Privacy Policy

Lawyer In Privacy and Confidentiality Policy

General Information and Cooking Policy

Lawyer In is an online platform that facilitates connections between lawyers from different countries. Lawyer In organizes conferences or webinars on legal topics, makes legal information available to lawyers or the general public through articles or newsletters, and markets lawyers by making their profiles visible at national and international levels. Since the legal systems differ, lawyers are reluctant to engage cases from other countries and jurisdictions. The Lawyer In platform makes it easier for lawyers to find partners from other countries. In this way, any lawyer can engage in lawsuits with extraneous elements much more easily. Through the Lawyer In platform, lawyers can create connections on scientific, research, professional, or even personal topics. Using the Lawyer In platform, lawyers also will be able to participate in conferences or webinars. Lawyer In also contains a powerful search tool that supports clients who want to find the right Lawyer. The search for a lawyer is completed by following two criteria: the location and the legal issue for which the client wants a lawyer. For the purposes presented above, Lawyer In collects the data of the lawyers. Thus, lawyers who create an account and subsequently build a profile on the Lawyer In platform will be visible to the general public and fellow lawyers. The data we collect from lawyers when creating the account are the following: name, email, and the legal form of exercising the profession. Once the account is created, the Lawyer has the opportunity at his discretion to complete his profile with any or all of the following data: the bar or law society where he/she is registered, professional experience, the approximate number of lawsuits, the approximate number of successful cases, the availability to work 24/7, the availability for travel, studies, awards and certificates, publications, foreign languages ​, main legal specialization, secondary specializations, age, website, email, phone number, a photo. A password secures the account.Lawyer In is a controller of your personal data. We respect your data, and your privacy is important to us. This Privacy Notice explains what personal data we collect and how it is used. This notice also explains your rights over your personal data and how you can use those rights.You have several rights under UK data protection legislation that, in certain circumstances, you may be able to exercise concerning the personal information we process about you.

Our websites and app use cookies and similar technologies to improve functionality, recognize you, and customize your experience. You can reject and block cookies in your browser settings.

1. Introduction

1.1 The "Lawyer In" is an online platform addressing the general public, particularly law professionals or anyone interested in law.

1.2 The personal data we collect, how it is used and sent, and users' choices about that data can be found in this policy.

1.3 The data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organisational measures ('integrity and confidentiality)

2. Data collection and database processing

2.1 Lawyer In undertakes to protect the confidentiality and security of the personal data of all users, acting only within the limits of the legal provisions of the GDPR UK, particularly under the Data Protection Act 2018 (DPA 2018).

2.2 The following data may be collected from users:

a) user profile: we collect data when users create or update their Lawyer In accounts (name, email address, the form of profession, password, and then, at the Lawyer latitude: phone number, address, profile photo, and others as they described in the General Information Section);

b) data about users: user content ( photos or other records collected by users); other data (dates and times of access by users, platform functions or pages viewed, situations in which the platform did not work).

2.3 The data collected is processed lawfully, fairly, and in a transparent manner concerning individuals.

2.4 In this regard ( 2.2), our principles are' lawfulness, fairness, and transparency.

3. Explicit and legitimate purpose

3.1 The data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

3.2 The data are used adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed ('data minimisation');

3.3 Lawyer In utilizes the data for the improvement and security of users and services, for research and development, to enable the connection between users, and for professional, personal, and/or legal relations.

3.4 Lawyer In is not rightful to sell or disseminate users' data with the intention of direct marketing to third parties.

3.5 Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered to be incompatible with the initial purposes ('purpose limitation')

4. Removing data

4.1 In case of inactivity, fraud, or dishonesty, Lawyer In reserves the right to delete the data and the account, both or any of them.

4.2 The User has the right to request the removal of the Lawyer In account and to have this request honored.

4.3 It is worth mentioning that, subsequently, the Lawyer In may retain certain information about the User if necessary, such as if it has to comply with some legal requirements or for reasons of safety, security, and fraud prevention.

