Skip to main content

Privacy Policy

Policy Owner: Augmetec Limited

Effective Date: 23 November 2023

Application

This privacy policy (the “Policy”) governs the terms and conditions under which Augmetec Limited and its affiliates ( collectively, “Augmetec”, “we”, “us” or “our”) process your information when you use our services, such as when you:

  • visit our website at https://augmetec.com, https://leiaa.com or any website of ours that links to this Policy;
  • use our cloud-based legaltech solution (“LEIAA”), or any other associated application of ours that links to this Policy, which may be available at *.leiaa.com or otherwise, as made available either directly by us or via our authorised partners; and
  • engage with us in other related ways, including any sales, marketing, troubleshooting, LEIAA support or otherwise, in connection with the activities and services provided by the Company,

together, the “Services”. 

Before accessing or using the Services, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this Policy. By accessing or using the Services, you are accepting and consenting to the information and practices as described herein.

Questions?

Reading this Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Policy

Augmetec  is committed to protecting the security, confidentiality, and privacy of its information resources in accordance with the requirements set forth in Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the “EU GDPR“); (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (the “UK GDPR“); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time (together, the “Regulations”).

Personal data shall only be processed when there is a legal basis to do so, data shall be managed to ensure that security, confidentiality, and privacy are maintained, and data will be used only for authorised purposes. All employees and contractors of Augmetec share the responsibility for safeguarding personal data to which they have access.

What information do we collect and process?

“Personal data” describes a broad range of information, as defined differently by data protection laws around the world. In general, we mean any information that relates to an identifiable individual. In other words, a person’s personal email address constitutes personal data, whereas a business address would not. 

The personal information that we process depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use, and may include the following:

  1. we collect personal information that you voluntarily provide to us when you engage with the Services – for example, when you visit our website, express an interest in obtaining information about us or LEIAA, when you use our products and services, when you provide feedback to us, or when you contact us. This may include personal data as your name, email address, employment details and job title, physical address, payment or card information, billing address and telephone number, or other information that you provide to us as part of the Services;
  2. we automatically collect certain information when you visit, use or navigate through the Services. This information does not reveal your specific identity (such as your name or contact information) but may include usage data on how you interact with our Services, such as log data, device or browser information, metadata, IP address, MAC address, location, date and time of user activity, operating systems, language preferences, information on how you use our Services and other technical information. 
  3. like many companies, we also collect information via cookies and similar tracking technologies for analytical and functional purposes.

We may also process information that is not identifiable to a particular individual, which may be available or gathered via your use of the Services. Some of the information that we collect here may include usernames, directory names, server names, share names, file names, configuration logs, event logs, browsing events and technical information transmitted by your device. We may also gather information relating to feedback ratings, feedback text, etc, as part of the Service delivery if this is agreed between us and you in advance. 

How do we process your information?

We use the information we collect primarily to provide the services that you have requested from us, and as needed from our own internal and legitimate business purposes (such as to do the things that we need to do to function as a business). In addition, we may use data about our customers to detect, prevent or investigate security incidents, fraud, or abuse and misuse of our platform and services. We do this only to the minimum extent required or otherwise reasonably necessary for one or more of our functions or activities, and while maintaining your right to privacy. Some of these activities include:

  • setting up your instance of LEIAA (and/or any other similar services), facilitating communication between us and providing our Services to you;
  • identifying and authenticating your access to and use of the Services, including the management of your accounts with us, fulfilling and managing any orders, payments, returns, etc;
  • enabling communication with other third parties if you opt to use any of our offerings that allow for communication with third parties;
  • obtaining your feedback, collecting aggregated and anonymised service data and other information, and identifying usage, trends and other activities so that we can develop and provide additional features or Services or improve our own internal business purposes;
  • responding to your user enquiries relating to the Services, including any applications to enrol in the Services or to participate in one of our programmes, activities, events or other such circumstances as may be provided either directly or indirectly to you;
  • sending any system alerts, email messages or the provision of customer support and other troubleshooting activities to you with regard to our Services and to respond to queries that you raise;
  • our efforts to keep the Services safe and secure and/or for fraud monitoring and prevention;
  • internal business growth, such as the merger, acquisition, reorganisation of Augmetec;
  • to meet any legal requirements and enforcement obligations; and
  • for other purposes for which we obtain your consent. 

We may use your contact information to send you information about some of our Services or events in which we think you may be interested. You can opt out of receiving marketing communications at any time by clicking “unsubscribe” at the bottom of any marketing emails you receive from us. You can also update your communication preferences by contacting our Customer Support team at [email protected] to communicate your choice to opt out. You will not be able to opt out of service emails from us, such as password reset emails, multi-factor authentication emails, billing emails, automatically generated emails from your use of LEIAA (such as invitations to interviews, task allocations etc), unless you deactivate your account. 

We may also use publicly available information about you that we have gathered through public sources such as LinkedIn or other third party providers, to help us understand our customer base better and provide you with the right information relating to the Services. 

We may also use and/or disclose your personal information or other information that you submit to us if we, in good faith, believe that use and/or disclosure of such information is reasonably necessary to (i) comply with applicable law, court/tribunal order, regulation, process (including alternative dispute resolution or regulatory or governmental request); (ii) enforce our policies, including any investigations (either internal or in collaboration with external advisors) into potential violations thereof; (iii) identify, detect, prevent or take any reasonable action regarding any illegal activities, fraud, security issues or misuse of the Services; (iv) to establish or exercise our rights to defend against legal claims; (v) mitigate any harm to the rights, property, health or safety of us, you, or any third party. 

What is the legal basis on which we rely to process your information?

We process your personal information based on the following legal bases, each of which is prescribed or as permitted by relevant data protection laws:

  • Consent: We may process your information if you have given us permission to do so, for a specific purpose. You can withdraw your consent at any time.
  • Performance of a contract: We may process your information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to: (i) analyse how our Services are used so that we can provide the right services (and charge the right amount), improve our Services and retain users; (ii) diagnose problems and/or prevent fraudulent activities; or (iii) understand how our users use our products and services so that we can improve our user experience. 
  • Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation or other disputes in which we are involved;
  • Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. 

In legal terms, we are generally the “data controller” under the Regulations, since we determine the means and/or purposes of the data processing we perform. This Privacy Notice does not apply to the personal information that we process as a “data processor” on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing addendum is the data controller responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions. 

When and with whom do we share your personal information?

We handle your data with care and respect. We do not sell your personal data and we do not share your information with third parties for those third parties’ own business interests unless you have specifically agreed this in writing, such as at a conference when you direct us to share your information with a sponsor). However, we do share personal data to third party vendors, service providers, contractors or agents in order to provide our products and services, including the Services, to you. We have appropriate contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any other organisation apart from us, unless you specifically and explicitly consent to this. They also commit to protecting the data they hold on our behalf and to retain it for the period we instruct. 

This could include: (i)  the provision of some information to our cloud computing vendors to provide the requisite functionality (such as, but not limited to, the provision of your Saas-based solution, the provision of transcriptions, backups, language detection and other functionality); (ii) the provision of services by some of our third party partners including the provision of document fraud detection capabilities; (iii) the provision of payment services through our third party payment providers (GoCardless, Stripe and/or PayPal); (iv) the provision of additional services provided by specific third party vendors who carry out certain data processing functions on our behalf (although these providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data), such as communication and collaboration tools, data analytics, product engineering, product design, sales and marketing, finance and accounting tools.

We may also need to share your personal information in the following situations:

  • Business transfers: We may share or transfer your information in connection with, or during negotiations of any merger, sale, financing or acquisition of all or a potion of our business;
  • Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us;
  • Business Partners: We may share your information with our business partners so that we are able to offer you certain products, services or promotions; 
  • Other Users: When you share your personal information or otherwise interact with other public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your public profiles. 

