Your privacy is important to us. Accessible.org (“we” or “us“) has developed this EU GDPR Privacy Notice (the “GDPR Privacy Notice“) to provide additional information about how we handle personal information that is subject to the GDPR when we are the controller of that information. In this GDPR Privacy Notice, we use the term “GDPR” to include the EU General Data Protection Regulation, as well as associated national laws.
This GDPR Privacy Notice explains how Accessible.org handles the personal information we collect from individuals through the Site, the personal information we collect when individuals engage with us or use our products or services (our “Services“) and the personal information we receive about individuals as a result of providing the Services to third parties, whenever personal information is subject to the GDPR.
For the purposes of this GDPR Privacy Notice, “personal information” means any information relating to an identified or identifiable person.
Purpose of this notice
This GDPR Privacy Notice explains how we process personal information that is subject to EU data protection laws, and also sets out individuals’ rights related to our processing of such personal information.
Who are we and what do we do?
Accessible.org is the independent data controller responsible for your personal information collected via the Site.
Accessible.org is the data controller of personal information subject to the GDPR that we collect and process in connection with the Services.
Personal information we collect
We may collect personal information in the course of our business, including through your use of our Site, when you contact us or request information from us, when you engage our Services or as a result of your relationship with one or more of our staff and clients. When we require personal information from you in order to fulfill a statutory or contractual requirement, or where such information is necessary to enter into a contract or is otherwise an obligation, we will inform you and indicate the consequences of failing to do so.
Registrations, subscriptions, forms
If you register with us via the Site, sign up to receive news and information from us, or communicate with us through or related to the Site, we may collect the following personal information:
- Your name and email
- Contact information for you, including the company you work for and email address.
- Other information relevant to the provision of Services.
From individuals who are clients and prospective clients, or are representatives of clients and prospective clients, we may collect the following personal information:
Your name, the named Accessible.org client, the name of the company you work for (if different)
Contact information for you, the named Accessible.org client, and the company you work for (if different), including email address.
Payment information (including bank account and wire details), billing instructions and preferences (including to whom to direct invoices). Relevant information so that we can perform conflicts of interest checks.
Relevant information as required by regulatory Know Your Client and/or Anti Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may include documentation, which we request from the client or prospective client or through the use of online or public sources or both.
Information you provide to us for the purposes of attending meetings and events, including dietary requirements, which may reveal information about your health or religious beliefs.
Information that you provide to us as part of the provision of Services to you, which depends on the nature of your engagement with Accessible.org .
Other information relevant to the provision of Services.
Related parties and client representatives
Accessible.org is primarily engaged by corporate entities and clients (i.e., legal entities), and those legal entities are not data subjects (i.e., natural persons to whom personal information relates). However, as part of our engagement with these clients, we may receive personal information about individuals. For example, we may receive names, contact details, and other information relating to:
Officers, representatives and/or personnel of our corporate clients or prospective clients, as well as their affiliated and related entities.
Adverse parties in a matter or potential matter, such as claimants, plaintiffs, defendants and other adverse parties.
Related parties in a matter or potential matter.
Vendors and suppliers of our corporate clients or prospective clients.
Current and former legal advisors, consultants and other professional advisors of our corporate clients or prospective clients.
Government and/or law enforcement entities and their representatives.
If you are an individual whose personal information is processed by us as a result of providing the Services to others (including individual clients and corporate clients), we will process a variety of different personal information depending on the Services provided.
For example, if we are representing a client in a cross-border acquisition, we may receive and then process (among other information) details of the key managers of the target company.
We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved in providing the Services to our client (e.g., other law firms, experts etc.).
These examples are non-exhaustive, which is reflective of the varied nature of the personal information we process as part of a law firm providing legal services.
For clients and prospects, we also collect information to enable us to market our Services, which may be of interest to you. For this purpose we collect:
Name and contact details.
Other business information, such as job title and the company you work for.
Areas or topics that interest you.
Purpose and legal bases for our use of your personal information
Our processing of personal information is justified by a “legal basis”, that is, a specific condition. We may use personal information for the following purposes, in each case as justified by a legal basis:
Fulfillment of services
We use personal information to enable us to perform the Services, respond to your requests and deliver our Services, to provide legal advice and related Services for which you have engaged us, verify your identity, and carry out requests made by you on the Site or in relation to our Services.