4.4 The retained data will follow the same rules from paragraph 2.

5. Data communication to third parties

5.1 In certain circumstances, Lawyer In will share your data with third parties, such as our employees, suppliers, and their employees.

5.2 Suppliers refer to companies we have contractual relations with certain services, including but not limited to: IT service providers, telephony service providers, and service management solution providers.

5.3 Lawyer In assure you that we have signed personal data processing agreements and confidentiality clauses with all third-party providers to protect your data.

5.4 "Lawyer In" has not agreed with them to use your data for purposes other than those entrusted to them.

5.5 "Lawyer In" also obligate them through contractual provisions to respect the confidentiality of your data.

5.6 However, we are rightful to transmit your data to public authorities (Prosecution, Police, courts) based on and within the limits of legal requirements.

5.7 Lawyer In disclaims any responsibility, explicit or implicit, to guarantee the actuality or correctness of the data collected.

5.8 In this regard ( 5.7), the platform users are solely responsible for the actuality and correctness of the data.

6. Storage limitation

6.1 The data will be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

6.2 Personal data may be stored for more extended periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals ('storage limitation')

6.3 Unless users make objections regarding the processing of the data by us and/or request the deletion of the data, the following retention periods apply, under our data retention policy, for the following categories of personal data:

a) We store personal data no longer than is necessary for the reason for which this data was collected or to comply with the law

b) The data of users, clients, and suppliers will be kept for at least ten years in order to be able to demonstrate the payment operation fiscally for the services provided.

7. The right to rectification

7.1 The data should be accurate and, where necessary, kept up to date.

7.2 In this regard, every reasonable step must be taken to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy')

7.3 "Lawyer In" keep your data complete, accurate, and up-to-date based on your most recent information.

7.4 However, if an error occurs, you can request and obtain the data rectification.

8. The right to restriction

8.1 Individuals have the right to restrict the processing of their data in certain circumstances.

8.2 This means individuals can limit how an organisation uses their data.

8.3 This is an alternative to requesting the erasure of their data.

8.4 Individuals have the right to restrict the processing of their personal data where they have a particular reason for wanting the restriction.

8.5 Individuals have the right to request a restriction of their personal data processing in the following circumstances:

a) the individual contests the accuracy of their personal data, and we are verifying the accuracy of the data;

b) the data has been unlawfully processed (i.e., in breach of the lawfulness requirement of the first principle of the UK GDPR), and the individual opposes erasure and requests restriction instead;

c) we no longer need the personal data, but the individual needs us to keep it in order to establish, exercise, or defend a legal claim; or

d) individuals have objected to us processing their data, and we are considering whether our legitimate grounds override those of the individuals

8.6 In order to data restriction, we use one, more, or all of the following methods:

a) temporarily moving the data to another processing system;

b) making the data unavailable to users; or

c) temporarily removing published data from a website.

8.7 We will not process the restricted data in any way except to store it unless:

a) we have the individual's consent;

b) it is for the establishment, exercise, or defense of legal claims;

c) it is for the protection of the rights of another person (natural or legal); or

d) it is for reasons of substantial public interest.

8.8 We will contact each recipient and inform them of the restriction of the personal data unless this proves impossible or involves disproportionate effort.

8.9 Upon the individual's specific request, we will also inform the individual about these recipients.

8.10 The restriction operates until the verification of the case of illegality or the accuracy of the data.

8.11 The restriction also operates if you request the data for establishing or defending a right and we no longer need them, or you object to the processing during the period in which we check whether our legitimate reasons are first over yours.

