collect and utilize. This information may encompass:

• Essential details, including your name, your affiliated organization, your position, and your relationship with other individuals.
• Contact information, such as your postal address, email address, and telephone numbers.
• Financial information, including payment-related details.
• Any other personal data concerning you or other third parties that you provide to us for the purposes of receiving our services.

We employ this information for various purposes, including:

• Providing services tailored to your needs;
• Managing and maintaining our contractual relationship;
• Meeting accounting and tax requirements;
• Conducting marketing and business development activities;
• Complying with legal and regulatory obligations;
• Utilizing data for historical and statistical analyses.

Please note that due to the wide range of our services provided to our clients, purposes and legal bases for its collection and processing may vary depending on the type of service provided. Below are some examples (non-exhaustive) of personal data categories relevant to our primary service areas.

 

Service Area	Purpose Description	Examples of data collected	Legal bases
Determination of Economic Strategy	Analysis and Development of Economic Strategy: ● Analyzing and developing an effective economic strategy tailored to the client’s specific needs; ● Assessing market trends, evaluating potential opportunities, and identifying growth areas.   Market Research: ● Gaining insights into market dynamics, customer preferences, and emerging trends; ● Assisting the client in making informed decisions regarding market entry and expansion.   Competitive Analysis: ● Conducting competitive analysis, which involves gathering information about competitors and their strategies to help clients gain a competitive edge.   Financial Forecasting: ● Financial forecasting; ● Creating accurate projections and financial models to assist clients in planning their economic strategies.   Strategic Planning: ● Supporting clients in strategic planning; ● Assisting clients in setting objectives, defining tactics, and outlining a clear path for achieving their economic goals.	● Name, contact details, such as name, address, telephone numbers and email address, position, and organization. ● Information on client’s income, expenses, investments, and financial statements; ● Data related to client’s market trends and consumer preferences ● Information about client’s competitors and their strategies. ● Information about key decision-makers within the client’s organization.	Legitimate Interests: assisting clients in developing effective economic strategies and making informed business decisions.   Performance of a contract: when providing these services, processing personal data is necessary to fulfill our contractual obligations to our clients.   Consent: In some cases, we may seek consent to process personal data, especially when it involves sensitive or specific data categories.
Search and Training of Personnel	Identifying and recruiting qualified personnel: ● Identifying, assessing, and recruiting qualified personnel on behalf of clients; ● Assessing candidates’ qualifications, skills, and experience.   Job market assessments: ● Providing clients with insights into the job market; ● Job market assessments, including salary trends and demand for specific roles.   Job profiling: creating job profiles to match candidates with suitable clients.   Candidate sourcing: ● Sourcing potential candidates who match client requirements; ● Conducting interviews and recommendations to the clients as well as assessing candidates’ suitability for specific roles and specific clients.   Training program development: ● Tailoring programs to enhance the skills and performance of recruited personnel; ● Developing training programs for employees and workers of the client, including those sourced and provided by us.   Work performance monitoring: ● Monitoring the work performance of selected candidates and providing feedback to clients.	● Name, contact details, education, work history, and skills of candidates; ● Client’s organization, job requirements, and preferences; ● Data related to job market trends and salary benchmarks; ● Data on training needs, progress, and performance; ● Data on candidates’ work performance and feedback.	Performance of a contract: processing is necessary for the performance of a contract with the client to identify and recruit personnel.   Legitimate Interests: processing is based on our legitimate interests in conducting job market assessments, job profiling, candidate sourcing, and providing effective training programs.   Consent: in cases where explicit consent is required, we will seek consent from candidates before processing their personal data for specific purposes, such as job profiling or training program development.
Financial and Accounting Consulting	Financial management advisory: providing advisory services on financial management, including strategies for efficient financial operations.   Budgeting: assisting clients in budget planning and management.   Financial reporting: generating financial reports and ensuring compliance with reporting standards.   Accounting standards compliance: providing guidance on compliance with accounting standards and regulations.   Financial modeling: developing financial models for forecasting and decision-making.   Risk assessment: assessing and managing financial risks.   Financial decision support: providing insights and support in making informed financial decisions.	Data that we process and use for services related to accounting and accounting consulting may include, inter alia:   ● Transaction records: detailed records of financial transactions, including invoices, receipts, purchase orders, and sales records. ● Payroll data: Information about employees’ salaries, wages, bonuses, deductions, and tax withholdings. ● Bank statements: bank account statements and reconciliation data to track income and expenses. ● Asset and depreciation records: information about assets owned by the client, including their value, depreciation schedule, and disposal records. ● Tax records: relevant tax documentation, including tax returns, filings, and correspondence with tax authorities. ● Financial statements: comprehensive financial statements, including balance sheets, income statements, and cash flow statements. ● Expense receipts: receipts and supporting documentation for business expenses. ● Inventory data: information on inventory levels, valuations, and tracking of goods sold. ● Vendor and supplier information: details about suppliers, their invoices, and payment terms. ● Customer information: data about customers, sales transactions, and outstanding invoices. ● Contractual agreements: copies of contracts, agreements, and legal documents related to financial matters. ● Employee records: personnel files, employment contracts, and records of employee benefits. ● Financial software data: access to accounting software systems and related data to manage financial records efficiently. ● Regulatory filings: compliance with regulatory requirements, such as filings with government agencies. ● Audit trails: detailed audit trails and documentation for financial transactions for auditing purposes. ● Data backups: regular data backups and disaster recovery plans to safeguard financial information.   