Effective date: 24 November 2021
Legal Software Pty Limited and each of its global subsidiaries and affiliates (collectively, “LEAP”, “we”, “us” or “our”) respect your privacy and are committed to processing your personal information in accordance with applicable law. Full details of each of our global subsidiaries and affiliates can be found here.
This Privacy Policy (“Policy”) applies to all websites, applications, and other services operated or furnished by LEAP linking to or posting this Policy (our “Services”).
This Policy explains how we collect, use, maintain and disclose information collected about you, including when you visit or use our Services, attend a LEAP event, or otherwise interact with us.
If you use our Services as part of an entity or organisation that has an agreement with LEAP (such as your employer), the terms of that organisation’s contract for your use of our Services may restrict our collection or use of your personal information further to what is described in this Policy.
Please read this Policy carefully to understand how we will collect, use, maintain and disclose your personal information. This Policy also describes your choices regarding use, access and correction of your personal information. By using our Services, you acknowledge and agree to the processing of your personal information as set out in this Policy.
This Policy may be updated from time to time for reasons such as operational or regulatory changes. If we make any changes, we will notify you by posting the revised Policy on this page, revising the “Effective Date” at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a notice to our Services prior to the change becoming effective, or by sending you an email notification). We encourage you to periodically review our Policy for the latest information on our privacy practices and the ways you can help protect your privacy.
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”) and other applicable laws globally, the LEAP entity that is responsible for your personal information (the “data controller”) is the LEAP entity in the jurisdiction where your personal information is collected. For more information about your data controller ask your LEAP business contact, consult our list of locations here, or contact us using the details below.
Should there be no LEAP entity in the jurisdiction where your personal information is collected, Legal Software Holding Pty Limited located at Level 11, 207 Kent Street Sydney NSW 2000 is deemed to be the data controller responsible for your personal information.
If you have questions about this Policy, or the manner in which LEAP collects, uses or otherwise processes your personal information, including the transfer or onward transfer of your personal information outside your jurisdiction of residence, please contact us at:
Privacy Officer, Leap Global
For Australia: 1800 007 709
For Europe: (44) 845 683 2517
For the US: (844) 702 5327
For Canada: (437) 900 2140
Level 11, 207 Kent Street Sydney
NSW, Australia 2000
When you use or access our Services or otherwise interact with us, we may collect a variety of information about you and others, as described below. Such information includes, but is not limited to, information about you which is in a form that permits us to identify you either on its own or in combination with other available information (your “personal information”).
Information you provide to us. We collect information that you provide to us, or that someone on your behalf (such as your employer or account administrator) provides to us. For example, when you contact us about our Services, complete our “Request Demo” (or similar) online form, request our marketing materials, create a user account on our Services, access and use our Services, send an email via our Services, request customer support or technical assistance, attend an event, apply for a job with us, or communicate with us by phone, email, via third-party social media sites or otherwise. The types of information may include:
LEAP will take all reasonable precautions to ensure the personal information it has collected remains correct and accurate. You can choose not to provide your personal information to LEAP, however it may mean that we are unable to provide you with the Service required.
Information we collect automatically. When you use or access our Services, we may also collect certain information through automated means, including but not limited to some or all of the following:
Cookies and similar tracking technologies. As with most websites and other digital services, we employ cookies, pixel tags, web beacons, and similar technologies to collect and store certain information about visitors to our Services. We use this information to improve our Services, and to help us remember you and your preferences when you next visit our Services. We may allow selected third parties to place cookies through the website to provide us with better insights into the use of the website or user demographics or to provide relevant advertising to you. These third parties may collect information about a user’s online activities over time and across different websites when he or she uses our website. For more information about our practices in this area, please see our Cookie Notice.
Information we collect from other sources. When using our Services, you may upload documents containing personal information (including sensitive personal information) relating to third parties. Our Services also involve storage of your appointments and sending emails on your behalf. These may include confidential or proprietary information about a company, or personal information relating to individuals. LEAP will not access these documents or view their content in the normal course, unless instructed by the relevant customer or where required as part of our Services, such as to provide maintenance services or troubleshooting, etc. We process any personal information contained therein as a “service provider” or “data processor” (as defined by applicable law) on behalf of, and pursuant to the instructions of, our customers.
To the extent permitted by applicable law, we may also collect information about you from third party suppliers and government database services. We will process such information in line with this Policy and applicable law.
We process your personal information for the purposes set out in this Policy only where we have a valid legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal information and the data protection law that applies with respect to LEAP’s activities in your jurisdiction.
We will use your personal information for the following purposes as is necessary for the performance of our obligations under our customer terms, or to answer questions or take steps at your request prior to entering those terms:
We may use special category or “sensitive” personal information, such as health data, to provide you with specialised services, such as disabled access to our events, where you have given your consent to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law).
