At Legl, we value your privacy and the importance of safeguarding your data. This Privacy Policy explains what information we collect, why and how we collect it, what we do with it, and how we keep it secure.

Our Privacy Policy explains the following:

  1. Who we are, and how you can contact us
  2. What this Privacy Policy covers
  3. Who we collect Personal Data from:

    • General Data
    • Law Firm Users
    • End Users
  4. How we share your Personal Data
  5. Our security measures
  6. How long do we keep your Personal Data for?
  7. Transfers outside of Australia
  8. Cookies
  9. Rights of the Data Subject
  10. Complaints
  11. Amendments or updates to this Privacy Policy

Please make sure you read this Privacy Policy in conjunction with our Terms of Use.

1. Who we are and how can you contact us

Legl is the trading name of the legal entity The Justice Platform AU Pty Ltd (ACN 690 589 158).  In this Privacy Policy, “Legl”, “we”, “us” and “our” refer to The Justice Platform AU Pty Ltd (ACN 690 589 158). 

Legl is subject to the Privacy Act 1988 (Cth) and all similar or related legislation, including the Australian Privacy Principles (collectively, the “Data Protection Legislation”).

You can contact us about issues relating to your Personal Data, including the contents of this Privacy Policy, by any of the following methods:

Email: info@legl.com

Address: The Justice Platform AU Pty Ltd, WeWork, 161 Castlereagh Street, Sydney, NSW 2000, Australia

2. What this Privacy Policy covers

This Privacy Policy explains how we collect, use and disclose Personal Data that we obtain about you in connection with your interactions with us and our service providers, or which we are otherwise provided with by third-party law firms which engage us to provide services (each, a “Law Firm”).

Personal Data” means any information or opinion relating to an identified or reasonably identifiable individual (“Data Subject”), whether true or not, and whether recorded in a material form or not, as further set out in the Data Protection Legislation. Examples of Personal Data include name, email address, identification card number, location data, an online identifier or one or more factors relating specifically to the economic, cultural or social identity of the individual.  The specific Personal Data we collect is covered in Sections 3(a), (b) and (c) below.

You can be assured that your Personal Data will only be used by Legl in accordance with this Privacy Policy.

This Privacy Policy does not apply to third-party applications, websites, products, services, or platforms (“Third Party Sites”) that may be accessed through links provided to you. These Third Party Sites are owned and operated independently from us, and they have their own separate privacy and data collection practices. Any Personal Data that you provide to a Third Party Site will be covered by the third-party’s own privacy policy and we encourage you to read such policies before sharing your Personal Data. We cannot accept liability for the actions or policies of these third parties and we are not responsible for the content or privacy practices in connection with such Third Party Sites.

3. Who we collect Personal Data from

This part 3 of the Privacy Policy is divided as follows:

Section (a) – General Data: This Section is relevant if you visit our website or if we acquire information from you through our day-to-day business.

Section (b) – Law Firm Users: This Section is relevant if you are engaged or otherwise employed by a Law Firm and you access the Legl Services on the Law Firm’s behalf (each, a “Law Firm User”).

Section (c) – End Users: This Section is relevant if you are an individual being represented or otherwise assisted by a Law Firm and access the Legl Services via a request or link from such Law Firm (each, an “End User”).

Please read the General Data section as well as any other section relevant to you.

Particularly where you are merely using general parts of our website, it may be possible to remain anonymous when you interact with Legl.  However, in most cases, it is not practicable, and in some cases may not be possible, for us to deal with you where you have not identified yourself.  This includes all individuals using the Legl Services.

a. General Data

What Personal Data do we collect?

When you visit our website, www.legl.com, we may collect and process information about your activity on and interaction with the website, such as your IP address, details of the device or browser you use to access the website and details of your activity on the website.

If you sign up for news and marketing updates from us via our website, e-mail, or other marketing tools such as marketing automation platforms we will collect your name and your email address and any additional Personal Data you provide us. The Personal Data collected enables us to identify subscribers through a combination of the information provided during the sign-up process. Depending on the marketing tools that we use to facilitate the sign-up process, we may on occasion use a third-party data processor to process the Personal Data of Subscribers. In such circumstances, subscribers will be made aware of this during the sign-up process and asked to provide consent accordingly.  Thereafter, provided consent is given, any use of Personal Data collected in this manner will be used or shared pursuant to Legl’s legitimate interests.

If you contact Legl via Twitter, LinkedIn, Facebook or any other social platform, please note that the information that you provide to us (including any Personal Data) will be shared with us via the relevant social media platform.

When you communicate with us, such as by email or phone, we will collect Personal Data that you provide to us, which may include your name, contact details and the details of your communication with us.

How do we use this Personal Data?

Our legal basis for collecting and using the Personal Data is dependent on the type of Personal Data used and how it is collected.  We will generally collect Personal Data from you only where the Personal Data is reasonably necessary for our business functions and activities.  

In particular, we process your Personal Data in this manner:

  • to respond to your enquiries;
  • to provide you with news updates about the Legl Services and industry news (where you have consented to us providing this to you);
  • to manage risk or prevent other illegal or prohibited activities; and
  • to facilitate your use of our website, and to resolve issues or fix problems on our website.

