Privacy Policy

Last updated 11 August 2022

At Legl, we value your privacy and the importance of safeguarding your data. This Privacy Policy explains what information we collect, why and how we collect it, what we do with it, and how we keep it secure.

Our Privacy Policy explains the following:

  1. Who we are, and how you can contact us 
  2. What this Privacy Policy covers 
  3. Who we collect Personal Data from 
    • General Data
    • Law Firm Users
    • End Users
  4. How we share your Personal Data 
  5. Our security measures
  6. How long do we keep your Personal Data for? 
  7. Transfers outside of the United Kingdom 
  8. Cookies 
  9. Rights of the Data Subject 
  10. Complaints 
  11. Acceptance of Privacy Policy 
  12. Amendments or updates to this Privacy Policy 

Please make sure you read this Privacy Policy in conjunction with our Terms of Use.

1. Who we are and how can you contact us

Legl is the trading name of the legal entity The Justice Platform Ltd.  In this Privacy Policy, “Legl”, “we”, “us” and “our” refer to The Justice Platform Ltd, registered in England and Wales under number 09534141 and with registered office at Office 7, 35-37 Ludgate Hill, London, England, EC4M 7JN. Legl is registered with the Information Commissioner’s Office, with registration number ZA115706.  

Legl is subject to the UK Data Protection Act 2018, the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419), the Privacy and Electronic Communications (EC Directive) Regulations 2003, and all similar or related legislation (collectively, the “Data Protection Legislation”).

You can contact us about issues relating to your Personal Data, including the contents of this Privacy Policy, by any of the following methods:

Email: [email protected]
Office 7, 35-37 Ludgate Hill, London, England, EC4M 7JN

2. What this Privacy Policy covers 

This Privacy Policy explains how we collect and process Personal Data that we obtain about you in connection with your interactions with us and our sub-processors, or which we are otherwise provided with by third-party law firms which engage us to provide services (each, a “Law Firm”).

Personal Datameans any information relating to an identified or identifiable individual (“Data Subject”), as further set out in the Data Protection Legislation. Examples of identifiers we process are name, email address, identification card number, location data, an online identifier or one or more factors relating specifically to the economic, cultural or social identity of the natural person.  The specific type of Personal Data we collect is covered in Sections 3 (a), (b) and (c) below. 

You can be assured that your Personal Data will only be used by Legl in accordance with this Privacy Policy.

This Privacy Policy does not apply to third-party applications, websites, products, services, or platforms that may be accessed through links provided to you. These sites are owned and operated independently from us, and they have their own separate privacy and data collection practices. Any Personal Data that you provide to these websites will be covered by the third-party’s own Privacy Policy and we encourage you to read such policies before sharing your Personal Data. We cannot accept liability for the actions or policies of these independent sites and are not responsible for the content or privacy practices of such sites.

3. Who we collect Personal Data from

This Privacy Policy is divided as follows:

Section (a) – General Data: This Section is relevant if you visit our website or if we acquire information from you through our day-to-day business.

Section (b) – Law Firm Users: This Section is relevant if you are engaged or otherwise employed by a Law Firm and you access the Legl Services on the Law Firm’s behalf.

Section (c) – End Users: This Section is relevant if you are an individual being represented or otherwise assisted by a Law Firm and access the Legl Services via a request or link from such Law Firm.

Please read the General Data section as well as any other section relevant to you. 

(a) General Data 

What Personal Data do we collect?

When you visit our website, www.legl.com, we may collect and process information about your activity on and interaction with the website, such as your IP address and details of the device or browser you use to access the website. 

If you sign up for news and marketing updates about our business via our website, e-mail, or other marketing tools such as marketing automation platforms we will collect your name and your email address and any additional Personal Data you provide us. The Personal Data collected enables us to identify subscribers through a combination of the information provided during the sign-up process. Depending on the marketing tools that we use to facilitate the sign-up process, we may on occasion use a third-party data processor to process the Personal Data of Subscribers. In such circumstances, subscribers will be made aware of this during the sign-up process and asked to provide consent accordingly.  Thereafter, provided consent is given, any use of Personal Data collected in this manner will be used or shared pursuant to Legl’s legitimate interests. 

If you contact Legl via Twitter, LinkedIn, Facebook or any other social platform, please note that the information that you provide to us (including any Personal Data) will be shared via the relevant social media platform.

In all instances described above, Legl acts as the data controller of such Personal Data.

How do we use this Personal Data?

Our legal basis for collecting and using the Personal Data is dependant on the type of Personal Data used and how it is collected.  We will generally collect Personal Data from you only where you have provided your consent, where the processing is in our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms.  

In particular, we process your Personal Data in this manner on the basis that we have a legitimate interest:

  • to respond to your enquiries;
  • to provide you with news updates about the Legl Services and industry news;
  • to manage risk or prevent other illegal or prohibited activities; and
  • to resolve issues or fix problems on our website.