We use your personal information for the following purposes as is necessary for certain legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time):
If you apply to work for LEAP, we will use your personal information in the following ways as necessary in our legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law) and to decide whether to enter into a contract with you:
We may process your personal information to protect your vital interests or the vital interests of another person (for example, lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety).
Where permitted by applicable law and our contract obligations to customers, LEAP may aggregate your non-personally identifiable data. This data will in no way identify you or any other individual. LEAP may use this aggregated non-personally identifiable data to:
When LEAP is acting as a data processor or service provider, LEAP will process personal information in compliance with the instructions of its customers, who act as data controllers in respect of such data and will be responsible for ensuring that the personal information is appropriate and only processed for limited purposes.
There are circumstances where we wish to share or are compelled to disclose your personal information to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this Policy.
To the extent permitted by applicable law, we may share your personal information with the following third parties for the purposes listed in this Policy:
We may disclose personal information to public authorities and other third parties, to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce other agreements you may have with LEAP, to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a reporting agency for fraud protection) or as otherwise permitted by applicable law. Except to the extent prohibited by applicable law, we reserve the right to disclose information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
We may also share aggregated or anonymous information that cannot identify you with third parties. For example, we may share the number of visitors to our Services and what features were used.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If you become aware that an individual has provided us with personal information, please contact us using the contact details contained in the “Contact us” section at the beginning of this Policy. If we become aware that an individual under the age of 18 has provided us with personal information, we will take steps to delete such information.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures designed to safeguard and secure personal information we process. Some examples of the measures we take to help protect your personal information include:
However, the internet is not in itself a secure environment and we cannot give an absolute assurance that personal information submitted online will be secure at all times. Transmission of information over the internet is at your own risk and you should only enter, or instruct the entering of, information to the Service within a secure environment.
We recommend you take every precaution in protecting your personal information when you are on the Internet. For example, change your passwords at least once a year. Passwords should not include your name, date of birth or other personal data. A combination of upper and lower-case letters, numbers and symbols is recommended for less than 12 characters long passwords. Make sure you use a current antivirus and an up-to-date operating system and Internet browser. It is your responsibility to keep your password to our Services safe. You should notify us as soon as possible using the “Contact us” section at the beginning of this Policy if you become aware of any misuse of your password, and immediately change your password within the Services.
We will store your personal information in a form which permits your identification for no longer than is necessary for the purpose for which such personal information is processed. Please note, however, that we may retain and use your personal information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements and rights, or if it is not technically and/or reasonably feasible to remove it. Consistent with these requirements, and to the extent required or permitted (as the case may be) by applicable law, we will try to delete your personal information quickly upon request.
When LEAP is acting as a data processor or service provider, when the provision of our Services to a customer cease, we will, as agreed with the customer, return or securely delete personal information processed on behalf of that customer, unless we are required to retain the personal information by applicable law.
Where we process your personal information on behalf of a LEAP customer as a service provider or data processor, we will retain such information in line with our customer’s instructions and our contractual obligations. You may have the right to ask the controller of your personal information to delete, block or correct such personal information in line with applicable data protection law.
Our Service is hosted and operated in the United States, the United Kingdom, Ireland, Australia, Canada and New Zealand through LEAP and its service providers. By using our Services you acknowledge that your personal information may be accessed by us or transferred to us in those jurisdictions, and accessed by or transferred to our personnel, affiliates, partners, and service providers who are located around the world.
Where required by applicable laws, we will take appropriate measures to ensure adequate protection of your personal information when transferred internationally and, if necessary, seek your prior consent. Such measures may include use of data transfer agreements or official transfer mechanisms such as data authority approved contractual clauses. For instance, if you are located in the European Economic Area (“EEA”), we may store your personal information as described in this policy outside the EEA. Where we transfer EEA personal information to a third party located in a country not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission, to safeguard such personal information.
Please note that your personal information may be subject to the laws of the jurisdiction in which it is situated.
Our websites may contain links to other websites of interest. You should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
You are responsible for any transfers of data (including personal information) to third-party applications that you initiate within our Services. LEAP has no control over, and takes no responsibility for, the privacy practices or content of these applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.
You can always opt not to disclose information to us, but keep in mind some information may be needed to create a user account or to take advantage of some of the features of our Services, and other information about you may be collected automatically in connection with your use of our Services.
For personal information that we process on behalf of our customers, we are not responsible for and have no control over the privacy and data security practices of those customers, which may differ from those explained in this Policy. Except where the Privacy Act 1988 (Cth) (the “Australian Privacy Act”) applies, the data protection rights listed below do not apply to LEAP where we process personal information as a service provider or processor on behalf of a customer. If we process your personal information as a service provider or processor on behalf of a customer, and you wish to exercise any data protection rights you may have under applicable data protection laws, please inquire with the customer directly. Where the Australian Privacy Act applies to your personal information, you will have certain data protection rights regardless of whether LEAP is a data controller or data processor.