In some cases, we may also have a legal obligation to collect Personal Data from you. If we ask you to provide Personal Data to comply with a legal requirement or to perform our obligations under a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).  It is likely that if we are obliged to collect Personal Data from you and you choose not to provide it, we will not be able to provide you with the services you have requested.

If you change your mind about us using your Personal Data in the ways described in this Privacy Policy, please let us know by contacting us using the details set out above. You may also opt out of receiving marketing emails from us by following the instructions outlined in any marketing email you receive from us.

b. Law Firm Users

During the on-boarding process we will collect the name and business contact details of Law Firm Users who will be using the Legl Services. We may collect this Personal Data from the Law Firm or directly from you and may share your Personal Data with the Law Firm as required to perform our contract with Law Firms and provide the Legl Services to the Law Firms.

The processing of such Personal Data in this manner is necessary for Legl to perform the contract it has with the relevant Law Firm and to provide the Legl Services to the Law Firm and Law Firm Users. In particular, we may use your Personal Data to contact you on behalf of the Law Firm to facilitate payment of your fees to the Law Firm.

If we do not collect this Personal Data, we cannot provide the Legl Services to the Law Firm or to the relevant Law Firm User.

c. End Users

Legl processes Personal Data of End Users on behalf of the Law Firms.  Law Firms engage the services of Legl to provide onboarding, client lifecycle management, risk management, compliance and payments services (collectively, the “Legl Services”) to their clients.  Please refer to our Terms of Use for further information regarding the processing activities we undertake when providing the Legl Services.

The Personal Data we collect in respect of End Users includes your name, email address, identification card number, location data, IP address, credit card information, home address, ID documentation,  photographs and any other Personal Data contained in any documents that are uploaded by you into the system.  We may also collect credit reports about End Users from third parties.

We will share your Personal Data with: 

  • the Law Firm who has purchased the Legl Services from us where necessary for those Legl Services. The Law Firm is responsible for obtaining the relevant consents from you and ensuring that you are happy with the ways in which your Personal Data will be used by the Law Firm. Please refer to the Law Firm’s privacy statement for further information in this regard; and
  • sub-processors, such as Frankie Financial Pty Ltd, the Commonwealth of Australia acting and represented by the Attorney-General’s Department, Austroads Ltd and Registries of Births, Deaths and Marriages in Australian States and Territories and other entities holding official identity records where necessary for the purposes of providing the Legl Services.  A list of all sub-processors and our sub-processor policy can be found at https://legl.com/en-au/sub-processors

Legl does not collect any financial or biometric data from you.  Where you are required to provide such information in connection with the Legl Services, it is provided directly to our sub-processors as notified above.  

Depending on the activities that Legl has been engaged by the Law Firm to undertake, Legl may collect Personal Data about End Users from: 

  • sub-processors;
  • you directly, including where you interact with our system; and/or
  • the Law Firm who has purchased the Legl Services from us.

If we do not process your Personal Data, we will not be able to provide the Legl Services and you may not be able to continue your relationship with the Law Firm.

Where sub-processors are involved, these are best-in-class and have been selected based on their reliability and security. Prior to working with any sub-processor, Legl ensures that they comply with the Data Protection Legislation or any other relevant data protection legislation that may be applicable. For further information regarding our sub-processors and the appointment process, please refer to Legl’s Sub-Processor Policy.

The Personal Data provided to Legl may be processed for one or more of the following purposes:

  • to perform our contract with Law Firms and provide the Legl Services to the Law Firms;
  • to enable the Law Firms to identify and/or verify the identity of End Users in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (Cth) (and any other applicable laws and regulations);
  • to comply with legal and regulatory obligations applicable to the Law Firms; and/or
  • for any other specific and permitted purposes requested by the Law Firms.

4. How we share your Personal Data

We will never sell your Personal Data. We never post anything to your Facebook, Twitter, or other third-party public accounts without your permission.  We will not pass on your Personal Data to third parties except in accordance with this Privacy Policy and our Terms of Use.

Where it is necessary for the performance of our contract with Law Firms or for our internal business processes, we may share your Personal Data with our contractors and/or third-party partners, including to use the Document Verification Service (DVS) to verify (on behalf of the relevant Law Firm) whether the identity documents that you provide match the official record, which may involve the use of third party systems and services.  We will only use the DVS to assess the End User’s identity documents against records held in the DVS and to provide the Law Firm with an opinion as to this assessment.

In addition, it may be necessary for us to disclose your Personal Data in order to:

  • fulfil our regulatory, contractual, legal and/or compliance obligations;
  • enforce our Terms of Use (and any other relevant agreements); or
  • protect the rights, property and/or safety of Legl, our affiliates and our contractors, directors, employees or other personnel.

If we disclose Personal Data, we will only do so insofar as it is reasonably necessary for the purposes for which we have collected it or for the purposes listed above.