9. The right to be informed

9.1 What to provide

9.1.1 We provide individuals upon request with all the following privacy information:

a)The name and contact details of our organisation.

b) Our representative's name and contact details (if applicable).

c)The contact details of our data protection officer (if applicable).

d)The purposes of the processing.

e)The legitimate interests for the processing (if applicable).

f)The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).

g)The details of transfers of personal data to any third countries or international organisations (if applicable).

h) The retention periods for the personal data.

i)The rights available to individuals in respect of the processing.

j)The right to withdraw consent (if applicable).

k)The right to complain to a supervisory authority.

l) The source of the personal data (if it is not obtained from the individual it relates to).

m) The details of whether individuals are under a statutory or contractual obligation to provide personal data (if applicable, and if the personal data is collected from the individual it relates to).

9.2 When to provide it

9.2.1 If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information:

a)within a reasonable period of obtaining the personal data and no later than one month;

b)if we plan to communicate with the individual, at the latest, when the first communication takes place;

c) if we plan to disclose the data to someone else, at the latest, no later than five days from the data is disclosed.

9.3 How to provide it

9.3.1 We provide the information in a way that is:

a) concise;

b) transparent;

c) intelligible;

d) easily accessible; and

e) uses clear and plain language.

9.4 You can ask us for information about your data, namely what categories of personal data we have, what it is used for, where we collected it from if it is not collected directly from you, and to whom they were disclosed (if applicable).

9.5 In this regard, you can get a free copy from us.

9.6 However, we reserve the right to charge a fee for each additional copy containing the data report.

10. The right to access

10.1 An individual can make a Subject Access Request ( SAR) only in writing due to the specifics of the Lawyer In platform, including on social media.

10.2 A request is valid if it is clear that the individual is asking for their own personal data.

10.3 An individual does not need to use a specific form of words, refer to legislation, or direct the request to a specific contact.

10.4 An individual may ask a third party (e.g., a relative, friend, or solicitor) to make a SAR on their behalf.

10.5 Lawyer In may also receive a SAR made on behalf of an individual through an online portal. 10.6 Before responding, we must be satisfied that the third party making the request is entitled to act on behalf of the individual.

10.7 It is the third party's responsibility to provide evidence of their authority.

10.8 We comply with a SAR without undue delay and within one month of receiving the request at the latest.

10.9 This period ( 9.7) can be extended to respond by a further two months if the request is complex or we have received several requests from the individual, e.g., other types of requests relating to individuals' rights.

10.10 We may be able to ask for specifying the information or processing activities the individual request relates to if it is not clear.

10.11 The time limit for responding to the request is paused until receiving clarification(9.9).

10.12 Where an exemption applies, we may refuse to provide all or some of the requested information, depending on the circumstances.

10.13 We can also refuse to comply with a SAR if it is manifestly unfounded or manifestly excessive.

10.14 A request may be manifestly unfounded if, but not limited to:

a) the individual has no intention to exercise their right of access. For example, an individual makes a request but then offers to withdraw it in return for some form of benefit from the organisation; or

b) the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption. For example, the individual: explicitly states, in the request itself or other communications, that they intend to cause disruption; makes unsubstantiated accusations against you or specific employees which are clearly prompted by malice; targets a particular employee against whom they have some personal grudge; or systematically sends different requests to you as part of a campaign, e.g., once a week, intending to cause disruption.

10.15 If we refuse to comply with a request, we will inform the individual of:

a) the reasons why;

b) their right to make a complaint to the ICO or another supervisory authority; and

c) their ability to seek to enforce this right through the courts.

11. The right to data portability

11.1 The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used, and machine-readable format.

11.2 It also gives them the right to request that a controller transmits this data directly to another controller.

11.3 The right to data portability only applies when:

a) the lawful basis for processing this information is the individual consent or for the performance of a contract; and

b)we are carrying out the processing by automated means (i.e., excluding paper files).

11.4 Information is only within the scope of the right to data portability if it is the personal data of the individual they provided to us.

11.5 The right to data portability entitles an individual to:

a) receive a copy of their personal data;

b) have their personal data transmitted from one controller to another controller.

11.6 Individuals have the right to receive their personal data and store it for further personal use.

11.7 This allows the individual to manage and reuse their personal data. (for example, an individual wants to retrieve their contact list from a webmail application ).