In some cases, we may also have a legal obligation to collect Personal Data from you. If we ask you to provide Personal Data to comply with a legal requirement or to perform our obligations under a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

If you change your mind about us using your Personal Data in the ways described in this Privacy Policy, please let us know by contacting us using the details set out above. You may also opt out of receiving marketing emails from us by following the instructions outlined in any marketing email you receive from us.

(b) Law Firm Users

During the on-boarding process we will collect the business contact details of Law Firm personnel who will be using the Legl Services (“Law Firm User”). The processing of such Personal Data in this manner is necessary for Legl to perform the contract it has with the relevant Law Firm and to provide the Legl Services to the Law Firm Employees. In this respect, Legl acts as the data controller of such Personal Data.

(c) End Users

For the purposes of the Data Protection Legislation, Law Firms are deemed data controllers and Legl is a data processor, which means that we process Personal Data on behalf of the Law Firms.  Law Firms engage the services of Legl to provide onboarding, client lifecycle management, risk management, compliance and payments services (collectively, the “Legl Services”) to their clients (clients of Law Firms shall be referred to as the “End User(s)”).  Please refer to our Terms of Use for further information regarding the processing activities we undertake when providing the Legl Services.

We will share your Personal Data with the Law Firm who has purchased the Legl Services from us. The Law Firm is responsible for obtaining the relevant consents from you and ensuring that you are happy with the ways in which your Personal Data will be used. Please refer to the Law Firm’s privacy statement for further information in this regard. 

Depending on the activities that Legl has been engaged by the Law Firm to undertake, Legl may use sub-processors to collect certain Personal Data, including your name, email address, identification card number, location data, IP address, credit card information, home address, ID documentation, biometric data (i.e., a photo) and any other Personal Data contained in any documents that are uploaded by you into the system.  

Where sub-processes are involved, these are best-in-class and have been selected based on their reliability and security. Prior to working with any sub-processor, Legl ensures that they comply with the Data Protection Legislation or any other relevant data protection legislation that may be applicable.  As of the date of this Privacy Policy, our principal sub-processors include:

  • Stripe (payments processor): Stripe maintain best in class PCI Level 1 certification and are regulated by the Financial Conduct Authority (“FCA”);
  • Banked (payments processor): Banked has achieved Cyber Essentials Plus certification and are regulated by the Financial Conduct Authority (“FCA”);
  • Onfido (identity verification solution): Onfido are ISO27001 certified and maintain SOC 2 Type II compliance;
  • ComplyAdvantage (identity verification solution): ComplyAdvantage are ISO27001 certified and maintain SOC 2 Type II compliance;
  • Creditsafe (business verification solution): Creditsafe are ISO27001 certified and are regulated by the FCA; 
  • HelloSign (eSignature solution): HelloSign stores data in SOC 1 Type II, SOC 2 Type I, and ISO27001 certified data centresl; and
  • TrueLayer (AISP services): Truelayer is regulated by the FCA and is certified as ISO27001 compliant.

The Personal Data provided to Legl may be processed for one or more of the following purposes:

  • to perform our contract with Law Firms and provide the Legl Services to the Law Firms;
  • to enable the Law Firms to identify and/or verify the identity of End Users in accordance with the Sanctions and Anti-Money Laundering Act 2018 and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (and any other applicable laws and regulations);
  • to comply with legal and regulatory obligations applicable to the Law Firms; and/or
  • for any other specific purposes requested by the Law Firms.

4. How we share your Personal Data

We will never sell your Personal Data. We never post anything to your Facebook, Twitter, or other third-party accounts without your permission.  We will not pass on your Personal Data to third parties except in accordance with this Privacy Policy and our Terms of Use.

Where it is necessary for the performance of our contract with Law Firms or for our internal business processes, we may share your Personal Data with our contractors and/or third-party partners.  

In addition, it may be necessary for us to disclose your Personal Data in order to: 

  • fulfil our regulatory, contractual, legal and/or compliance obligations; 
  • enforce our Terms of Use (and any other relevant agreements); or 
  • protect the rights, property and/or safety of Legl, our affiliates and our contractors, directors, employees or other personnel. 

If we share Personal Data, we will only do so insofar as it is reasonably necessary for the purposes for which we have collected it.

5. Our security measures 

The Personal Data you provide to us will be transferred to and stored securely on AWS servers. AWS employs its own physical and network security measures and its data centres undergo annual certifications to ensure they meet the highest standards of physical and virtual security. You can find more information regarding AWS’ security practices here.

We take robust technical and organisational measures to ensure a level of security appropriate to the risk that could be countered via the use of our website and the Legl Services, taking into account the likelihood and severity those risks might pose to your rights and freedoms.  In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the Personal Data transmitted, stored or otherwise processed by us. 