5. Our security measures

The Personal Data you provide to us will be transferred to and stored securely on AWS servers. AWS employs its own physical and network security measures and its data centres undergo annual certifications to ensure they meet appropriate standards of physical and virtual security. You can find more information regarding AWS’ security practices here.

We take robust technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our website and the Legl Services, taking into account the likelihood and severity those risks might pose to your rights and freedoms.  In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the Personal Data transmitted, stored or otherwise processed by us.

6. How long do we keep your Personal Data for?

We will only keep your Personal Data for: 

  • where you are a Law Firm User or End User, the duration of our contract with the Law Firm; or 
  • as long as we reasonably require to fulfil the purpose for which the Personal Data was collected, and that’s in our legitimate interests. 

Notwithstanding the above, where we collect facial images of you for the purposes of identity verification through the DVS, we take steps to destroy all such facial images after providing those services. Any such facial images will not be used by us for any other purpose other than as set out in this Privacy Policy.  Where we disclose your Personal Data (including facial images) to third parties, including the relevant Law Firm, the third party will maintain that Personal Data in accordance with their own privacy policies.

In any event, the Personal Data will be retained only for as long as the Data Protection Legislation allows, subject to any legal or regulatory obligations to maintain records beyond this period.

In addition, either upon request by the Law Firm or when Legl (or any of our engaged third party service providers) no longer needs to process Personal Data (whichever is earlier), Legl will cease all use of the Personal Data and will destroy the Personal Data (unless retention of any such Personal Data is required by applicable law, including any applicable Data Protection Legislation).

7. Transfers outside of Australia

In processing your Personal Data, it may be necessary for us to transfer your Personal Data outside Australia – in particular to the United Kingdom, the United States and within Europe. It may also be accessed by personnel operating outside Australia who work for us or for one of our sub-processors. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside Australia.

This means that we will only transfer your Personal Data to third parties located outside Australia if:

  • we reasonably believe that the recipient is subject to legal obligations to protect the Personal Data in substantially the same way as under the Australian Privacy Principles and you can enforce those obligations;
  • that third party has agreed (by way of written contract) to provide all protections to your Personal Data as required by the Data Protection Legislation; or
  • we otherwise have a legal basis for doing so.

8. Cookies

A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s device. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tells a website when the user has returned.

When visiting our website, you will be asked to provide consent to the use of cookies. We use cookies for web analytics purposes to understand our website usage by all visitors to our website, to improve the content and offerings on our website.  In particular, we use the following cookies:

  • Essential cookies: these are cookies that are required for the operation of our website
  • Analytical/performance cookies: these cookies collect information about how visitors use our Website, for instance which pages visitors go to most often, and if they get error messages from web pages. Information collected by these cookies is aggregated and therefore anonymous. It is only used to improve how the Website works
  • Communications cookies: these cookies save your settings across logins and help us track the performance of our communications and support. 
  • Sharing cookies: these cookies allow you to interact with third party services such as Twitter, You Tube and LinkedIn
  • Advertising cookies: these are cookies used for advertisement targeting purposes and to track the performance of our online advertising

When you provide Personal Data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise, cookies that we use enable us to identify the internet protocol address which is classed as pseudonymous identifier and therefore a form of Personal Data. In accepting the content of this Privacy Policy upon the upload of information, you are consenting to the use of cookies for this purpose.

Anyone subject to this Privacy Policy may at any time withdraw their consent to the use of cookies by sending a request to us at the notice details above. Alternatively, you may wish to disable cookies on this website. This can be done by consulting the help section of your browser or visiting www.aboutcookies.org which offers guidance for all modern browsers.

For further information regarding our use of cookies, please refer to Legl’s Cookie Policy.

9. Rights of the Data Subject

The Data Protection Legislation provides you with the following rights:

  • the right to access your Personal Data or to get a copy of it;
  • the right to have your Personal Data rectified if it is inaccurate or incomplete;
  • the right to object to the processing of your Personal Data in certain circumstances and withdraw any consent you have given (although in order to comply with our legal obligations we may not always be able to do this).

To exercise these rights, you can contact Legl at the notice details above.  For End Users, these rights may also be exercisable against the Law Firm as per the privacy statement of the Law Firm.

If you would like additional information about the operation of the DVS, you can contact the DVS Manager at DVS.Manager@ag.gov.au or visit the IDMatch website at https://www.idmatch.gov.au/.

10. Complaints

Should you have any queries or complaints in relation to how we use your Personal Data, please contact us using the details set out above. We will respond within a reasonable period of time –usually less than 30 days. Should you wish to take any complaints or queries further, you have the right to contact Australia’s supervisory authority, the Office of the Australian Information Commissioner Office regarding such issues at oaic.gov.au, by calling 1300 363 992 or emailing enquiries@oaic.gov.au.

11. Amendments or updates to this Privacy Policy

Legl reserves full rights to amend or update this Privacy Policy without prior notice from time to time to meet any change in any of the relevant laws or the regulatory environment, or business needs. Updated versions will be posted to the Legl website and date stamped so that you are always aware of when the Privacy Policy was last updated. The whole content of this Privacy Policy will then be construed accordingly in conjunction with such amended or updated versions.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DenyAccept