Last updated: 1 August 2022
We take privacy seriously. When handling Personal Information, we will comply with the New Zealand Privacy Act 2020 (NZPA) and, where applicable, other Applicable Privacy Laws, such as the General Data Protection Regulation (EU) 2016/679 (GDPR).
WHAT PERSONAL INFORMATION DO WE COLLECT
We collect, hold and process two categories of Personal Information:
User Information is Personal Information contained in any User Data processed by us solely to provide the Service to our customers. Service is the service provided by us under our Terms of Service. User Data has the meaning given to that term, or the term Data, in our Terms of Service. We process this User Information as an agent for our customers (under the NZPA) and, if applicable, as a data processor (under the GDPR). Our customers act as the data controller in respect of all User Information, and are responsible for compliance with applicable privacy laws and for providing notice and/or obtaining the appropriate consents and approvals for us to lawfully process such information. We will not process User Information, except in accordance with the Terms of Service and any data processing agreements with our customers that govern the processing of such information.
Account and Marketing Information is Personal Information that we collect about you:
- in connection with the creation, administration and operation of an account you hold with LawVu;
- if you ask to receive information about us or our Service or sign up to receive LawVu communications, including those from our InView Community;
- in connection with LawVu marketing content or campaigns in which you participate, such as case studies;
- if you contact us directly (e.g. telephone call, Website enquiry form or email) or visit our Website; and/or
- if you participate in our customer feedback surveys.
Account and Marketing Information may include names, phone numbers, email addresses, location information, billing information, information about how you use the Website, the InView Magazine, the Service, IP addresses and/or other device identifying data, information contained in your correspondence with us and other information required to provide requested services or information, but does not include User Information. We are the data controller in respect of all Account and Marketing Information.
We do not intend to collect Personal Information from or about children under the age of 16. If you have reason to believe that we have collected information from or about a child, please contact our Privacy Officer at email@example.com.
WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM
We collect Personal Information from:
- you, when you provide that Personal Information to us, including via our Website and the Service, through any registration or subscription process, through any contact with us (e.g. telephone call, Website enquiry form or email) or when you use the Service;
- authorised users: when an authorised user within a customer’s organisation, or outside a customer’s organisation (for example, a Service Provider that accesses the Service at the request of a customer) inputs Personal Information into the Service (Authorised User);
- third parties where you have authorised this or where the information is publicly available. If possible, we will collect Account and Marketing Information from you directly; and
- your use of the Website and/or the Service, when you perform any action on, or interact with, any part of the Website or Service, including:
- clickstream data, which is a record of how you navigate or click through our Website or Service; and
HOW WE USE YOUR PERSONAL INFORMATION
- to create accounts within the Website and the Service;
- to provide our Website and Service and otherwise carry out our obligations under the Terms of Service;
- to bill you (or the customer on whose behalf you are acting) and to collect money that is owed, including authorising and processing credit card transactions;
and such processing is necessary for the performance of the contract between you (or the Client on whose behalf you are acting) and us.
We also process your Personal Information:
- to verify your identity;
- to communicate with you (including responding to feedback and information requests relating to the Website and the Service);
- to communicate with, and comply with our obligations to, our third-party service providers, suppliers and other users of our Website and Service;
- to send administrative messages, reminders, notices, updates, security alerts, and other information relevant to your use of the Website and/or the Service;
- to analyse and report on usage of the Website and Service, so we can improve the Website and Service;
- to send you marketing and promotional messages and other information that may be of interest to you where you have consented to receiving such material. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link) or by emailing us at firstname.lastname@example.org;
- to protect and/or enforce our legal rights and interests, including defending any claim; and
- to comply with our legal obligations, including any notification and reporting obligations and any access directions imposed on us by an applicable Government agency, law enforcement agency or regulatory authority,
and such processing is necessary for the purposes of a legitimate interest pursued by us, and we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms.
We may also process your Personal Information for such other purposes that are compatible with the original purposes described above, or that you otherwise consent to.
DISCLOSING PERSONAL INFORMATION
We may disclose your Personal Information to:
- service providers and suppliers who provide necessary goods and/or services to us, and any other partners who help us market and sell the Website and/or the Service - for instance to manage customer relations, send out newsletters and/or to process payments;
- any business that supports us, including hosting or maintaining any underlying IT system or data centre that we use to provide our Website and/or Service;
- other third parties to anonymise and aggregate statistical information;
- a person who can require us to supply Personal Information (e.g. a Government agency, regulatory authority or law enforcement agency);
- respond to due diligence requests and/or transfer Personal Information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business; and
- any other person or entity authorised by you.