Data that we process and use for services related to financial consulting and related services may include, inter alia: ● Financial statements: detailed financial statements, including balance sheets, income statements, and cash flow statements. ● Income and expense records: detailed records of income sources and expenses, including documentation of all financial transactions. ● Bank account statements: statements from bank accounts, savings accounts, and other financial institutions to track transactions. ● Tax returns: past and current tax returns, including supporting documentation. ● Insurance policies: Details of insurance coverage, including life, health, property, and casualty insurance, for risk assessment. ● Debt and liabilities: information about outstanding loans, mortgages, credit card balances, and other liabilities. ● Estate planning documents: Copies of wills, trusts, and estate planning documents to ensure alignment with financial goals. ● Client agreements: Contracts and agreements outlining the terms of engagement between the financial service provider and the client. ● Client’s business data: financial information related to the client’s business operations, revenue, and profitability. ● Financial software access: access to financial software systems for data analysis and reporting. ● Financial projections: data used to create financial forecasts and projections for strategic planning.	Performance of a contract: processing is necessary for the performance of a contract with the client to provide financial and accounting consulting services.   Legal Obligation: processing is required to comply with legal obligations related to financial reporting and accounting standards.   Legitimate Interests: processing is based on our legitimate interests in providing financial consulting, risk assessment, and financial modeling services.   Consent: in cases where explicit consent is required, we will seek consent from individuals before processing their personal data for specific purposes, such as financial decision support.
Tax Advisory and Consulting	Tax compliance: assisting clients in complying with tax laws and regulations by preparing accurate and timely tax returns and filings.   Tax advisory: providing clients with professional advice on various taxation matters, including tax deductions, credits, exemptions, and incentives.   Record keeping: ● Maintaining records of all financial and tax-related information; ● Ensuring that clients have a clear history of their tax compliance.   Tax payment: facilitating the calculation and submission of tax payments to the appropriate tax authorities on behalf of clients.   Tax reporting: generating accurate tax reports and statements required by tax authorities and government agencies.   Tax research: conducting research on evolving tax laws, regulations, and rulings to ensure clients’ tax strategies remain up-to-date and compliant.   Client communication: ● Communicating with clients regarding their tax-related matters; ● Providing updates on tax laws, and advice on tax-saving opportunities.	Financial records: detailed financial records, including income statements, expense records, and financial transactions, to calculate taxable income.   Tax returns: previous tax returns to review past tax filings and identify potential deductions or credits.   Income documentation: documentation of various sources of income, including rental income, dividends, and interest income.   Expense documentation: receipts and records of deductible expenses, such as business expenses and charitable contributions.   Investment statements: statements from investment accounts showing capital gains, losses, and investment income.   Property records: records related to property ownership, including real estate transactions and property tax assessments.   Business financials: financial statements and records for businesses, including profit and loss statements, balance sheets, and business tax returns.   Bank statements: bank account and other financial institution statements and records to track financial transactions and account balances.   Dependents and family information: information about dependents, family members, and their financial situations for tax credit and deduction purposes.   Tax notices and correspondence: copies of any tax-related notices or correspondence from tax authorities.   Legal documents: legal documents related to trusts, estates, or other legal entities that may have tax implications.   Business tax records: Business-related tax records, including payroll tax information, sales tax records, and business licenses.   Tax identification numbers   Tax credits and deductions: information on eligibility for tax credits and deductions   Foreign income and assets: Documentation related to foreign income, foreign bank accounts, and foreign assets for compliance with international tax laws.   Tax payment records: records of tax payments made to tax authorities, including payment dates and amounts.	Performance of a contract: processing personal data is necessary for the performance of a contract with the client. Tax consulting services require the collection and analysis of personal financial data to fulfill contractual obligations.   Legal Obligations: processing personal data is necessary to comply with legal obligations, such as tax reporting and compliance with tax laws and regulations imposed by government authorities.   Legitimate Interests: this includes providing effective tax advisory services to clients while ensuring compliance with tax laws.   Consent: in some cases, when providing additional or specialized tax services beyond the scope of routine tax compliance, explicit consent from the client may be required.
Sales and Marketing Consulting	Sales and marketing strategy development: ● Creating and enhancing client sales and marketing strategies; ● Market research, competitor analysis, and marketing plan development.   Branding and advertising: assisting clients in developing branding strategies, advertising campaigns, and promotional materials to maximize market reach and profitability.   Digital marketing: optimizing digital marketing efforts, including website performance, social media engagement, and email marketing campaigns.   Market research: conducting market research and analysis to identify opportunities for growth and market expansion.   Client communication: communicating with clients about marketing and sales strategy updates, campaign performance, and recommendations for improvement.	Contact information: client names, email addresses, phone numbers, and physical addresses for communication and coordination.   Company information: details about the client’s company, including its name, industry, size, and location.   Marketing and sales data: information related to the client’s marketing and sales activities, such as customer databases, leads, sales figures, and marketing campaign performance data.   Market research data: data collected during market research activities, including consumer preferences, market trends, and competitor analysis.   Digital marketing data: information about online marketing efforts, including website analytics, social media engagement, and email marketing data.   Branding information: details about the client’s brand identity, logos, slogans, and branding strategies.   Advertising materials: copies of advertising materials, including brochures, flyers, digital ads, and promotional content.	Performance of a contract: sales and marketing consulting services require the collection and analysis of personal data to fulfill contractual obligations.   Legitimate interests: this includes providing effective sales and marketing strategies and consulting services to our clients while ensuring compliance with relevant regulations.   Consent: in some cases, explicit consent from the client may serve as the legal basis for processing personal data, especially when collecting data for specific marketing campaigns or research.   Legal Obligations: processing personal data is necessary to comply with legal obligations, such as data protection regulations and marketing-related laws.
