Version
This Privacy Policy is current from 7 November 2023 and applies to Perfect Portal Lite © Perfect Portal (UK) Ltd.
Introduction
This Privacy Policy applies to Perfect Portal Lite application available via the LEAP Marketplace. If You upgrade to additional Perfect Portal services, then a different privacy policy shall apply.
Definitions
In this Privacy Policy, the following words shall have the following meanings:
“Data Controller”, “Data Processor”, “processing”, and “data subject” shall have the meanings given to the terms “controller” “processor”, “processing” and “data subject” respectively in Article 4 of the GDPR.
“Data Protection Laws” means any law, enactment, regulation or order concerning the processing of data relating to living persons in the UK including GDPR and Data Protection Act 2018;
“Jurisdiction” means:
United Kingdom, where You are using Perfect Portal Lite provided by Perfect Portal (UK) Ltd
Australia, where You are using Perfect Portal Lite provided by Perfect Portal (Australia) Pty Ltd
US, where You are using Perfect Portal Lite provided by Perfect Portal (US) Ltd
“LEAP” means LEAP Legal Software Pty Limited and its global subsidiaries and affiliates including LEAP Legal Software Limited and LEAP Legal Software Inc that provide legal practice management software and the LEAP Marketplace.
“LEAP Marketplace” means the platform operated by LEAP for additional applications to the practice management software offered by LEAP;
“GDPR” means the UK General Data Protection Regulation;
“Personal Data” means all such “personal data”, as defined in Article 4 of the GDPR, as is, or is to be, processed by the Data Processor on behalf of the Data Controller.
“PP Lite Services” means the plug-in service offered by Perfect Portal via the LEAP Marketplace for existing and new law firms to better manage their leads via an in-take form.
“You” means the user of Perfect Portal Lite.
Who We Are
In this Privacy Policy “Perfect Portal” means
• Perfect Portal (UK) Limited;
• Perfect Portal (Australia) Pty Ltd;
• Perfect Portal (US); and
• any of the parents, subsidiaries, affiliates or related bodies corporate of the above entities (collectively, “we”, “us”, “our”)
Where you access the PP Lite Services, the controller of your Personal Data will be You in the region You are based. Perfect Portal processes your Personal Data as a Data Processor in the region that You are based.
All Personal Data will be retained by Perfect Portal in the region that You are based.
This Privacy Policy
This Privacy Policy explains how we collect, use, maintain and disclose Personal Data collected when you use our PP Lite Services.
This Privacy Policy also describes your choices regarding use, access, deletion, and correction of your Personal Data. By using our PP Lite Services, you acknowledge and agree to the processing of your Personal Data as set out in this Privacy Policy. If you do not agree to this Privacy Policy, you should not use the PP Lite Services.
Contact Us
If you have questions about this Privacy Policy, or how we collect, use, or otherwise process your Personal Data, including the transfer or onward transfer of your Personal Data outside your jurisdiction of residence, please contact us at:
Privacy Officer for Perfect Portal:
For each region in Australia, UK or US:
Email address: DPO@perfectportal.co.uk
Telephone number: 01704 827 447
Postal address: 137 Fylde Road, Southport, PR9 9XP
Information We Collect, How We Use It, and the Legal Basis We Rely on to Use It
When You use or access our PP Lite Services or otherwise interact with us, we may collect a variety of information about You that contains information that identifies You or may be combined with other information to identify You or information You are adding to the PP Lite Services.
1. Collecting Personal Data about the law firm on account creation
Where permitted by applicable law and our obligations in contracts with our clients, we may aggregate Your non-personally identifiable data and use this data to analyse or improve our PP Lite Services.
When we act as a Data Processor on behalf of our clients, we will process Personal Data in compliance with the instructions of the client, who acts as Data Controller of such Personal Data.
How Does Perfect Portal Protect Personal Data?
Perfect Portal complies with the Data Protection Laws in the UK and applicable privacy laws in the US and Australia as set out below.
Perfect Portal employs a variety of physical and technical measures to keep personal data safe to prevent unauthorised access to, use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training, and we have a set of detailed data protection policies and procedures which personnel are required to follow when handling Personal Data.
We store Personal Data in computer storage facilities, paper-based files and other records. We take steps to protect the Personal Data against loss, unauthorised access, use modification or disclosure, and against other misuse. These steps include password protection and access privileges for accessing our IT system, encryption of data stored and physical access restrictions to paper files. Some of these services, such as hosting our computer file servers, are provided by third parties in the UK and we endeavour to ensure that they also have adequate privacy safeguards in place through the use of contractual measures to protect Personal Data.
For more information about the technical and organisational measures we take to protect the information we process, please see our Security Policy https://www.perfectportal.co.uk/data-security-policy.