Marketing communications. You can opt-out of receiving certain marketing communications from us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting us using the details contained in the “Contact us” section at the beginning of this Policy. We may continue to send you non-promotional communications, such as service-related emails, billing information, and certain product updates via email.
“Do Not Track” signals. At this time, our Services do not support “do not track” signals (“DNT”) that may be available in your browser for letting websites know that you do not want them collecting certain kinds of information. If you turn on the DNT setting on your browser, our Services are not currently capable of following whatever DNT preferences you set. For more information about DNT, visit www.donottrack.us.
Data protection rights. In certain circumstances you may have rights under data protection laws in relation to your personal information that we hold about you – specifically:
These rights may differ depending on where you live or where your personal information is collected or held. For example, where the Australian Privacy Act applies, you will have the right to request access to and/or correction of your personal information, but not the other rights listed above.
We will grant your request to exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law and in accordance with the timeframes (if any) prescribed by that applicable law. You can submit a request to exercise the above-mentioned rights, or raise a question, comment or complaint, by contacting us using the contact details contained in the “Contact us” section at the beginning of this Policy. We reserve the right to request the provision of additional information necessary to confirm the identity of the enquirer. Subject to applicable law, you may also have a right to make a complaint to the authority responsible for data protection in your country.
Subject to applicable laws, you may exercise the above data subject rights through a legal representative or delegated person, in which case we will verify whether the requesting party is a duly authorised representative. We may reject such request if there is justifiable reason for rejection under applicable laws.
Your California Privacy Rights
California residents with an established business relationship with us are permitted by California law once a year to request information about the manner in which we shared certain categories of information with others for their marketing purposes during the prior calendar year.
We may share your personal information with others for their marketing use unless you tell us not to. To opt-out please email our Privacy Officer at [email protected] with the subject line “Californian Resident – Opt-Out Request” and your opt-out request. Please ensure that your request includes information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information). We will not share your information after we have received and processed your opt-out.
The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Verified California residents have the right to:
For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
The CCPA rights described above do not apply to information collected in the employment context about our current, former or prospective employees or contractors (who receive separate disclosures under the CCPA) or to information collected about California business contacts (employees, owners, directors, officers, or contractors of companies, sole proprietorships, and other entities collected in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such companies, sole proprietorships, or entities). California business contacts have the right to tell us not to sell their information; please see below for how to exercise this right.
Information collected, sources, and business purpose for collecting information. During the past 12 months we may have collected the following categories of personal information. This includes information that individuals provide to us directly, information we collect from automatically through the website, information that we collect when individuals interact with us such as through online postings, and information that we may collect from third parties such as service providers, affiliated companies, marketing, staffing, or data partners, or other third parties. It also includes information that we collect about employees and business partners and vendors from those individuals directly or from references, referrals or consumer reporting agencies. Not all information is collected from everyone who interacts with us. Information we collect is used for the business purposes described above in “How do we use information”.
Exercising your CCPA rights. To make a request for disclosure California residents may contact us by calling us at +(844) 702-5327 or emailing us at [email protected]. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavour to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 business days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
You may make a request for disclosure of our information collection practices, the specific information we collected about you, or our information sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.
We will not discriminate against you as a result of your exercise of any of these rights.
Using an Authorized Agent. You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorize the person to make the request on your behalf, (4) you verify your own identity directly with us and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
Personal information sales opt-out and opt-in rights. We do not sell your information for monetary consideration but we may transfer your information to a third party that provides us with services such as helping us with advertising, data analysis and security, which may fall under the definition of for “other valuable consideration” which may be considered a ‘sale’ under the CCPA. During the past 12 months we disclosed select which of the following categories were disclosed: identifiers, electronic network activity, commercial information, sensitive information, protected classification information, geolocation, biometrics, education or professional information, audio or video information, inferences from collected information with third parties such as advertising and analytics providers for a business purpose which falls within the definition of a ‘sale’. If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of individuals we know are less than 16 years of age. To exercise the right to opt-out, you (or your authorised representative) may submit a request to us by visiting the following page: Do Not Sell My Personal Information or calling us at +(844) 702-5327. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorise personal information sales.
We may transfer personal information for monetary consideration. If you would like to tell us not to sell your information in the future please email us at [email protected] with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.
If you believe that we have not complied with our obligations under this Policy or applicable data protection law, we ask that you contact us in the first instance to see if we can resolve the issue. We will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner. However, you may have the right to make a complaint to an authority responsible for data protection in your country (or the country in which your information is collected and/or held). For example, if you are a resident of: