Last revised November 12, 2020
We process some personal data in order to run our business. There are a limited number of circumstances where we may share your personal data with third parties (for example, pursuant to a court order, if we are part of a merger, or with our business partners and service providers who support our business or collaborate with us). We take the security of your personal data seriously and take steps to keep your personal data confidential and secure. Please read the full Privacy and Security Statement below and you may always contact us if you have questions. If you are a California resident, please refer to our California Consumer Privacy Act (CCPA) Notice for California Residents.
1. Introduction & Scope
Legal Sifter, Inc. (“LegalSifter”, “we”, “us”, “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy and Security Statement. This Privacy and Security Statement (together with our Terms & Conditions of Website Use) describes the types of personally identifiable information related to you (“personal data”) that we may collect or that you may provide, and how we use, protect, disclose, and otherwise process that personal data in our web applications, LegalSifter and ContractSifter (together, the “Web Applications”).
This Privacy and Security Statement does not apply to personal data collected or processed on any third-party site or application (including advertising) that may link to or be accessible from our Web Applications. We are not responsible for the privacy policies or data collection, use and disclosure practices of those sites. We encourage you to review the privacy policies of each site you visit.
Please read this Privacy and Security Statement carefully to understand our policies and practices regarding your personal data and how we will treat it. By accessing or using any of our Web Applications or services, you agree to this Privacy and Security Statement. This Statement may change from time to time, as further described below in Changes to Our Privacy and Security Statement, and these changes may affect how we use your personal data, so please check the Privacy and Security Statement periodically for updates.
In the context of this Privacy and Security Statement, LegalSifter acts as a data processor for the personal data we process.
3. Categories of Personal Data
We may process the following types of personal data:
biographical information, such as initials or full name;
professional information, such as job title;
contact information, such as e-mail address;
any other type of personal data that may be contained within contracts and other legal documents.
4. How We Receive Personal Data
We may receive your personal data in the following ways:
Personal data you provide to us. When you navigate our Web Applications or contact us, we may request or you may choose to provide us with certain information.
Personal data collected from forms on our Web Applications. This includes personal data provided at the time of registering to use portions of our Web Applications, posting material, or requesting further services. We may ask you for information when you report a problem with our Web Applications, products or services.
Usage details, IP addresses and cookies. As you navigate through and interact with our Web Applications, we may automatically collect certain information about your equipment, browsing actions and patterns using common internet technologies, such as cookies and Web beacons. This may include details of your visits to our Web Applications, including information about your connectivity, such as your IP address and browser information, location data, logs and other communication data, and the resources that you access and use on the Web Applications. The information we collect automatically helps us to improve our Web Applications and to deliver better and more personalized content and services by enabling us to estimate our audience size and usage patterns and recognize you when you return to our Web Applications.
Personal data contained in contracts. We may also receive your personal data contained in a legal document provided to us by one of our clients or when we import a contract containing your personal data from a publicly available source.
5. Basis of Processing
Within the scope of this Privacy and Security Statement, we process your personal data based on the documented instructions of our clients, acting as data controllers.
6. Purposes of Processing
We process personal data for the following purposes:
to provide you with information, products or services that you request from us;
to maintain the integrity and security of our Web Applications, products, and services;
for our ordinary business operations, including people development, recruiting, and business research and outreach; and
responding to your inquiries, and/or other requests or questions.
We only collect and retain as much personal data as needed for the specific, identified purposes described in this Privacy and Security Policy and we will not use it in any way that is incompatible with those purposes.
8. Web Analytics
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the US. Google Analytics does not identify individual users/associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage. Through User ID tracking, we will be able to more accurately track the number of users and activity on our site and will not send any personally identifiable information to Google.
Google Analytics Opt-Out is available for all to use via an add-on. For more information and instructions, view https://support.google.com/analytics/answer/181881.
9. Promotional Offers from LegalSifter
If you do not wish to receive promotional e-mail messages from us, you may opt-out by sending us an e-mail at email@example.com asking to be omitted from future e-mail distributions.
10. Data Retention Periods
We retain your personal data for as long as is necessary for us to perform under our engagement with the data controller. When the purposes of processing are satisfied, we will delete the related personal data within six months.