Administrative Services	Daily operations management: managing and supporting the client’s daily operational activities, including communication, task coordination, and scheduling.   Administrative staff support: providing administrative support to the client’s staff, including assistance with administrative tasks, document management, and office organization.   Office management: overseeing and optimizing office operations, including space management, resource allocation, and supply inventory.   Workflow optimization: analyzing and optimizing workflow processes, identifying bottlenecks, and implementing improvements to enhance organizational efficiency.   Process streamlining: assisting in streamlining processes, reducing redundancies, and improving overall productivity within the client’s organization.	Contact information: client names, email addresses, phone numbers, and physical addresses for communication and coordination.   Employee data: information related to the client’s employees, such as names, positions, work histories, and contact details.   Organizational data: details about the client’s organization, including structure, departments, and workflow processes.   Operational data: data pertaining to the client’s daily operations, including schedules, task assignments, and productivity metrics.   Process improvement data: information related to process optimization efforts, including workflow analysis, efficiency assessments, and recommended improvements.	Performance of a contract: administrative services require the collection and use of personal data to fulfill contractual obligations.   Legitimate interests: processing personal data is based on the legitimate interests of both the administrative service provider and the client. This includes providing effective administrative support and services while ensuring compliance with relevant regulations.   Consent: in some cases, explicit consent from the client or their employees may serve as the legal basis for processing personal data, especially when collecting data for specific administrative tasks or projects.   Legal Obligations: processing personal data is necessary to comply with legal obligations, such as data protection regulations and employment-related laws.
Legal Services	Legal consultation: providing legal advice and consultation to the client on matters related to their business operations, compliance, and legal risks.   Contract drafting: drafting contracts, agreements, and policies on behalf of the client to ensure legal compliance and protection of their interests.   Compliance monitoring: monitoring and advising on compliance with legal regulations, including the preparation of necessary documentation for AML/CTF compliance.   General legal information: providing the client with general legal information to help them operate within the bounds of applicable laws and regulations, thereby mitigating legal risks and disputes.   Legal memorandums and opinions: preparing legal memorandums and opinions to support the client’s decision-making and legal strategies.	Client information: client’s name, contact details, business information, and legal entity details.   Legal representatives: information about the client’s legal representatives, including their names, positions, and contact details.   Contract parties: data related to parties involved in contracts or agreements, such as names, roles, and contact information.   AML/CTF Data: information required for Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) compliance, including identity verification data, including, inter alia, any of the following: ● Details about the beneficial owners of the client’s company, including their names, addresses, dates of birth, and percentage of ownership. ● Personal identification data of individuals associated with the client’s business, including passports, driver’s licenses, or other government-issued identification documents. ● Information about financial transactions conducted by the client’s business, including the amounts, dates, and parties involved. ● Data collected during the customer due diligence process, such as background checks, sanctions lists screening, and risk assessments. ● Records related to the client’s AML/CTF program, including policies, procedures, risk assessments, and reports of suspicious activity. ● Records of AML/CTF training provided to employees and relevant personnel within the client’s organization. ● Documentation submitted to regulatory authorities related to AML/CTF compliance, such as reports and notifications. ● Information collected during sanctions screening processes to ensure compliance with relevant sanctions lists. ● Data related to the retention and maintenance of AML/CTF records and documentation as required by regulatory authorities. ● Correspondence with regulatory authorities, internal reports, and any external reporting related to AML/CTF compliance efforts. ● Information used to assess and categorize the AML/CTF risks associated with the client’s business operations.   Legal documentation: documents and records related to legal matters, contracts, agreements, policies, and compliance documentation.   Financial information: in cases where financial matters are involved, financial data such as income, expenses, financial statements, and tax-related information may be collected and processed.   Corporate governance data: information about the structure, ownership, and governance of the client’s business, including details about shareholders, directors, and officers.   Litigation data: if the client is involved in legal disputes, information related to litigation, including court filings, case details, and correspondence with opposing parties.   Intellectual property data: information about intellectual property assets, including trademarks, patents, copyrights, and trade secrets.   Employee data: employee-related data if legal matters involve employment issues, such as employment contracts, HR records, and personnel data.   Regulatory compliance data: data related to regulatory compliance, which may include licenses, permits, and regulatory filings.   Mergers and acquisitions data: in cases of mergers, acquisitions, or business transactions, data related to due diligence, transaction documents, and integration planning.   Real estate data: information regarding real estate holdings or transactions, including property titles, leases, and related agreements.   Vendor and supplier data: data related to contracts and agreements with vendors, suppliers, and service providers.   Data security and privacy information: Information related to data security and privacy compliance, including policies, procedures, and breach response plans.   Client communications: correspondence and communications between the legal service provider and the client, including emails, letters, and meeting notes.     Legal opinions: information contained in legal memorandums, opinions, and advice provided to the client.	Performance of a contract: processing personal data is necessary for the performance of a contract with the client, especially when providing legal services and drafting legal documents on their behalf.   Legitimate Interests: processing personal data is based on the legitimate interests of both us and the client. This includes providing essential legal advice and services to protect the client’s legal rights and interests.   Legal Obligations: processing personal data is necessary to comply with legal obligations, such as maintaining AML/CTF compliance and providing legal documentation required by regulatory authorities.   Consent: in some cases, explicit consent from the client may be required, especially when specific legal services or advice are requested.