11.8 Lawyer In can achieve the data portability by either:

a) directly transmitting the requested data to the individual, or

b) providing access to an automated tool that allows the individual to extract the requested data themselves.

11.9 It is worth mentioning that this ( 9.8 /b) does not create an obligation for us to allow individuals more general and routine access to our systems but only for extracting their data following a portability request, if technically possible.

12. The right to erasure

12.1 The right only applies to data held at the time the request is received.

12.2 The right does not apply to data that may be created in the future.

12.3 The right is not absolute and only applies in certain circumstances :

a) the personal data is no longer necessary for the purpose were collected or processed for;

b) the data collection relies on consent as the lawful basis for holding the data, and the individual withdraws their consent;

c) the collecting is relying on legitimate interests as a basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;

d) the data are processed for direct marketing purposes, and the individual objects to that processing;

e) the data have been processed unlawfully (i.e., in breach of the lawfulness requirement of the UK GDPR first principle);

12.4 The data can erase if it is no longer necessary for us concerning the purposes for which it was collected.

12.5 The right to erasure operates unless the processing is necessary to fulfill a legal obligation that requires the processing by us, following the order of a judicial body, for legal data retention requirements or the exercise or defense of a right.

13. The right of objection

13.1 The right to objection gives individuals the right to object to processing their personal data at any time.

13.2 An objection may be in relation to all of the personal data you hold about an individual or only to specific information.

13.3 It may also only relate to your particular purpose for which you are processing the data.

13.4 An individual must give specific reasons why they object to processing their data.

13.5 These reasons should be based upon their particular situation.

13.6 Individuals have the absolute right to object to processing their personal data if it is for direct marketing purposes.

13.7 However, in these circumstances, this is not an absolute right, and we can refuse to comply if:

a) we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights, and freedoms of the individual; or

b) the processing is for the establishment, exercise, or defence of legal claims.

13.8 However, this does not automatically mean that we need to erase the individual's personal data, and in most cases, it will be preferable to suppress details.

13.9 Suppression involves retaining just enough information to ensure that the individual preference not to receive direct marketing is respected in the future.

13.10 If the data are processed for scientific or historical research or statistical purposes, the right to object is limited.

13.11 Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her personal situation, shall have the right to object to the processing of personal data concerning him or her unless the processing is necessary for the performance of a task carried out for reasons of public interest.

13.12 The processing of personal data may be subject to your opposition if it is not based on your consent but on our legitimate interests or those of a third party.

13.13Consequently, the data will not be processed if we cannot demonstrate well-founded, legitimate reasons and significant interest for their processing or the defense of a justifiable right.

13.14 In this case, please specify whether you want the deletion of your data or the restriction of their processing by us.

14. The right to file a complaint

14.1 In the case of a breach of applicable law, you may file a complaint with the data protection supervisory authority in the country where you live or where a breach occurred.

15. Exercising your legal rights

15.1 To exercise your legal rights, please contact our Data Protection Officer, in writing or text form, by email to —————-.

16. Accountability and Governance

16.1 Lawyer In takes responsibility for complying with the UK GDPR, where necessary, at the highest management level and throughout our organisation.

16.2 We keep evidence of the steps we take to comply with the UK GDPR.

16.3 We put in place appropriate technical and organisational measures, such as:

a) adopting and implementing data protection policies (where proportionate);

b) taking a 'data protection by design and default approach - putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations;

c) putting written contracts in place with organisations that process personal data on our behalf;

d)maintaining documentation of our processing activities;

e) implementing appropriate security measures;

f) recording and, where necessary, reporting personal data breaches;

g) carrying out data protection impact assessments for uses of personal data that are likely to result in a high risk to individuals' interests;

h) appointing a data protection officer (where necessary);

16.4 Lawyer In reviews and updates our accountability measures at appropriate intervals.

17. Consent

17.1 Lawyer In regularly reviews consents to check that the relationship, the processing, and the purposes have not changed.

