Last updated: 31 May 2023
The Justice Platform Ltd. t/a Legl (“Legl”) may engage and use certain third-party data processors in providing the Services, as described in the Legl Services Agreement (“LSA”). This Policy provides important information about the identity and role of each Sub-Processor.
This Policy does not give Clients any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Legl’s engagement process for sub-processors as well as to provide the list of principal third-party sub-processors used by Legl in the delivery and support of the Services as at the date of this Policy.
Terms used in this Policy but not defined have the meaning set forth in the LSA.
Due Diligence
Legl undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors.
Contractual Safeguards
Legl generally requires its sub-processors to satisfy equivalent obligations as those required by Legl as set forth in the LSA, including but not limited to the requirements to:
- process Personal Data in accordance with data controller’s (i.e., Client’s) documented instructions (as communicated in writing to the relevant sub-processor by Legl);
- comply with the Privacy Laws and any other legislation that may be applicable;
- in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- implement and maintain appropriate technical and organisational measures
- promptly inform Legl about any actual or potential security breach; and
- cooperate with Legl in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
Process to Engage New Sub-processors
Legl will provide notice via email or within your Legl environment of updates to this Policy, including updates to the list of sub-processors utilised or which Legl proposes to utilise to deliver its Services. Legl undertakes to keep this list updated regularly to enable its Clients to stay informed of the scope of sub-processing associated with the Services.
A Client may object in writing to the processing of its Personal Data by a newly appointed sub-processor within ten calendar days following the update of this Policy and such objection shall describe Client’s legitimate reason(s) for objection. If a Client does not object during such time period, the new sub-processor(s) shall be deemed accepted.
Legl’s Sub-Processors
Legl’s sub-processors are best-in-class and have been selected based on their reliability and security. As of 31 May 2023, Leg’s principal sub-processors in respect of the Services include:
| Sub-Processor Name | Processing Activities |
| Amazon Web Services EMEA SARL | Cloud services provider |
| IVXS UK Ltd (ComplyAdvantage) | Identity verification solution |
| Creditsafe Business Solutions Limited | Business verification solution |
| Equifax Limited | Identity verification solution |
| Heroku Inc | Cloud services provider |
| Onfido Limited | Identity verification solution |
| Dropbox International Unlimited Company (HelloSign) | eSignature solution |
| TrueLayer Limited | Account information service provider |
Legl’s Partners
Our payment administration system is powered by Stripe Payments Europe, Ltd., which maintains best in class PCI Level 1 certification and is regulated by the Financial Conduct Authority (the “FCA”). Banked Ltd. provides open banking payment initiation services, and is also regulated by the FCA.
Depending on the context of the processing, each of Stripe and Banked act as either a controller or processor of Personal Data.
Updates to Our Sub-Processors
13 April 2023: Appointment of Equifax as Sub-Processor
As of 27 April 2023, The Justice Platform Ltd t/a Legl (“Legl”) will be engaging Equifax Limited as a new sub-processor. Equifax provides consumers with a wide range of solutions including consumer credit monitoring and identity theft prevention. Legl will be using Equifax’s database to provide our clients with results for county court and bankruptcy judgements and debt collection searches.
Equifax’s Commitment to Privacy
Equifax is committed to being an industry leader in security and has obtained numerous security certifications and authorisations including PCI DSS, ISO 27001, SOC 1, SOC 2, and FISMA. Further information about Equifax’s commitment to privacy, and how they manage compliance with their obligations can be found in their privacy policy here, and in their security annual report here.
Further Information
We don’t require you to take any action relative to this update – Legl will commence offering the additional services from the effective date provided above. In accordance with this Policy and the Privacy Laws, you have the right to object to the use of sub-processors. However, you must do so within ten days of this notice.
If you choose to object or have any other questions, please reach out to us at [email protected] and we will be glad to assist you with your request.