Information Technology Services	Service delivery: providing IT services, including setup, maintenance, and support of IT infrastructure, software development, cybersecurity, and data management.   User authentication: authenticating users and granting access to IT systems and services.   Communication: communicating with clients and authorized users regarding IT-related matters, including support requests and system updates.   Software usage analysis: monitoring and analyzing the usage of software applications and systems for performance optimization and issue identification.   CRM system management: managing customer and contact data, facilitating sales and marketing activities, and maintaining CRM system functionality.   White-Label Solutions: recommending, implementing and maintaining white-label solutions according to client requirements.   Data privacy compliance: assessing and ensuring compliance with data privacy regulations, including data protection impact assessments.   Service Agreements: fulfilling contractual obligations under IT service agreements, contracts, and service-level agreements.   Issue resolution: addressing and resolving  IT support tickets, service requests, and incidents reported by clients.	User account information: data related to user accounts, including usernames, email addresses, and login credentials, to provide access to IT systems and services.   Contact information: personal contact details of employees and authorized users, such as names, phone numbers, and email addresses, for communication and support.   Device and hardware information: information about devices and hardware used by the client’s organization, including serial numbers, specifications, and configurations.   Network information: data about network configurations, IP addresses, and network traffic for network management and optimization.   Software usage data: information about the use of software applications and systems, including login/logout times and activity logs, for monitoring and troubleshooting.   Data backups: data related to the backup and recovery of client data, including backup schedules, data retention policies, and backup copies.   Cybersecurity data: information collected for cybersecurity purposes, such as firewall logs, intrusion detection system data, and security incident reports.   Data management records: records related to data storage, processing, and retention, including data classification, encryption, and data access controls.   Service tickets and requests: records of IT support tickets, service requests, and incident reports, including details of the issues reported and actions taken.   Software development records: documentation related to software development projects, including code repositories, project plans, and software specifications.   IT asset inventory: records of IT assets and equipment, including asset tracking information, warranty details, and maintenance records.   CRM System data: information stored within CRM systems, including customer and contact data, sales and marketing records, and communication history.   White-Label Solutions data: data related to the implementation and use of white-label solutions, including customization and branding details.   Data privacy and compliance records: documentation related to data privacy and compliance efforts, including data protection impact assessments and compliance reports.   Service agreements and contracts: records of IT service agreements, contracts, and service-level agreements (SLAs) governing the provision of IT services.   Communication records: logs of communications, including emails, chat messages, and support tickets, for customer support and issue resolution.	Performance of a contract: processing personal data is necessary for the performance of a contract with the client, such as IT service agreements.   Legitimate Interests: processing is necessary for legitimate interests in maintaining IT infrastructure and providing support to our clients.   Consent: processing is based on the explicit consent of individuals when required, such as for certain marketing or communication activities.   Legal Obligations: processing is necessary to comply with legal obligations, including data privacy and cybersecurity regulations.
Technology Consulting	Providing technology advice: offering tailored technology recommendations and advice to clients based on their specific needs and objectives.   Project management: overseeing and managing technology projects, including planning, execution, and monitoring.   Communication: facilitating communication between the consulting team and the client throughout the engagement.   Assessment and analysis: conducting assessments of the client’s current technology landscape and provide analyses to identify areas for improvement.   Compliance and security: ensuring that technology solutions align with data security and compliance requirements, where applicable.   Documentation: maintaining records of project details, recommendations, and progress for reference and reporting.	Contact information, such as names of individuals involved in the technology consultation, email addresses, and phone numbers.   Professional information: job titles or roles of individuals within the client’s organization, company or organization names, department or division information, and information related to the client’s industry.   Project-related information: project requirements and goals, technology preferences and specifications, project budgets and timelines.   Documentation related to technology projects.   Technical data: information about the client’s existing technology infrastructure, data related to software and hardware used by the client.   Financial information: budgetary information related to technology investments and cost estimates for technology solutions.   Data security and compliance information: information about the client’s data security and compliance requirements; Documentation related to regulatory compliance.   Data related to end-users or customers impacted by technology solutions.	Performance of a contract: processing personal data is necessary for the performance of a contract between us and the client.   Legitimate Interests: The processing is based on the legitimate interests of both the consulting firm and the client in receiving valuable technology advice and services.   Consent: processing is based on the explicit consent of clients when required in certain situations, such as the processing of their personal data for technology consulting purposes.