Cookies and tracking technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. 

A cookie is a piece of data contained in a small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow us to identify your device as you navigate our website or your user account. This makes navigating and interacting with our websites our the Services more efficient, easy and meaningful for you. By themselves, cookies do not identify you specifically. Rather, they recognise your web browser. So unless you identify yourself specifically to us (like signing into your account), we do not know who you are just because you visited our website. 

We may use both session and persistent cookies. Session cookies are those that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off. Additionally, cookies on our website fall into three categories: (i) required cookies; (ii) functional cookies; and (iii) advertising cookies. Our cookie consent tool will provide you with more information about each of these categories. 

We may also use web beacons to gather data about your use of our website, your user account and how you interact with emails we have sent to you. Web beacons are clear electronic images that can recognise certain types of data on your computer, like when you view a particular website tied to the beacon, and a description of the website tied to the web beacon. Additionally, we may put web beacons in marketing emails that notify us when you click on a link in the email that directs you to our website. We use web beacons to operate and improve our website, Services and email communications to you. 

Do we transfer your data internationally?

Data transfers to data where we are a data processor is governed by our separate data processing addendum agreed between you and us. Please refer to that data processing addendum for further details. Our primary operational servers are located in the United States of America. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored and processed by us in our facilities and by those third parties with whom we may share your personal information, including in countries such as the United Kingdom, Republic of Ireland, the EU, India, Australia, Singapore. 

If you are a resident in the European Economic Area, United Kingdom or Switzerland, these countries may not necessarily have data protection laws or other similar laws as those in your country. However, we take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law. 

For example, we have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third party providers (or under measures stronger than this). These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. We may also transfer data to recipients located in jurisdictions which were granted an “adequacy decision” with regard to their level of protection of personal data by the European Commission. 

How long do we store the information that we collect?

Unless you instruct us otherwise for justified reasons, we will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 

How do we safeguard your information?

We are committed to making reasonable efforts, in accordance with best market practices, to ensure the security, confidentiality and integrity of personal information and have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of the personal information we process. We take care in implementing and maintaining the security of the Services, with access to personal information based on the “least to know” concept, together with role-based access to control systems which ensures that only authorised personnel have access to personal information. 

Although we take steps to safeguard such information, we cannot be held responsible for the acts of those who gain unauthorised access (such as hackers, cybercriminals) to or abuse our Services, and we make no warranty (express, implied or otherwise), that we will prevent such access. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk and you should only access the Services within a secure environment. 

Do we collect information from minors?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate such account and take reasonable measures to promptly delete such data from our records. 

What are your other privacy rights?

In some regions such as the EEA, UK, Switzerland and Canada, you have certain rights under applicable data protection laws. These may include the right to request access and obtain a copy of your personal information, to request rectification or erasure, to restrict the processing of your personal information, to data portability (if applicable) and not to be subject to automated decision making. In certain circumstances, you may also have the right to object to the processing of your personal information. 

You can make such requests by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws. If you are in the EEA or UK and you believe that we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or the UK data protection authority.

If we are relying on your consent to process your personal information (express, implied or otherwise), you have the right to withdraw your consent. You can do so at any time by contacting us using the details below. However, please note that this will not affect the lawful processing of the information before its withdrawal or, when applicable laws allow, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. 

If you are located in Canada, the following section applies to you:

We may process your information if you have given us specific permission (i.e express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). You can withdraw your consent at any time. In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example, (i) if collection is clearly in the interests of an individual and consent cannot be obtained in a timely way; (ii) for investigations and fraud detection and prevention; (iii) for business transactions provided certain conditions are met; (iv) if it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim; (v) for identifying injured, ill, or deceased persons and communicating with next of kin; (vi) if we have reasonable grounds to believe that an individual has been, is, or may be a victim of financial abuse; (vii) if it is reasonable to expect the collection and use with consent would compromise the availability or accuracy of the information, and the collection is reasonable for the purposes related to investigating a breach of an agreement or a contravention of the local laws or regulations (federal or provincial); (viii) if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records; (ix) if it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced; (x) if the collection is solely for journalistic, artistic or literary purposes; or (xi) if the information is publicly available and is specified by the regulations. 

