Last updated: 13 November 2024
Privacy Notice
Global Law Company (“Digital Lawyer Diary”, “we”, “us”) provides the legal practice management platform available at www.digitallawyerdiary.com and through associated applications (the “Platform”). We are the data controller responsible for personal data processed in connection with the Platform. Our registered address is 3rd Floor, Ahmad & Shafi Plaza, 13 Fane Road, Lahore, Pakistan. Contact our privacy team at [email protected] or by post at the address above.
1. Scope of this notice
This notice explains how we collect, use, disclose, and protect personal data when you visit the Platform, create an account, interact with our services, or otherwise engage with us. If you access the Platform on behalf of a law firm or organisation with a contract with us, that organisation may also act as a data controller. In that case, please review both this notice and their privacy communications.
2. Personal data we collect
We process the following categories of personal data:
- Account details: name, organisation, business contact information, professional credentials, authentication data, and language preferences.
- Platform content: matter files, client records, tasks, invoices, time entries, uploaded documents, internal comments, and collaboration history created by users.
- Usage and device data: IP address, browser type, device identifiers, access timestamps, referring URLs, navigation patterns, and cookie identifiers (see the Cookie Policy).
- Support interactions: helpdesk tickets, email exchanges, call notes, and survey responses.
- Billing information: payment method details, tax data, transaction history, billing contacts, and subscription status.
- Marketing preferences: newsletter opt-ins, event registrations, and engagement metrics for campaigns.
You may also upload special-category personal data (for example, criminal or health information contained in case documents). You are responsible for ensuring you have a lawful basis to upload such content. We do not knowingly collect data relating to children under 16 years of age.
3. How we obtain personal data
We gather personal data from the following sources:
- Directly from you: when you register, submit forms, upload content, participate in webinars, or contact support.
- Automatically: through cookies, SDKs, and telemetry when you interact with the Platform and our emails.
- Your organisation: firm administrators who add you to a workspace or assign roles provide your name, email address, and access rights.
- Third parties: identity verification partners, payment providers, marketing platforms, and publicly available registers where permitted by law.
4. Purposes and legal bases
We only process personal data where we have a lawful basis under the GDPR and UK GDPR.
| Purpose | Examples of processing | Legal basis |
|---|---|---|
| Provide and administer the Platform | Create accounts, authenticate logins, host stored matter data, deliver collaboration tools, maintain audit trails. | Performance of a contract with you or your organisation. |
| Customer service and product improvement | Respond to enquiries, troubleshoot incidents, train staff, analyse aggregated feature usage. | Legitimate interests (to operate and improve the Platform). |
| Billing and compliance | Issue invoices, process payments, perform anti-fraud checks, satisfy tax and accounting obligations. | Performance of a contract; legal obligation. |
| Marketing communications | Send newsletters, product updates, and event invitations; measure engagement when you opt in. | Consent for email or SMS marketing; legitimate interests for service notices with an opt-out option. |
| Security and enforcement | Monitor suspicious activity, investigate misuse, enforce terms of service, defend legal claims. | Legitimate interests; legal obligation; establishment, exercise, or defence of legal claims. |
| Analytics and research | Run Firebase Analytics and Cloudflare Web Analytics to understand performance and reliability. | Consent (analytics cookies and measurement tools). |
5. Sharing your personal data
We share personal data only where necessary and subject to contractual safeguards:
- Service providers: secure hosting (including Google Cloud Platform), communications tools, customer support software, identity verification, payments, analytics, and security services acting on our instructions.
- Professional advisers: lawyers, accountants, auditors, and consultants bound by confidentiality.
- Your organisation: workspace administrators and team members may access information you store or actions you take within the Platform.
- Authorities and courts: where required by law, regulation, or court order, or to assert legal rights.
- Business transfers: in relation to a merger, acquisition, or sale of assets, provided the recipient complies with this notice.
We do not sell personal data and we do not allow our processors to use your information for their own marketing.
6. International transfers
We host data in the European Union and the United States. When we transfer personal data outside your jurisdiction, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms. Copies of these safeguards are available upon request.
7. Retention
We keep personal data only for as long as necessary for the purposes described above or as required by law. If you close your account, Platform content is deleted or anonymised within 60 days unless continued retention is required for legal or regulatory reasons. Billing records are kept for up to seven years and support correspondence for up to three years. Aggregated analytics data is stored in a de-identified format.
8. Security
We apply technical and organisational measures including encryption in transit, role-based access controls, multi-factor authentication for administrators, continuous vulnerability scanning, secure development practices, and incident response playbooks. Access to client data is limited to authorised staff who require it for their role and are bound by confidentiality.
9. Your rights
If you are located in the European Economic Area, United Kingdom, or another jurisdiction with equivalent rights, you may:
- Request access to the personal data we hold about you.
- Ask us to correct inaccurate or incomplete personal data.
- Request deletion of your personal data when it is no longer required or if you withdraw consent.
- Request restriction of processing in certain circumstances.
- Ask to receive your data in a structured, commonly used, machine-readable format.
- Object to processing based on legitimate interests or to direct marketing at any time.
- Withdraw consent where we rely on consent (for example, marketing or analytics).
- Lodge a complaint with your local supervisory authority. EU contacts are listed at edpb.europa.eu; UK residents can contact the Information Commissioner's Office.
To exercise these rights, email [email protected]. We may request proof of identity and will respond within one month, or explain if we need longer.
10. Marketing choices
We send marketing communications only with your consent or where permitted by applicable law. You can opt out at any time via the unsubscribe link, your account settings, or by contacting us. We will continue to send service and transactional messages that are necessary to administer your account.
11. Automated decision-making
We do not use automated decision-making, including profiling, that produces legal or similarly significant effects on you. If this changes, we will update this notice and explain the consequences and safeguards.
12. Third-party links and integrations
The Platform may link to third-party websites or integrate with providers such as payment gateways or communication tools. These services operate independently and have their own privacy policies. We encourage you to review those policies before sharing personal data. We are not responsible for their processing when they act as separate controllers.
13. Changes to this notice
We review this notice at least annually and whenever we introduce new processing activities. If we make material changes, we will notify you through the Platform or by email and seek consent again where required by law.
14. Contact
Questions, requests, or complaints about this notice or our handling of personal data can be sent to [email protected]. You may also write to our postal address above or call the number provided in your service agreement.