 

In addition, we also process personal data for the everyday processes related to client acceptance, finance, administration, and marketing. The categories of personal data collected for the aforementioned processes include the following:

1. Identification Information:
   а. Full names of individuals involved in the client engagement.
   b. Identification numbers (e.g., passport numbers, national ID numbers).
2. Contact Information:
   a. Email addresses.
   b. Phone numbers.
   c. Postal addresses.
3. Professional Information:
   a. Job titles or roles of individuals within the client’s organization.
   b. Company or organization names.
   c. Department or division information.
4. Financial Data:
   a. Financial information related to the client, including financial statements, income, and assets.
   b. Bank account details for payment processing.
   c. Billing and invoicing information.
5. Background Information:
   a. Background checks related to the client’s history and reputation.
   b. Conflict of interest assessments.
6. Legal and Regulatory Compliance Data:
   a. Information related to audit independence, anti-money laundering (AML), and other compliance checks.
   b. Data necessary to meet legal or regulatory requirements applicable to the organization.
7. Marketing Data (if applicable):
   a. Marketing preferences and communication preferences.
   b. Records of interactions with marketing materials and campaigns.

We process personal data related to the aforementioned processes for the following purposes:

Client acceptance: assessing the eligibility and suitability of clients, including conducting background checks, conflict assessments, and reputational checks.
Financial and administrative processes: managing financial transactions, billing, invoicing, and other administrative tasks related to client engagements.
Audit independence: ensuring compliance with audit independence requirements, where applicable.
Anti-Money Laundering (AML): complying with AML regulations and performing due diligence on clients to detect and prevent money laundering activities.
Legal and regulatory compliance: fulfilling legal and regulatory obligations, including reporting requirements and compliance with industry-specific regulations.
Marketing and communication: communicating with clients for marketing purposes, provide updates, and manage marketing campaigns.

Legal bases for processing personal data for client acceptance, finance, administration and marketing include the following:

1. Performance of a contact: processing personal data is necessary for the performance of a contract between us and the client.
2. Compliance with Legal Obligations: processing is necessary to comply with legal and regulatory requirements to which we are subject to.
3. Legitimate Interests:processing is based on our legitimate interests in conducting necessary client acceptance, financial, administrative, and marketing processes.
4. Consent:in cases where consent is required, clients may provide consent for the processing of their personal data for marketing and communication purposes.

III. Collection and Processing of Personal Data of Individuals Connected to the Client

We understand that our client engagements often involve interactions with individuals who are connected to our clients but may not be considered our direct clients. These individuals may include employees, suppliers, business partners, financial administrators, debtors, claimants, and parties involved in legal proceedings. We are committed to safeguarding the privacy and personal data of these individuals and ensuring that their data is processed in compliance with the GDPR.

The personal data collected in connection with individuals connected to our clients may include, but is not limited to:

1. Identification information:full names, identification numbers (e.g., passport or national ID numbers);
2. Contact information:email addresses, phone numbers, postal addresses;
3. Professional information:job titles, roles, company or organization names, department or division information;
4. Financial data:financial information related to the individual, such as income, assets, and financial statements;
5. Transactional data:data related to business transactions, contracts, and financial interactions;
6. Legal and regulatory data: information related to legal proceedings, claims, compliance with legal and regulatory requirements.

We may process personal data of individuals connected to our clients for the following purposes:

1. Client support: to provide support, assistance, and services to our clients in their interactions with individuals connected to them;
2. Contractual obligations:to fulfill contractual obligations with our clients, including contractual relationships with suppliers, business partners, and service providers;
3. Financial and administrative processes: to manage financial transactions, billing, invoicing, and other administrative tasks related to client engagements;
4. Legal and regulatory compliance:to ensure compliance with legal and regulatory requirements, including responding to legal claims and conducting legal proceedings;
5. Business operations:to support our business operations and functions, including communication with client-related individuals.
6. Communication: to communicate with individuals connected to our clients for legitimate business purposes.

The processing of personal data of individuals connected to our clients is based on the following legal bases:

1. Performance of a contract: processing is necessary for the performance of a contract between us and our clients or for taking pre-contractual steps at the request of the client.
2. Legitimate interests: the processing is based on our legitimate interests in conducting necessary business operations, client support, and compliance with legal requirements.

IV. Data in our Customer Relationship Management system (CRM)

We utilize a CRM system to efficiently manage and maintain our client relationships and associated business processes. The CRM system plays a crucial role in our operations, allowing us to provide quality services, enhance communication, and ensure the effective management of client-related information.

The personal information processed within our CRM system may include, but is not limited to:

1. Identification information:names, titles, and other identification details.
2. Contact information: email addresses, phone numbers, postal addresses.
3. Professional information:job titles, roles, and company or organization affiliations.
4. Communication history:records of interactions, communications, and engagements with our clients and related individuals.
5. Business relationship information: information related to client engagements, contracts, agreements, and business interactions.
6. Marketing and communication preferences: data regarding client preferences for receiving marketing materials and communications.

We process personal information in our CRM system for the following purposes:

1. Client relationship management:to maintain and manage client relationships effectively, including communication, support, and service delivery.
2. Communication: to facilitate communication with clients, prospects, and individuals associated with our clients.
3. Service provision: to support the provision of services and deliverables to our clients.
4. Marketing and promotion:to send marketing materials, newsletters, and updates about our services, subject to applicable consent and preferences.
5. Business development: to identify potential business opportunities, assess client needs, and improve our services.
6. Record keeping:to maintain accurate records of client interactions, engagements, and contractual agreements.

The processing of personal data in our CRM system is based on the following legal bases:

1. Legitimate interests: the processing is based on our legitimate interests in conducting necessary business operations, client support, and compliance with legal requirements.
2. Consent: processing is performed on the basis of the client’s explicit consent.

 

V. Communication Tools and Data Collection

We offer various communication channels to facilitate interaction, including email and telephone. Below, we outline the tools we use for communication and the legal bases for data collection.

1. Communication Tools

• Email: We utilise email as a means of communication with our clients. When you communicate with us via email, we use various tools to ensure that communication held via email is secure and information that you may share with us by means of email communication is transmitted safely and securely. In some cases, this means that emails that you send to your dedicated manager or other dedicated recipient will be read by another individual duly authorised to do so for the purposes of ensuring security of communication.
• Telephone: Our clients can reach us by phone for direct and immediate communication. Please note that telephone calls may be recorded for quality assurance and training purposes.
• Messengers and online chat tools: We also offer communication through messenger platforms to facilitate real-time interactions.