For example, Personal Data is encrypted at rest and any data sent is encrypted over HTTPS. Payments are processed with Strong Customer Authentication (SCA) in line with the latest payments regulation PSD-2.  All of our systems are protected by strong passwords and multi-factor authentication where available. 

6. How long do we keep your Personal Data for?

We will only keep your Personal Data for the duration of our contract with the Law Firms or as long as we reasonably require to fulfil the purpose for which the Personal Data was collected, and that’s in our legitimate interests. In any event, the Personal Data will be retained only for as long as the Data Protection Legislation allows. 

In addition, either upon request by the Law Firm or when Legl (or any of our engaged third party service providers) no longer needs to process Personal Data (whichever is earlier), Legl will cease all use of the Personal Data and will destroy the Personal Data (unless retention of any such personal data is required by applicable law, including any applicable Data Protection Legislation).

7. Transfers outside the United Kingdom

In processing your Personal Data, it may be necessary for us to transfer your Personal Data outside the United Kingdom. It may also be accessed by employees operating outside the United Kingdom who work for us or for one of our sub-processors. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside the United Kingdom. 

This means that we will only transfer your Personal Data to third parties located outside the United Kingdom if: 

  • that third party is situated in a country that has been confirmed by the United Kingdom government to provide adequate protection to Personal Data; 
  • that third party has agreed (by way of written contract) to provide all protections to your Personal Data as required by the Data Protection Legislation; or 
  • we otherwise have a legal basis for doing so.

8. Cookies

A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tells a website when the user has returned.

When visiting our website, you will be asked to provide consent to the use of cookies. We use cookies for web analytics purposes to understand our website usage by all visitors to our website, to improve the content and offerings on our website.  In particular, we use the following cookies:

  • Essential cookies: these are cookies that are required for the operation of our website
  • Analytical/performance cookies: these cookies collect information about how visitors use our Website, for instance which pages visitors go to most often, and if they get error messages from web pages. Information collected by these cookies is aggregated and therefore anonymous. It is only used to improve how the Website works
  • Communications cookies: these cookies save your settings across logins and help us track the performance of our communications and support. Information collected by these cookies is aggregated and therefore anonymous
  • Sharing cookies: these cookies allow you to interact with third party services such as Twitter, You Tube and LinkedIn
  • Advertising cookies: these are cookies used for advertisement targeting purposes and to track the performance of our online advertising

When the End User provides Personal Data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise, cookies that we use enable us to identify the internet protocol address which is classed as pseudonymous identifier and therefore a form of Personal Data. In accepting the content of this Privacy Policy upon the upload of information, you are consenting to the use of cookies for this purpose.

Anyone subject to this Privacy Policy may at any time withdraw their consent to the use of cookies by sending a request to us at the notice details above. Alternatively, you may wish to disable cookies on this website. This can be done by consulting the help section of your browser or visiting www.aboutcookies.org which offers guidance for all modern browsers.

9. Rights of the Data Subject

The Data Protection Legislation provides you with the following rights:

  • the right to access your Personal Data or to get a copy of it;
  • the right to have your Personal Data rectified if it is inaccurate or incomplete;
  • the right to request deletion or removal of your Personal Data (although in order to comply with our legal obligations we may not always be able to do this);
  • the right to restrict processing of your Personal Data;
  • the right to data portability to enable the moving, copying or transferring of your Personal Data from one platform to another;
  • the right to object to the processing of your Personal Data in certain circumstances and withdraw any consent you have given; and
  • rights relating to profiling and automated decision making resulting from the processing of your Personal Data.

For End Users, these rights are exercisable against the Law Firm and any queries should be directed to the relevant contact as per the privacy statement of the Law Firm.

Individuals covered by the General Section above and Law Firm Users may exercise these rights by sending a request to the Data Protection Officer at the notice details above. 

10. Complaints 

Should you have any queries or complaints in relation to how we use your Personal Data, please contact us using the details set out above. Should you wish to take any complaints or queries further, you have the right to contact the UK’s supervisory authority, the Information Commissioner’s Office regarding such issues.  For more details you can visit their website at https://ico.org.uk/

11. Acceptance of Privacy Policy

Please note that by providing Personal Data to Legl, you are accepting the practices described in this Privacy Policy and agree to the processing of your Personal Data by Legl as described in this statement.

12. Amendments or updates to this Privacy Policy

Legl reserves full rights to amend or update this Privacy Policy without prior notice from time to time to meet any change in any of the relevant laws or the regulatory environment, or business needs. Updated versions will be posted to the Legl website and date stamped so that you are always aware of when the Privacy Policy was last updated. The whole content of this Privacy Policy will then be construed accordingly in conjunction with such amended or updated versions.

Arrow-up