Because transmission of information over the internet is often insecure, we do not accept responsibility for the security of information You send to or receive from us over the internet, or for any unauthorised access or use of that information by others over the internet.
Perfect Portal shall ensure that all personnel who access and/or process any of the Personal Data are contractually obliged to keep Personal Data confidential.
Changes to This Policy
We may update this Privacy Policy from time to time for reasons such as operational or regulatory changes. If we make any changes, we will notify You by posting the revised Privacy Policy on this page, revising the “Version” at the top of this Privacy Policy and, in some cases, we may provide You with additional notice such as within our PP Lite Services or by sending an email. We encourage You to review our Privacy Policy regularly for any changes.
Cookies
We use cookies and/or other tracking technologies to distinguish You from other users and to remember Your preferences. This helps us to provide You with a good experience when you use PP Lite Services also allows us to improve our services. For detailed information on the cookies we use, the purposes for which we use them and how You can exercise Your choices regarding our use of Your cookies, see our cookie policy on Perfect Portal website.
Marketing
We may wish to send You details regarding:
• new services and products offered by us;
• details of meetings, events and seminars that may be of interest to Perfect Portal customers and clients;
• our newsletters and other marketing
We may contact You inviting You to opt-in to receive this information. This means that You will be given the choice as to whether You want to receive these messages and will be able to select how You want to receive them (email, telephone, or post). You may opt-out of receiving direct marketing or the disclosure of Your personal information for the purpose of direct marketing by:
• contacting our Data Privacy Officer at DPO@perfectportal.co.uk;
• by using any unsubscribe facility contained in email communications that You receive from us;
• writing to us at Perfect Portal, 137 Fylde Road, Southport PR9 9XP.
The information we hold is never used for marketing purposes and is never marketed, rented or sold to any third parties.
Who We Share With?
Where permitted by applicable law, we share Your Personal Data with third parties who help to deliver the PP Lite Services. These third parties may include:
Our professional advisors, such as our auditors, accountants, and lawyers.
Third-party service providers who perform services on our behalf in connection with our PP Lite Services. The services provided by such third parties include:
o billing and processing payments;
o marketing communications providers;
o maintenance and support of the PP Lite Services;
o security of the PP Lite Services;
o improvement of the PP Lite Services; and
o analytics and reports on the PP Lite Services.
o Any other third party where You have provided Your consent.
o Other third parties in connection with corporate activities such as a mergers or acquisitions or refinancings.
We may disclose Personal Data to regulatory authorities and other third parties to comply with a regulatory or legal obligation, to enforce our rights, or where we have a good faith belief that it is necessary for the protection of a legitimate or vital interest such as the safety of a person or property, to the extent permitted by applicable law.
International Transfers
There are no international transfers of Intake Form Data within Perfect Portal. All Intake Form Data is maintained within Perfect Portal’s systems in the Jurisdiction in which it is collected.
Data Retention
When You cease engaging with us or using the PP Lite Services, we will store Your Personal Data in identifiable form for the period permitted by applicable laws while we have a legitimate purpose for doing so. After that period all Personal Data is deleted.
Your Legal Rights
You may have rights under data protection laws in relation to the Personal Data we hold about You, depending on which laws are applicable to Your Jurisdiction (e.g. in the UK under the Data Protection Laws) such as:
Access: the right to request information regarding our processing of Your Personal Data and access to the Personal Data which we hold about You.
Correction: the right to request that we correct the Personal Data we hold about You if it is inaccurate or incomplete.
Erasure: the right to request the deletion of Your Personal Data in certain circumstances.
Restriction: the right to object to, and requesting that we restrict, our processing of Your Personal Data in certain circumstances.
Transfer: the right to request transfer of Your Personal Data directly to a third party where this is technically feasible.
You can exercise any of these rights at any time – please contact us via the details outlined in “Contact Us” above.
For us to facilitate Your data subject request, please ensure that Your data subject request specifies the type of data subject right You wish to exercise in the subject line of Your data subject request. Your data subject request must contain all relevant information we need to investigate Your data subject request. We may require additional information from You to verify Your identity or understand Your data subject request before providing additional information or actioning Your data subject request.
We will exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law in your Jurisdiction and in accordance with the timeframes (if any) in that applicable law.
Additional Information and applicable law in relation to Australia and New Zealand
Under the Australian Privacy Principles (made under the Privacy Act 1988 (Cth)), You have specific rights in relation to the Personal Data we hold about You, including:
Access: the right to request information regarding our processing of Your Personal Data and access to the Personal Data which we hold about You.
Correction: the right to request that we correct the Personal Data we hold about You if it is inaccurate or incomplete.
We will respond to any such request for access as soon as reasonably practicable.