2. Legal Bases for Data Collection
   1. Performance of a contract: the primary legal basis for collecting and processing your personal information during communication is the necessity of processing for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This includes processing personal information to fulfill our obligations under any service agreements or contracts with our clients.
   2. Legitimate interests: we may also rely on our legitimate interests to collect and process personal information for communication purposes. Our legitimate interests include providing efficient and responsive client support, managing and improving our services, and ensuring effective communication.
   a. When recording telephone calls, we rely on legitimate interests and compliance with legal obligations.We may record calls for purposes such as ensuring the quality of our services, training our staff, and complying with legal requirements.
3. Consent: In some cases, we may seek your explicit consent to process personal information for specific communication purposes. If we do so, we will provide clear and transparent information about the purposes of processing and seek your consent before proceeding.

 

VI. Job Applicants

To facilitate the recruitment process and ensure fair and efficient evaluation of candidates, we collect and process personal data from job applicants. This section outlines the purposes for which we process job applicant data, the types of data we collect, and the legal bases for processing.

We may collect various types of personal data from job applicants, including:

• Contact information: name, address, email address, and phone number.
• Professional information:resume/CV, cover letter, employment history, qualifications, skills, and references.
• Identification information: identification numbers, such as passport or driver’s license (if required for the position).
• Interview and assessment data:notes and assessments from interviews, tests, or other evaluation methods.
• Diversity and inclusion data:information related to diversity and inclusion, such as gender, ethnicity, and disability status (provided voluntarily and for statistical purposes only).

Please note that we collect job applicant data from various sources to ensure a comprehensive evaluation of candidates. This section outlines the sources from which we may collect job applicant data:

1. Directly from job applicants: when you submit your application, resume/CV, and cover letter through our official recruitment channels, we collect data directly from you.
2. Job application portals: we may collect data from job application portals or recruitment websites where you have posted your resume/CV or applied for positions related to our company.
3. Government agencies:in some cases, we may obtain publicly available data from government agencies, such as unemployment funds or labor departments, as part of our recruitment efforts.
4. Professional networking sites: we may access and collect data from professional networking sites (e.g., LinkedIn) if your profile is publicly accessible and relevant to your application.
5. Recruitment agencies and headhunters: data may be received from recruitment agencies or headhunters acting on your behalf or as intermediaries in the job application process.
6. References:with your consent, we may contact the references you provide to verify information and gather additional insights.
7. Employment verification services:we may use third-party services to conduct background checks or verify employment history, with your consent.
8. Assessments and tests: data from assessments, tests, or evaluations conducted during the recruitment process is collected as part of your application.
9. Publicly available information:we may collect publicly available information from reputable sources that may be relevant to your application, such as professional publications or news articles.
10. Social media profiles:if your social media profiles are publicly accessible and relevant to your application, we may collect data from these profiles.
11. Recruitment events and job fairs: data may be collected from individuals who attend our recruitment events or job fairs and express interest in job opportunities at our organizations.
12. Internal referrals:our current employees may refer candidates for job openings. In such cases, we collect data provided by employees and the referred candidates.
13. Third-Party screening services: for specific roles, we may engage third-party screening services to verify qualifications, including educational and professional credentials.

Please note that we prioritize transparency and will inform you of the sources from which we collect your data during the recruitment process. Your privacy and data protection are important to us, and we ensure that data collected from these sources is relevant to the job application process and processed in accordance with applicable laws and regulations.

We process job applicant data for the following purposes:

• Recruitment and selection: to assess your qualifications and suitability for the position you have applied for, including evaluating your skills, experience, and background.
• Communication:to communicate with you throughout the recruitment process, including scheduling interviews, providing updates, and informing you of the outcome.
• Compliance: to comply with legal and regulatory requirements related to recruitment and employment.
• Internal reporting:to analyze and report on our recruitment processes and make improvements as needed.

We process job applicant data based on the following legal bases:

• Legitimate interests:we have a legitimate interest in evaluating job applicants to identify the best candidate for a position. Our legitimate interests include managing our recruitment process efficiently and ensuring we select qualified candidates.
• Compliance with Legal Obligations:we may process your data to comply with legal and regulatory requirements related to recruitment and employment.
• Consent:In some cases, we may seek your consent for specific data processing activities, such as conducting background checks. If we do so, you will be informed and can withdraw your consent at any time.

VII. Former Partners, Employees, and Contractors

We recognize the importance of handling personal data responsibly, even after the end of a professional relationship. This section outlines how we may process the personal data of former member firm partners, employees, and contractors and the purposes for such processing.

1. HR records and administration:personal data, including employment history, performance records, and contact information, may be retained for HR administration purposes, such as reference checks or responding to inquiries related to past employment.
2. Compliance and legal obligations: we may process personal data as necessary to fulfill legal, regulatory, or compliance obligations, including but not limited to tax reporting, auditing, or responding to legal claims.
3. Alumni and networking: we value the contributions of former members, and we may maintain contact information to facilitate alumni networks, event invitations, or professional networking opportunities.
4. Communication and announcements: we may use contact details to communicate important announcements, updates, or information relevant to the professional community, such as industry insights, conferences, or training opportunities.
5. Reference checks:with your consent, we may provide references or employment verifications to future employers or institutions, as requested by former members.
6. Monitoring and reporting:data may be processed for monitoring and reporting purposes, such as diversity and inclusion reporting, provided that such reports do not include identifiable personal data without consent.
7. Compliance with legal requests: personal data may be disclosed in response to valid legal requests, such as subpoenas or court orders.
8. Research and statistical analysis:we may use aggregated and anonymized data for research, statistical analysis, and industry benchmarking to enhance our business practices and services.
9. Data protection obligations:we continue to uphold data protection obligations and security measures to safeguard former members’ data from unauthorized access or breaches.

