This policy will let you know what data we collect, how we use it, and how we keep it safe. It will also let you know the rights that you have over your data.
vLex Justis complies with all applicable data protection legislation, including the EC Data Protection Directive 95/46/EC, the United Kingdom Data Protection Act 2018 and the EU Regulation 2016/679 (General Data Protection Regulation).
vLex Justis acts as the “data controller” of your data unless otherwise specified by a Data Processing Agreement between your organisation and vLex Justis. This means we determine how and why your data are processed. We are registered as a data controller with the Information Commissioner’s Office in the UK under number Z9817558.
We collect data in one of two ways: You provide data to us, or we collect data automatically.
You provide data when:
We collect data automatically when:
This can include your name, business name & address, job title, telephone number and email address.
This can include your credit card details, which we will keep on file if you pay in instalments, and any remittance advice from you. We are obliged to hold this for auditing purposes.
Data that identifies you
This can include your IP address, login information, geolocation information, browser type, operating system and version.
Data on how you use vLex Justis services
This can include the content you access and features you use on our services, the pages you visit on our website, page response times, and how long you stay on our pages.
We only use your data where a contract exists, we have a legitimate interest in doing so, or you have given us consent. These uses include:
Access to our services
Your data may be used for associating login details with specific users and organisations, remembering your settings, and processing payments.
Improving vLex Justis
Your data may be used for tracking the use of our products, completing feedback surveys, and mapping our website traffic.
Your data may be used for resolving issues via phone and email.
Your data may be used to send emails about new features, content, events, and promotional offers.
You can exercise any of these rights by contacting us at email@example.com:
The right to access the information we hold about you
This includes the right to ask us about the type of data we process, why we’re processing your data, the categories of third parties whom your data may be disclosed, how long your data will be stored, and the other rights you have regarding our use of your data.
The right to ask that we correct the personal data we hold on you
If we hold incorrect information about you, you can ask us to update it to ensure it is accurate.
The right to ask that we delete the personal data we hold on you
You can ask us to erase any personal data we hold about you, and we will accept your request if doing this will not conflict with your use of our products.
The right to restrict automated decision making
We may use your data to determine which information might be relevant to you – for example, sending emails with invitations to events based on your location or job title. You can ask us not to do this.
The right to lodge a complaint about how we use your data
If you have any complaints about how we use your data, please let us know first so we have a chance to address your concerns. If we fail to do that, you can address any complaint to the Information Commissioner’s Office in the UK.
The choice to turn off cookies in your browser
You can restrict the cookies you receive in your browser, and you can delete cookies through your browser settings. If you turn off cookies you can continue to view our website. However, we require you to accept cookies to enable you to log on to our online services.
The choice not to use your data for marketing
You can choose not to receive our marketing emails. To do this, you can either unsubscribe using the link in any marketing email we send to you or let us know by emailing firstname.lastname@example.org.
All data collected is stored on our secure servers and is protected by a range of security measures, including firewalls, DDoS protection, and encryption of both personal data and passwords. Data is also protected by regularly updated antivirus, malware, and ransomware protection tools. Any data shared with a third party processor is done so securely, especially where they are outside of the European Economic Area (‘EEA’).
All staff members have received training on their data protection responsibilities. In the event of a data breach, we have internal processes in place to determine the severity of any breach. If your data is affected we will notify you, and if a breach is deemed serious enough we will inform the Information Commissioners Office in the UK.
The personal data we collect is processed in our office in London, other vLex offices, and in any data processing facilities operated by third parties which satisfy data protection requirements, especially where they are outside of the European Economic Area (‘EEA’).
Your data is shared with third parties only when necessary, and for tasks that we can’t carry out ourselves. We ensure that any third party we deal with will take the security of your data as seriously as we do, and we will only engage with third parties that are GDPR compliant and that satisfy GDPR data protection and transfer laws where they are outside of the EEA.
We may share your personal data with third parties for the following purposes:
We will store your data for a period of up to 10 years, or longer if you are a customer, subject to regular review or any agreement we have with you in a separate contract. As detailed above, you have the right to ask us to delete the personal data we hold on you at any time.
Managing authentication sessions for our services. These cookies contain personally identifiable information and are necessary for the use of our products.
Cloudflare: We use Cloudflare for DDoS protection and security, and they use a cookie to identify users behind a shared IP address. This cookie does not correspond to any data we hold on you and does not store any personally identifiable information.
Google Analytics: We use Google Analytics to gather aggregated data about traffic to our website.
The above information will also apply to you. In addition, we will keep a record of your bank details for the purpose of paying for the service you provide to us.