What is our legal basis?
This processing is necessary for our compliance with legal obligations (including our professional and ethical duties as attorneys). It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others and comply with our professional and ethical duties as attorneys, consistent with applicable law. In some cases, this processing is necessary to perform a contract to which you are a party.
We use personal information to provide and operate our Site and the Services, to communicate with you about your use of the Site and Services, to respond to your inquiries, to provide troubleshooting, to fulfill your requests, to bill you for our Services, to collect payments, to respond to complaints and inquiries, to provide technical support, and to provide other client service and support.
What is our legal basis?
This processing is necessary to establish, exercise or defend our legal claims and rights. It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others and comply with our professional and ethical duties as attorneys, consistent with applicable law. In some cases, this processing is necessary to perform a contract to which you are a party.
Business administration and legal compliance
We use personal information for the following business administration and legal compliance purposes:
To perform and maintain information for the purposes of performing conflicts of interest searches.
To comply with our legal obligations (including Know Your Client, Anti-Money Laundering, Anti-Bribery, conflicts or similar obligations including, but without limitation, maintaining regulatory insurance).
To enforce our legal rights. To investigate and/or settle inquiries or disputes.
To comply with any applicable law, court order, other judicial process, law enforcement requests or the requirements of a regulator.
To enforce our agreements with you.
To protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services.
To maintain our records.
To process business transaction data, such as in connection with a merger, or a restructuring, or sale.
To use as otherwise required or permitted by law, consistent with these purposes.
What is our legal basis?
It is necessary to enforce, establish or defend our legal rights, or to protect the rights of third parties. This processing is necessary to comply with EU legal obligations imposed upon us. It is in our legitimate interest or a third party’s legitimate interest to use your personal information to comply with other legal obligations. In some cases, this processing will be necessary to perform a contract to which you are a party.
Marketing and promotions
We may use personal information for marketing and promotional purposes, such as to send you news and newsletters, or to otherwise contact you about products or information we think may interest you, by email and direct (postal) mail. We may also use it develop new Services and determine how to market our Services.
What is our legal basis?
It is in our legitimate interest to use your personal information for marketing purposes in order to develop and grow our business and Services and promote the reputation of our firm. We will, where required by applicable law, obtain your consent to send such communications.
We may use personal information in order to respond to Requests for Proposals (“RFPs“), prepare for and present pitches and other proposals, and identify potential business opportunities. Largely, this involves our collection and use of non-personal business information about current, former and prospective corporate clients. However, we may also process limited personal information about individuals (name, current and former company, current and former title, contact information and similar information).
What is our legal basis?
This processing is also in our legitimate interest to use your personal information in order to develop and grow our business and Services and promote the reputation of our firm. We also may process this information to respond to an RFP or a specific request in anticipation of a contract with you (i.e., engagement for Services).
Client insight and analytics
We use personal information to better understand how you and others use our Services, so that we can improve our Site and Services, develop new features, tools, offerings, services and the like, and for other research and analytical purposes. We also use the information we collect to measure the effectiveness of our online content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting, and what kind of offers our registered users like to see. We may use this information and the insights we have derived for marketing purposes (see the marketing section above for further details), or to make decisions about events, news and information that may be of interest to clients, prospective clients, Site users and others.
What is our legal basis?
It is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best Services to our clients and others in order to develop and grow our business and Services and promote the reputation of our firm.
Industry benchmarking and rankings
We participate in industry surveys and reports which clients use to assess law firms and the legal industry. Largely, this involves our collection and use of non-personal business information about clients and matters. However, we may also review and share limited personal information about individuals (such as referee name, title and contact).
What is our legal basis?
It is in our legitimate interest to use your personal information in order to develop and grow our business and Services and promote the reputation of our firm. Where required, we will obtain your consent.
Prevent misconduct, abuse and misuse
Subject to our professional and ethical duties, we use personal information where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our terms of engagement. We also use personal information to protect and secure the Site and our information systems and networks.