We process personal data of former member firm partners, employees, and contractors based on legitimate interests, legal obligations, and, where required, their explicit consent.

HOW WE SHARE YOUR DATA

We may share the information we collect with various third parties to support and enhance our business operations.

Please be aware that certain service providers operate outside of the EU/EEA area. For detailed information on how your data is handled when shared with third parties located outside of the EU/EEA, please refer to the section on  Data Transfers Outside EU/EEA below. This section clarifies the types of third parties with whom we share information and highlights the presence of non-EU/EEA service providers for transparency regarding data handling practices.

 

Vendors and Service Providers

We collaborate with vendors and service providers who assist us in maintaining and optimizing our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers, IT partners, such as hosting and software providers as well as sales and marketing products.

Credit and Financial Institutions

We may share your information with credit and financial institutions for various purposes, starting from your contractual obligations to pay the fee for the provision of our Services, to assignments associated with your project, such as opening corporate and personal accounts. Payment providers collect information specifically for the purposes for which the information is shared with them: for further details, please kindly read the privacy policy of the respective credit or financial institution used by you. Please note that while we may forward your information to credit and financial institutions, we never keep your payment information or use it in any way but to keep records of funds received and performing accounting-related obligations and Services.

Identity Verification Services

To ensure compliance with legal requirements under relevant law and to uphold the safety, transparency, and lawfulness of your activities, we utilize third-party identity verification services. By using our verification partners’ services, we cross-reference the personal information you provide, or that is provided by a third party, with the information available in our verification partners’ databases and/or public records.

Advertisers

In our commitment to providing you with a seamless experience, we may share certain information with advertisers who play a role in enhancing our Services. These advertisers assist us in delivering relevant content and promotions tailored to your interests. The information shared with advertisers may include user preferences, interaction patterns, engagement with advertising campaigns, and interest-based data. Our collaboration with advertisers aims to provide you with advertisements that align with your preferences and interests.

Business Partners

To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields. The data shared with business partners can encompass a variety of relevant information to support our shared objectives. Any information shared is handled in compliance with data protection laws and regulations, and it is used exclusively for the purposes of delivering the intended services and enhancing your overall experience.

Law Enforcement

In exceptional circumstances and as required by applicable laws and regulations, we may share your information with law enforcement agencies and competent authorities. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our clients. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for the purposes of financial crime, money laundering and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.

Transfers, Mergers and Acquisitions

In cases of our insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.

HOW YOUR DATA IS SECURED

We consider the security of your personal information to be of paramount importance. We employ a range of technical, organizational, and administrative measures designed to safeguard your data against unauthorized access, disclosure, alteration, and destruction. These security measures include:

 

Data Encryption: We utilize industry-standard encryption protocols to protect data during transmission and storage. This ensures that your information remains confidential and secure.

Access Controls: Access to your personal information is restricted to authorized personnel who require access for legitimate business purposes. Access controls and authentication mechanisms are implemented to verify and restrict access.

Employee Training: Our team is trained in data security best practices to ensure they handle your information with care and adhere to strict data protection guidelines.

Data Backups: Regular data backups are performed to prevent data loss in case of unexpected events or system failures.

Incident Response: We have established incident response procedures to promptly address and mitigate any security incidents or breaches, should they occur.

Regular Audits and Updates: Our team conducts regular security audits and updates to identify and mitigate potential vulnerabilities or weaknesses in our infrastructure.

Data Minimization: We collect and store only the minimum amount of personal information necessary to facilitate your transactions and provide our Services. Unnecessary data is not retained, reducing the potential impact of any security incidents.

Third-Party Vendors: When third-party vendors are involved in data processing, we ensure they meet stringent data security standards and adhere to our data protection policies.

Physical Security: Physical access to data centers and offices where personal information is stored is restricted and monitored.

Privacy by Design: Data protection principles are integrated into our business processes and IT systems from the outset.

While we take extensive measures to protect your data, it’s essential for Customers to also play a role in their data security. Here are some steps that you can take to ensure the security of your data when they engage with our Services:

• When sharing sensitive information with us, such as financial data or personal details, it’s a good practice to use secure channels. Email encryption or secure online portals can help protect your data during transmission.
• Always verify that you are dealing with one of our legitimate business entities. Scammers sometimes pretend to be us and may try to socilit you into paying for non-existent services or commit to signing contracts that will never be fulfilled. You can check our official website, contact our customer support or corporate service specialist to confirm the authenticity of our activities, or use official contact details to verify any other crucial details.
• If you have concerns about how we handle your data, don’t hesitate to ask questions. You can inquire about our data security measures, encryption protocols, and data retention policies to ensure your information is handled safely.
• Familiarize yourself with this Privacy Policy and our Terms of Service fully and carefully. This will give you a better understanding of how your data will be used, stored, and protected.
• If you need to create accounts or access online platforms related to our services, use strong, unique passwords. This adds an extra layer of security to your data.
• If any of your personal or financial information changes, make sure to inform us promptly. Accurate data helps us provide you with the best service and ensures your records are up to date.
• If you ever notice anything unusual or receive suspicious requests that seem to be from us, report it immediately. This can help us investigate and prevent potential security breaches.
• Store any physical documents or files securely, especially if they contain sensitive information. Use locked cabinets or safes, and avoid leaving them in easily accessible places.
• Stay updated on the latest security practices and potential threats. Being aware of common scams and frauds can help you recognize and avoid them.