When dealing with User Information, the above rights of disclosure will be subject to any applicable restrictions contained in our data processing addendum with the relevant customer.
TRANSFERS OF PERSONAL INFORMATION
If we transfer Personal Information to a third party located in a country outside the EEA that the European Commission has not recognised as providing adequate protection, we will enter into an agreement with that third party that contains the standard contractual clauses approved by the European Commission.
While we take reasonable steps to maintain secure internet connections, the supply of Personal Information over the internet is at your own risk.
USE OF THE LAWVU ADD-IN FOR GMAIL
The LawVu add-in for Gmail stores user email and attachment data in LawVu and adheres to the Google API Services User Data Policy, including the Limited Use requirements.
HOW LONG WE KEEP PERSONAL INFORMATION
We will keep your Personal Information:
- until we no longer have a valid reason for keeping it;
- until you request us to stop using it; or
- for as long as required by law e.g., we keep invoice information for 7 years to fulfil our tax obligations.
You should be aware that we do keep backups and logs for up to 12 months before they are automatically deleted.
COOKIES AND TRACKING
We use web analytic tools, such as Google Analytics, Hotjar, Pendo and Google Tag Manager, to collect information about use of our Website and LawVu Platform, with the goal of improving our Website and Platform. These web analytic tools collect information such as how often users visit the Website and Platform, what pages they visit when they do so, and what other sites they used prior to coming to the site.
We may use various technologies to collect and store information about you when you use the Website and/or the Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons, as elaborated below.
A cookie is a piece of information that our web server may send to your machine when you visit our Website. The cookie is stored on your device, but does not identify you or give us any information about your device.
The types of cookies we use may include:
- Strictly necessary cookies: These cookies are essential to the full functionality of our Website. They enable you to navigate around our Website and use its features. Without these cookies, you may not be able to access all the functions of our Website or the Service.
- Performance cookies: These cookies collect information about how you use our Website and the Service. All information these cookies collect is anonymous and only used to improve our Website and Service.
- Functionality cookies: These cookies allow our Website to remember the choices you make (for example, your user name, language or your region). Although these cookies are used to enhance the performance of our Website and Service, they are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
The length of time a cookie will stay on your browsing device depends on whether it is
a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies will stay on your browsing device until they expire or are deleted.
Web beacons are tiny graphics with a unique identifier that may be included on the Website for several purposes. For example, we may use web beacons to deliver or communicate with cookies, to track and measure the performance of the Website and Service, to monitor how many visitors view our Website, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on an individual’s hard drive, web beacons are typically embedded invisibly on web pages (or in an email). We use these web beacons to customise content and advertising and to analyse traffic to our Website.
PROTECTING PERSONAL INFORMATION
We take the protection of Personal Information seriously and we will take reasonable steps (using physical, electronic and procedural safeguards) to keep Personal Information in our possession safe from loss, unauthorised activity, or other misuse. Staff who handle your Personal Information are provided with training on how to do so appropriately.
You can find out more about our security practices at https://lawvu.com/trust-center/.
You have the right to access your readily retrievable Personal Information that we hold about you, and to ask for it to be corrected if you think it is wrong or to be deleted.
If you are based in the EEA you have the right, under the GDPR, to:
- in certain circumstances, have your Personal Information erased;
- restrict the processing of your Personal Information;
- move, copy or transfer your Personal Information easily for your own purposes across different services in a safe and secure way;
- object to processing where we rely on our legitimate interests as the lawful basis for processing;
- withdraw your consent at any time, where our processing of your Personal Information is based on consent; and
- lodge a complaint with an appropriate supervisory authority, if you consider that our processing of your Personal Information has breached the GDPR.
We will respond to any request made in respect of the above in accordance with the Applicable Privacy Laws. However, if we receive any data subject requests relating to User Information (e.g. requests to access or correct Personal Information), we will forward these requests to the relevant customer. Our customers control and are responsible for correcting, deleting or updating the User Information they process using the Service.
Please note that in certain circumstances we may refuse to respond to a rights request where we have the right to do so under the GDPR, for example, where a request is manifestly unfounded or excessive.