What is our legal basis?
This processing is necessary to comply with EU legal obligations imposed upon us. It is necessary to enforce, establish or defend our legal rights, or to protect the rights of third parties. It is in our legitimate interest or a third party’s legitimate interest to use your personal information to comply with other legal obligations. In some cases, this processing will be necessary to perform a contract to which you are a party.
Sharing your personal information
We may also share personal information with a variety of the following categories of third parties as necessary:
Our professional advisers, such as lawyers and accountants.
Government and/or regulatory authorities.
Regulators, tax authorities and/or corporate registries.
Third parties to whom we outsource certain services, such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, and document and information storage providers.
Third parties engaged in connection with our Services, such as counsel, arbitrators, mediators, clerks, witnesses, court reporters, court, opposing party and their lawyers, document review platforms and experts, such as tax advisors.
Third party service providers to assist us with client insight analytics, such as Google Analytics.
Third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter.
Third party contractors and other data controllers
As mentioned above, we may appoint sub-contractor data processors as required to deliver the Services, such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, and document and information storage providers, who will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the Services (for example, but without limitation, accountants, attorneys, consultants and other third party experts including, but without limitation, other law firms). When doing so, we will comply with our legal and regulatory obligations in relation to the personal information including, but without limitation, putting appropriate safeguards in place.
What is our legal basis?
It is necessary for us to perform our obligations in accordance with any contract or engagement that we may have with you. It is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can.
Where we transfer your personal information
Accessible.org is located in the United States; when you submit personal information to us, or when others provide personal information to us, we will receive it and process it in the United States. In order to provide the Services, we also may need to transfer your personal information to locations in other.
If you are based within the European Union/European Economic Area (EEA), please note that where necessary to deliver the Services, we will transfer personal information to countries outside the EEA.
You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA by contacting us at firstname.lastname@example.org.
Retention of personal information
In general, we will retain relevant personal information of Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws, or for longer if we are required to do so according to our regulatory obligations or professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.
We generally retain files and information regarding client engagements and matters for which we have been retained for at least seven years from the date of our last interaction with the relevant client, in compliance with our obligations under applicable laws, or for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others. We may then destroy such files without further notice or liability.
Confidentiality and security of your personal information
We are committed to keeping personal information secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. Please note that no transmission over the Internet is completely secure or error-free, and that the information security policies, rules and technical measures utilized and maintained by us may be subject to compromise.
All of our partners, employees, consultants, workers and data processors (i.e., those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
How to access your information and your other rights
You have the following rights in relation to the personal information we hold about you:
Your right of access
If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to correction (rectification)
If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.
Your right to restrict (block) processing
You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.
Your right to data portability
You have the right, in certain circumstances, to receive a copy of personal information we’ve obtain from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant supervisory authority.
Please note that some of these rights may be limited where we have an overriding legitimate interest or legal obligation to continue to process the personal information, or where the personal information may be exempt from disclosure due to applicable law, the applicable rules of professional conduct, attorney-client privilege, legal professional privilege, other applicable privileges or protections, or professional secrecy obligations.
Collection of information by third-party sites and sponsors
The Site contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as Accessible.org has no control over information that is submitted to or collected by these third parties.
The Site is not for use by children under the age of sixteen (16) years, and we do not knowingly collect, store, share or use the personal information of children under 16 years. If you are under the age of 16 years, please do not provide any personal information, even if prompted by the Site to do so. If you are under the age of 16 years and you believe you have provided personal information to us, please ask your parent(s) or guardian(s) to notify us and we will delete all such personal information.
Changes to this GDPR privacy notice
We may make changes to this GDPR Privacy Notice from time to time, to reflect changes in our practices. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where we materially change this Policy, we will take steps to notify you (such as by posting a notice on the Site or via email), and where required by applicable law to obtain your consent.
How to contact us?
If you have any questions about this GDPR Privacy Notice or want to exercise your rights set out in this GDPR Privacy Notice, please contact us at email@example.com.
Accessible.org, as independent data controller of the personal information collected via the Site, will work to appropriately respond to your inquiries or requests related to that personal information.