If you ever have concerns about the security of your data, suspect any unauthorized activity, or would like to know the specific measures undertaken to secure your personal data, please don’t hesitate to contact us at hello@legalbison.com. You can also refer all relevant questions to the contact person, such as the customer support or corporate service specialist, that you usually deal with.

DATA RETENTION

Your personal information is held and stored securely for the duration of your active account with us. We are committed to retaining your personal information only for the period necessary to fulfill the specific purposes for which it was collected. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered.

Personal information related to our legal obligations, such as compliance with anti-financial crime and anti-money laundering laws and regulations, may be stored for as long as mandated by these legal requirements. To fulfill our professional and legal obligations, protect, exercise, or defend our legal rights, and for archival and record keeping purposes, we are required to retain information for extended periods of time. During the retenrion period, we are dedicated to upholding our legal obligations and ensuring that data is retained as necessary to meet these standards.

We regularly review the personal data we hold to ensure that it is accurate, up-to-date, and still necessary for the intended purposes. When data is no longer required for these purposes, it will be securely deleted or anonymized.

If you have provided consent for the processing of your personal data, you have the right to withdraw that consent at any time. Upon receipt of your withdrawal request, we will assess whether we can continue processing your data based on other lawful bases and will inform you accordingly.

When your personal data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (where applicable), we will take steps to securely delete or anonymize it to prevent unauthorized access or use.

 

YOUR RIGHTS AS DATA SUBJECT

You have certain rights regarding the personal data that we collect and use. These rights are designed to provide you with control and transparency over your data. The following are your rights as a data subject:

Right to Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we are processing your personal data and, if so, access to specific details of that processing.

Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request the correction or completion of such data.

Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain circumstances. This right is not absolute and may be subject to legal requirements or legitimate interests that override your request.

Right to Restriction of Processing: You can request the restriction of processing of your personal data in certain situations. This means that we will limit the way in which we use your data, but we may continue to store it.

Right to Data Portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

Right to Object: You have the right to object to the processing of your personal data, including for direct marketing purposes or when we rely on legitimate interests as our legal basis for processing.

Rights Related to Automated Decision-Making and Profiling: We commit to transparent and fair automated decision-making processes. If you are subject to automated decision-making that produces legal effects or significantly affects you, you have the right to request human intervention and reconsideration of the decision.

 

Exercising Your Rights

To exercise any of the rights outlined above or if you have any questions or concerns regarding the processing of your personal data, please contact your dedicated corporate service specialist. They will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.

You will not be charged a fee for accessing your personal data or exercising any of the rights outlined above. In the rare event that your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request. Alternatively, we may choose to refuse to comply with your request in these exceptional circumstances. If such a situation arises, we will provide a clear and transparent explanation for our decision. Please note that we will always act in accordance with applicable data protection laws and regulations when assessing the reasonableness of any fees or the validity of requests.

Under the GDPR, we are committed to responding promptly to legitimate requests regarding your personal data. The statutory period for us to reply to such requests is one month from the date of receipt. However, in situations where the request is particularly complex or there is a high volume of requests, we may extend this period by up to two further months as necessary. This extension will be based on a careful consideration of the complexity and number of requests received.

 

 

DATA TRANSFERS OUTSIDE EU/EEA

As some of our business partners, vendors and service providers are located outside of the European Union or European Economic Area, we may need to transfer your personal data to countries outside of the EU/EEA zone.

We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected.

Transfers to and from Processors in Countries with Adequacy Decisions
Some of our data processing activities may involve transfers to and from data processors located in countries that have received adequacy decisions from the European Commission. Adequacy decisions confirm that these countries provide a level of data protection that is deemed equivalent to EU/EEA standards. When such transfers occur, your data is adequately protected by the recipient’s legal framework.

 

Transfers from and to Other Countries
In cases where data is transferred to countries that do not have adequacy decisions or other recognized mechanisms, we utilize Standard Contractual Clauses (SCCs) as provided by the European Commission. SCCs are a set of contractual terms and conditions approved by the European Commission, providing a framework for the lawful transfer of personal data that impose data protection obligations on both parties involved in the data transfer and ensuring that your data remains protected according to EU/EEA standards. These clauses include provisions that require the recipient to provide an adequate level of data protection.

We are committed to ensuring that all international transfers of your personal data are conducted with the utmost care and in compliance with relevant data protection regulations. If you have any questions or concerns about international data transfers or the mechanisms we employ to protect your data, please do not hesitate to contact us at hello@legalbison.com.

POLICY CHANGES

We may periodically update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or to improve transparency and clarity. Any substantial changes to this Privacy Policy will be incorporated directly into the Policy available through our official website. We encourage you to review this Policy periodically to stay informed about how we handle your personal data. Additionally, you will be notified of any important updates and changes to the Privacy Policy via e-mail.

 

CONTACT DETAILS

For any inquiries, requests, or concerns related to this Privacy Policy or our data processing practices, please contact us by sending a request to hello@legalbison.com.