Where access is to be given, we will provide you with a copy or details of your personal information in the manner requested by you where it is reasonable and practicable to do so. We will not charge you a fee for making a request to access your personal information. However, we may charge you a reasonable fee for giving you access to your personal information. In some cases, we may refuse to give you access to the information you have requested or only give you access to certain information. If we do this, we will provide you with a written statement setting out our reasons for refusal, except where it would be unreasonable to do so.We will take such steps (if any) as are reasonable in the circumstances to make sure that the personal information we collect, use or disclose is accurate, complete, up to date and relevant. If you believe the personal information we hold about you is inaccurate, irrelevant, out of date or incomplete, you can ask us to update or correct it. If we refuse your request to correct your personal information, we will let you know why. You also have the right to request that a statement be associated with your personal information that says you believe it is inaccurate, incomplete, irrelevant, misleading or out of date.
You can exercise any of these rights at any time – please contact us via the details outlined in “Contact Us” above.
Additional Information in relation to US
Additional Information Specific to California Residents
The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act 2020 (CPRA) provide California residents with specific rights regarding their personal information in certain circumstances, referred to in this section as California Privacy Rights.
1. Disclosure Requests: related to our information collection and sharing of personal information or to Your specific personal information collected in the previous 12 months;
2. Do Not Sell or Share Requests: request that we not sell or share personal information about You in accordance with the regulations; and
3. Deletion Requests: request that we delete (and direct our service providers to delete) Your personal information subject to certain exceptions.
Information collected, sources, and business purpose for collecting information is disclosed above in the "Information we collect, how we use it, and the legal basis we rely on to do so" section.
Exercising Your California Privacy rights.
To make a Disclosure Request or a Deletion Request as a California resident, please email info@perfectportal.co.uk with the subject “California Resident – CCPA Request”
Once You make a Do Not Sell or Share Request, we will wait at least twelve (12)months before asking You to reauthorize personal information sale or sharing.
We will not discriminate against You as a result of Your exercise of any of these rights.
Nevada and Virginia Residents
Nevada Residents
We may transfer personal information for monetary consideration. If You would like to exercise Your opt-out right, please email us info@perfectportal.co.uk with Your name and the email address associated with Your use of the PP Lite Services with “Nevada do not sell” in the subject line.
Virginia Residents
To exercise Your Virginia Consumer Data Protection Act (VCDPA) rights, please email us at info@perfectportal.co.uk with Your name and the email address associated with Your usage of the PP Lite Services with “VCDPA Request” in the subject line.
Additional Information and applicable law in relation to Canada
We may collect, use, or disclose your personal information without your knowledge and consent, as permitted by certain exceptions under Canadian Privacy Laws. We may rely on the following exceptions:
1) collection or use for the purpose of a business activity (e.g. an activity that is necessary: (a) to provide a Perfect Portal product or service that you have requested from us; or (b) for our information, system or network security); and (i) a reasonable person would expect the collection or use for such an activity; and (ii) the personal information is not collected or used for the purpose of influencing the individual’s behaviour or decisions;
2) collection or use for the purpose of an activity in which Perfect Portal has a legitimate interest that outweighs any potential adverse effect on the individual resulting from that collection or use, and (i) a reasonable person would expect the collection or use for such an activity; and (ii) the personal information is not collected or used for the purpose of influencing the individual’s behaviour or decisions;
3) transfer to service providers;
4) use to de-identify personal information;
5) use for internal research, analysis, and development purposes (using de-identified information); use or disclosure in a prospective business transactions and completed business transactions (subject to certain conditions);
6) disclosure to an other organization for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed;
7) disclosure to an other organization related to a breach of security safeguards and the disclosure is solely for the purpose of reducing the risk of harm to the individual that could result from the breach or mitigating that harm;
8) collection, use, and disclosure of personal information that appears in a registry collected under a statutory authority and to which a right of public access is authorized by law, where the collection, use and disclosure of the personal information relate directly to the purpose for which the information appears in the registry;
9) collection, use, and disclosure of personal information that appears in a record or document of a judicial or quasi-judicial body, that is available to the public, where the collection, use and disclosure of the personal information relate directly to the purpose for which the information appears in the record or document;
10) collection, use, and disclosure where required by law; and
11) disclosure to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of procedure relating to the production of records.
We will retain the following categories of sensitive information for the following periods:
• Payment information: 7 years.
You have a right to request:
• whether we have any personal information about you,
• how we use the information,
• whether we have disclosed the information,
• an explanation of any prediction, recommendation or decision we made about you using an automated decision system that could have a significant impact on you, and
• access to your personal information which we hold about you.
You can make such a request by contacting the Data Protection Officer using the contact details set out in this policy.