If you are a resident of the US State of California, the following section applies to you:

Here is a list of the categories of personal data that we collected in the past 12 months: (i) Identifiers; (ii) personal information, (iii) Commercial information; (iv) financial information; (v) internet or other electronic activity information; (vi) geolocation information; (vii) audio, electronic, visual or similar information; (viii) education information; (ix) professional or employment information; (x) sensitive personal information; and (xi) inferences drawn from collected personal information. 

We will use and retain the collected personal information as needed to provide the Services, or for 12 months, whichever is longer. Sensitive personal information may be used or disclosed to a service provider or contractor for additional, specified purposes necessary to perform the Services. You have the right to limit the use or disclosure of your sensitive personal information. 

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, by phone or mail in the context of: (i) receiving help through our customer support channels; (ii) participation in customer surveys; (iii) facilitation in the delivery of our Services and to respond to your enquiries. 

We have not sold or shared any personal information to third parties for a separate business or commercial purpose in the preceding 12 months. We may disclose your personal information with our service providers pursuant to written contracts between us and each service provider, as identified in this privacy notice. We may use your information for our own business purposes, including for research or technological development and demonstration. This is not considered to be “selling” your personal information. The categories of third parties to whom we disclose personal information for a business or commercial purpose can also be found in this privacy notice. 

You may request, once a year, that we disclose to you the categories and specified pieces of personal information that we have collected about you, the categories and sources from which your personal information is collected, the business or commercial purposes for collecting your personal information, the categories of personal information that we disclose for a business purpose, any categories of personal information about you that we sold, the categories of third parties with whom we have shared your personal information and the business purpose for sharing your personal information, if applicable. 

You have the right to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format. You have the right to request that we delete any personal information collected from you and retained, unless an exception applies. Once we receive and confirm your verifiable consumer request, we will delete (and will reasonably instruct our service providers, subcontractors and consultants to delete) your personal information unless an exception applies. 

You may have the right to request that we correct inaccurate personal information about you, and we will use commercially reasonable efforts to correct it. 

Under US applicable law, you have the right to opt out of selling or sharing (as these terms are defined under US applicable law) of your personal information. You may also have the right to limit our use of sensitive personal information only to what is necessary to perform the services you requested. 

You can exercise your rights by submitting a verifiable consumer request by emailing [email protected]. Only you or a person authorised to act on your behalf may make a consumer request related to your personal information. The request must provide sufficient information to allow us to reasonably verify your identity and describe your request with sufficient detail to allow us to properly understand and respond to it. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification, however we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete additionally provided information as soon as we finish verifying you. Unless permitted by the U.S Applicable Law, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Our goal is to respond to a verifiable request within 45 days of its receipt, but will inform you if we require more time. Any disclosure will cover the 12 month period preceding the request. 

Updates

We may update this privacy policy from time to time. The updated version will be indicated by an updated date at the top of the privacy policy and the updated version will be effective as soon as it is accessible. If we make material changes to the privacy policy, we may notify you either by posting a notice of such changes or by directly sending you a notification. We encourage you to review this notice frequently to be informed of how we are protecting your information. 

How can you contact us

If you have any questions or comments about this notice, you may contact us by post at:

Augmetec Limited

71-75 Shelton Street

London, WC2H 9JQ

United Kingdom 

If you are a resident in the UK, EEA or Switzerland, we are the data controller of your personal information. You can contact our appointed data protection representatives at +44 203 833 0090 or at [email protected]