17.2 We have processes in place to refresh consent at appropriate intervals, including any parental consent.

17.3 We consider using privacy dashboards or other preference-management tools as a matter of good practice.

17.4 We make it easy for individuals to withdraw their consent at any time and publicise how to do so.

17.5 We act on withdrawals of consent as soon as we can.

17.6 We do not penalise individuals who wish to withdraw consent

18. Appointing a Data Protection Officer

18.1 We are not required to appoint a DPO, but we have decided to do so voluntarily.

18.2 We understand that the same duties and responsibilities apply had we been required to appoint a DPO and support our DPO to the same standards.

18.3 The Lawyer In DPO is tasked with monitoring compliance with the UK GDPR and other data protection laws, our data protection policies, awareness-raising, training, and audits.

18.4 We will take account of our DPO's advice and the information they provide on our data protection obligations.

18.5 When carrying out a DPIA, we seek the advice of our DPO, who also monitors the process.

18.6 Our DPO acts as a contact point for the ICO. They cooperate with the ICO during prior consultations under Article 36 and will consult on any other matter.

18.7 When performing their tasks, our DPO has due regard to the risk associated with processing operations and considers the processing's nature, scope, context, and purposes.

19. Accessibility of the DPO

19.1 Our DPO is easily accessible as a point of contact for our employees, individuals, and the ICO.

19.2 We have published the contact details of the DPO and communicated them to the ICO.

20. Final provisions

20.1 Lawyer In will try to solve your requests within 30 days.

20.2 The period may be extended by additional 30 days for reasons such as the complexity of the request or the legal right.

20.3 In certain situations, due to legal provisions, we may not be able for you to access all or part of your data.

20.4 In case of refusal of the access request, we will offer you an appropriate reason.

20.5 In some situations, due to the lack of correct data you provided in the written request, we may be unable to search for personal data.

20.6 In such cases, if you do not provide us with additional information that allows us to identify you correctly, we cannot comply with your request to exercise your legal rights as described in this section.

20.7 In these situations, we are not responsible for the failure to resolve your request.

20.8 We may update this policy from time to time by notifying users of material changes to Lawyer In's privacy policies.

20.9 We encourage users to periodically review these policies to learn the latest information about our privacy practices.

  • EU Appendix

This Appendix applies where the Informa Controller you are dealing with is in the EU or UK or where an Informa Controller outside the EU or UK provides services to you if you live in the EU or UK.

How and why we use personal information

There are a number of legal grounds under which the use of personal information under UK and EU data protection laws is justified and we are required to set out the grounds of such use in this Privacy Policy. An explanation of the scope of the principal grounds that justify our use is set out below

  • Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent through the contacting the Divisional Database team via the details provided in the Marketing section.
  • Contract performance: where your information is necessary to enter into or perform our contract with you.
  • Legal obligation: where we need to use your information to comply with our legal obligations.
  • Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
  • Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

International transfer of personal information

Certain countries outside the European Economic Area (EEA) and UK have been approved by the European Commission as providing essentially equivalent protections to EEA and UK data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities.

Your rights

If you have any questions in relation to our use of your personal information, contact us. Under certain conditions, you may have the right to require us to:

  • Provide you with further details on the use we make of your information
  • Provide you with a copy of information that you have provided to us
  • Update any inaccuracies in the personal information we hold
  • Delete any personal information the we no longer have a lawful ground to use
  • Where processing is based on consent, to withdraw your consent so that we stop that particular processing
  • Cease direct marketing to you
  • Where we undertake wholly automated decision making which results in the creation of a legal obligation or a similar significant impact, you may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law adjust the processing
  • Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
  • Restrict how we use your information whilst a complaint is being investigated

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

We hope to resolve any privacy concerns you may have. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws.

In the UK, the UK Information Commissioner’s Office regulates and enforces data protection law. Their procedures can be found at www.ico.org.uk.

In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) regulates and enforces data protection law. Their procedures can be found at www.autoriteitpersoonsgegevens.nl.