LEXICAL LABSPrivacy policy

This privacy policy (“Policy”) will inform you as to how Lexical Labs collects, uses and looks after your personal data when you use our website (regardless of where you use it from), including any data you may provide, visit or use any of our other sites, products, or services that link to this Policy.

If you or your organisation has a contract with us, that contract may have privacy terms that also apply to the information you provide to us under that contract.  Please review the terms in that contract as they may be different or more restrictive than the terms in this Policy.

Lexical Labs is made up Tiro Law Ltd (trading as Lexical Labs), and Lexical Consulting Ltd. This privacy policy is issued on behalf of the Lexical Labs Group - when we mention “Lexical Labs”, "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Lexical Labs Group responsible for processing your data.

Changes to this policy

We keep this Policy under regular review and may amend it to reflect changes in law, our services, our data collection use and practices, or advances in technology. Use of information we collect is subject to the version in effect at the time of use. Depending on the type of change, we may notify you by posting on this page or by email. Please carefully review any changes made to this Policy. This version was last updated on 18 December 2020.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

The data we collect about you

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).To provide and improve our services and to support marketing, we collect information about visitors to our sites. We may collect, use, store and transfer different kinds of personal data groups:

Identity Data: name, company and position, username or similar identifier

Contact Data: email address and telephone numbers, company and position

Technical Data: IP address, date, time, location, and duration of your visit, browser type and version, browser versions, operating system and platform, and other technology on the devices you use to access this website.

Profile Data: any feedback and survey responses.  

Usage Data: information about how you use our website, products and services.

We do not collect any Special Categories of Personal Data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. This website is not intended for children and we do not knowingly collect data relating to children.

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. We collect certain information directly from you, such as when give us your Identity, and Contact Data by filling in forms with a name or email address, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you request us to contact you or book a demo through our website, give us feedback, or contact us.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data usually about devices, browsers, browsing actions and patterns, or sometimes locations (without you typing it into a form). We collect this personal data by using cookies, server logs and other similar technologies. Data may include:

Device data such as:IP addressUnique device identifiers and device attributes (operating system and browser type).

Usage data, such as:web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, time spent on particular pages, the date, time and frequency of use, error logs, and other similar information

Cookies, Server Logs and Related TechnologiesWe may use cookies, which are text files containing small amounts of information that are downloaded on your device, or local shared objects and tracking pixels to store or collect information, including your preferences.

Third parties or publicly available sources.

We may receive personal data about you from various third parties. We use services like Google Analytics and Hubspot. They use Cookies to gather usage data and help us learn how people use our Software, such as the pages they visit and for how long and the website or page they were on before coming to this website.

How we use your personal data?

In general, we collect, use and store or process your information to provide our services, to fix and improve our services, develop new services, and to market our products and services.We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override those interests, and only where the law allows. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person.If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in the final paragraph of this Policy.

Purposes for which we will use your personal data

Examples of how we use the information we process are set out below.


Type of data

Lawful basis for processing including basis of legitimate interest

Provide you with the services and products you request, for example delivering services to you under an engagement letter or other contract

(a) Identity

(b) Contact

Performance of a contract with you

Use information to create and manage an account

(a) Identity

(b) Contact

Create and review data about our users and how they use our services

Test changes in our Software and develop new features and products

To respond to communications from you, including consent to receive certain communications, such as responding to your communications to us

(a) Identity

(b) Contact

Performance of a contract with you

On the basis on consent you provide us to receive certain communications

Answering or responding to support questions

To manage our relationship with you, including:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur

Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you

(a) Identity

(b) Contact

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

Prevent, investigate and respond to: fraud, unauthorised access to or use of our  databases or software products, breaches of terms and policies, or other wrongful behaviour

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Opting out

Where your consent to process personal data has been provided, you have the right to withdraw consent at any time and can do so by contacting us using the contact details provided in the final paragraph of this Policy. You can ask us to stop communicating with you by contacting us at any time.

Disclosures of your personal data

We will not rent, sell or share your personal data with others, except as set out in the Policy. We may disclose information to the following parties:

  1. Internal Third Parties:
    (a) Other group entities performing services for you;
    (b) Contractors acting as sub-processors and who are based [SPECIFIC COUNTRIES] and provide [IT and system administration services].
  2. External third parties
    (a) Service providers – we may disclose your personal data to third-party service providers such as IT providers - we use to support our Software. These companies provide services like online web chat, search technology, advertising and authentication systems. Our service providers are bound by confidentiality undertakings with us to protect your data.
    (b) Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers based in [SPECIFIC COUNTRIES] who provide [consultancy, banking, legal, insurance and accounting services].
    (b) HM Revenue & Customs, regulators and other authorities [acting as processors or joint controllers] based [in the United Kingdom] [who require reporting of processing activities in certain circumstances].
  3. Legal reasons: we may use or disclose your personal data as we deem necessary or appropriate under applicable laws, to respond to regulators or court orders, as part of legal proceedings or to protect our employees, you or others. We may share your information to follow applicable law, or to respond to legal process.
  4. Safety, security, and compliance. We also may share your information when there are violations of this Policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
  5. Corporate activities: we may disclose your personal data to a third party in connection with a reorganisation of the group, merger, joint venture, sale or other corporate change. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We share your personal data within the Lexical Labs Group, including our contractors. This could involve transferring your data outside the European Economic Area (EEA) where this is necessary for performing services to you.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.  
  2. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

We have put in place technical and organisation security measures to protect your personal data. We implement these measures based on the sensitivity of the information and the current state of technology. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will you use my personal data for?

We do not collect more personal data than we need for the purposes stated. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, in accordance with our retention policies, and in accordance with applicable law.We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Where there are technical limitations that prevent deletion or anonymisation, we safeguard personal data and limit active use of it.To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your choices

This paragraph describes many of the actions you can take to change or limit the collection or use of your information.

Cookies and Other Related Technology. You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our website or services.

Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.

Your legal rights

The terms “Personal Data,” “Process/Processing,” “Controller,” “Processor,” “Sub-processor,” and “Data Subject” will have the meanings ascribed to them in the Data Protection Act 1998 and the General Data Protection Regulation (2016/679), as amended or replaced from time to time, and any applicable laws implementing it.

  1. By using our website you:acknowledge that your information will be processed as described in this Policy; andconsent to having your information transferred to certain Sub-processors outside the EEA in accordance with this Policy.
  2. Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can request the following information from us at any time:how we collect and use your information and why;the categories of personal data involved;the categories of recipients of your personal data;how we received your personal data; andhow long we use or store your personal data or the manner in which we determine relevant retention periods.
  3. Corrections. You have a right to correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide.
  4. Withdraw consent. Where we rely on your consent to process your personal data, you have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. At any time, you can request that we stop using your information for direct marketing purposes.
  5. Request erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  6. Object to processing. Where we are relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, you have the right to object. You also have the right to object where we are processing your personal data for direct marketing purposes.
  7. Provide Guidance. You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death.
  8. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:If you want us to establish the data's accuracy.Where our use of the data is unlawful but you do not want us to erase it.Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  9. Complaints. You have a right to raise questions or complaints with your local data protection authority at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We are committed to resolving valid complaints about your privacy and our collection or use of your personal data. For questions or complaints regarding our data use practices or Policy, including requests to exercise your legal rights, please contact us at info@lexicallabs.com.