11. Sharing Data with Third Parties
We may share your personal data with other entities. Such third parties may include service providers offering the following types of services:
machine learning and natural language processing data science services
software version control
We will require that these third parties maintain at least the same level of privacy and security that we maintain for your personal data. Our service providers may be located outside of the United States. LegalSifter remains liable for the protection of personal data that we transfer to our service providers within the scope of our Privacy Shield certification, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
12. Other Disclosure of Your Personal Data
We may also disclose your personal data:
to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
to our subsidiaries or affiliates only if necessary for business and operational purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about users of our Web Applications as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.
13. Data Integrity and Security
LegalSifter has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect personal data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction. The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Web Applications, you are responsible for keeping this password confidential. Please do not share your password with anyone. Although we take reasonable security measures to protect your personal data, for example, by using Secure Socket Layer encryption when you transmit your password, we cannot guarantee the security of your personal data transmitted to our Web Applications. The transmission of information via the Internet is not 100% secure and we cannot ensure the security of any information you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the Web Applications.
14. Access and Review
If you are a data subject about whom we store personal data, you may have the right to request access to, and the opportunity to update, correct, or delete, such personal data. You may also have the right to opt out of having your personal data shared with third parties and to revoke your consent that you have previously provided for your personal data to be shared with third parties, except as required by law. You also have the right to opt out if your personal data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise such rights, please contact the data controller who has provided your personal data to us.
15. Children's Privacy
Our Web Applications are not directed at, or intended for use by, children under the age of 13. We do not knowingly process the personal data of anyone under 18. Children should always get permission from a parent or guardian before sending personal data over the Internet. If you believe your child may have provided us with their personal data, you can contact us using the information in the Contact Information section of this Privacy and Security Statement and we will delete that personal data.
16. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
LegalSifter is an active participant and certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
The EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework are no longer considered legitimate data transfer mechanisms for personal data from the EU and Switzerland to the U.S. respectively. LegalSifter will continue to maintain its EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield certifications (1) to ensure that data received under these frameworks is appropriately protected and (2) because these frameworks are based on sound data privacy principles which help to protect the personal data of our clients. The U.S. Department of Commerce continues to administer the Privacy Shield program.
17. GDPR Compliance
The General Data Protection Regulation (“GDPR”) expands the data privacy rights for European individuals and gives them power to control their data. For companies that process the personal data of these European individuals, the GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that the European individuals can exercise with these companies. Further information on the GDPR is available on the European Union’s official website. LegalSifter enters into Data Processing Agreements (“DPAs”) with its clients upon request.
LegalSifter also enters into compliant DPAs with its vendors, LegalSifter’s DPA may include where required by applicable law, standard contractual clauses that are the mechanism for compliant personal data transfer between the EU and any third country without an adequacy decision in terms of the GDPR. To request a DPA, please email firstname.lastname@example.org.
18. VeraSafe Privacy Program
LegalSifter is a member of the VeraSafe Privacy Program, meaning that with respect to personal data processed within the scope of the LegalSifter and ContractSifter web applications on behalf of LegalSifter clients that opt-out of LegalSifter’s use of their data for the development of computer algorithms, VeraSafe has assessed LegalSifter’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
19. Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through LegalSifter’s internal processes, LegalSifter has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required personal data here.
20. Binding Arbitration
If your dispute or complaint can’t be resolved by us, or through the VeraSafe Privacy Shield Dispute Resolution Procedure, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
21. Regulatory Oversight
LegalSifter is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
21. Changes to Our Privacy and Security Statement
We may amend this Privacy and Security Statement from time to time. If we make any material change to this Privacy and Security Statement, we will post the revised Notice to this web page and update the "Last revised” date above to reflect the date on which the new Privacy and Security Statement became effective. We encourage you to revisit this page periodically to read the current version of this Privacy and Security Statement in effect.
22. Contact Information
Attention: Phip Blitch, Information Security Officer
1918 Smallman St.
Pittsburgh, PA 15222
Please allow up to four weeks for us to reply with final resolution.