Privacy Policy

Effective date: 17 May, 2023

Privacy Policy

(Please Update)

Notion has updated its Privacy Policy effective January 1, 2023. To view the previous version of Notion's Privacy Policy, click the link below 👇

Privacy Policy (Deprecated February 22, 2023)

Notion’s Privacy Policy describes how Notion collects, uses, and discloses your information.

This Privacy Policy also explains your choices surrounding how we use your personal information, which include how you can object to certain uses of the information and how you can access and update certain information.

Here are some important definitions to help you understand our terms and this Privacy Policy:

Notion Labs, Inc., and our relevant affiliates are referred to as “Notion,” “we,” “us,” and “our.”

Our public websites, including www.notion.so, are referred to as the “Website.”

Our online software-as-service platform including any related APIs provided by Notion, together with all related mobile and desktop applications (including Cron applications) are collectively referred to as the “Services.”

Content submitted, posted or modified by users in the Service is organized into separated sections that are referred to as “Workspaces.”

1. Information we collect

We collect information when you provide it to us, when you use our Website or Services, and when other sources provide it to us, as further described below.

A. Information You Provide to Us

Account Creation: When you create an account or otherwise use the Services, we collect information such as your name, email address, password, role within your team or enterprise, and an optional profile photo.

Your Communications with Us: We collect information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.

Payment Information: When you purchase a subscription to the Services, you will need to provide payment information (e.g., financial account details, shipping information) to process your subscription. We use third-party payment providers to process payments on the Services. We may receive information associated with your payment information, such as billing address and transaction information, but we do not directly store payment information on the Services. Payment information is stored and processed by our payment providers on our behalf.

Surveys: We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include contact information and other information about you.

Interactive Features: We may offer interactive features such as forums, blogs, chat and messaging services, and social media pages. We and others who use our Website or Services may collect the information you submit or make available through these interactive features. Any content you provide via the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the information provided by you may be viewed and used by third parties for their own purposes.

Registration for Sweepstakes or Contests: We may run sweepstakes and contests. Contact information you provide may be used to inform you about the sweepstakes or contest and for other promotional, marketing and business purposes.

Conferences, Trade Shows, and Other Events: We may attend conferences, trade shows, and other events where we collect contact information from individuals who interact with or express an interest in the Services.

Job Applications. We may post job openings and opportunities on the Website or Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.

B. Information Collected Automatically

Automatic Data Collection: We keep track of certain information about you when you visit and interact with our Website or Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information (including inferred general location based off of your IP address), Internet service provider, pages that you visit before, during and after using the Website or Services, information about the links you click, information about how you interact with the Website or Services, including the frequency and duration of your activities, and other information about how you use the Website or Services. Information we collect may be associated with accounts and other devices.

Cookies, Pixel Tags/Web Beacons, and Analytics Information: We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Website or Services. Technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.  For more information regarding these Technologies, please see our Cookie Notice.

Analytics: We may also use third-party service providers to collect and process analytics and other information on our Website or Services. These third-party service providers may use Technologies to collect and store analytics and other information. They have their own privacy policies addressing how they use the analytics and other information and we do not have access to, nor control over, third parties’ use of cookies or other tracking technologies.  For more information regarding third-party cookies, please see our Cookie Notice.

Advertising: In using the Website or Services, we may allow select third party advertising technology partners to place Technologies on the browser of your device to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers) may use this information to serve relevant content and advertising to you as you browse the Internet, and access their own Technologies on your browser to assist in this activity. If you are interested in more information about these online advertising activities, and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative's Consumer Opt-Out link, the Digital Advertising Alliance's Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. You can also opt out of certain online advertising activities by following the instructions in the "Your Choices" and "Your Privacy Rights" sections below. Please note that if you use these mechanisms, you may still see advertising on our Website or Services or across the Internet, but it will not be tailored to you based on your online behavior over time.

C. Information from Other Sources

We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Website or Services through a third-party application, such as a social networking site or a third-party login service, we may collect information about you from that third party that you have made available via your privacy settings. In addition, if you register a Notion account or associate a Notion account with an email address provisioned by your organization, we may obtain information from third party data enrichment providers to help us to better tailor business-to-business marketing and sales outreach to you.

Should you choose to use the Google Contacts feature within our Services, we will have the ability to view your contacts via the Google People API. The sole use of this data is to populate the auto-completion of your contacts when sending invitation emails. Notion will not use this data for any other purpose.

The Cron Services require you to authorize access to your calendar and events data held in your third party calendar service. Such third party calendar service is a Non-Notion Service as that term is defined in the Agreement. Should you choose to authorize an integration with your calendar provider, we will store your userID for that calendar provider and the authorization token to connect to the calendar provider’s API to give you the ability to use the Cron Services to store, view and edit data from your calendars, and autocomplete contacts when you create events.

You may also choose to integrate the Cron Services with your third party conferencing provider. Such conferencing provider is a Non-Notion Service as that term is defined in the Agreement. Should you choose to authorize an integration with your conference provider, you will have the ability to add conferencing meetings to your calendar events, and to view and store any information associated with conferencing meeting invitations in the Cron Services.

2. How we use your information

We use your information for a variety of business purposes, including to:

Provide the Services or Requested Information, such as:

  • Fulfilling our contract with you;
  • Identifying and communicating with you, including providing newsletters and marketing materials;
  • Managing your information;
  • Processing your payments (which are processed and stored by our third-party payment processors on our behalf) and otherwise servicing your purchase orders;
  • Responding to questions, comments, and other requests;
  • Providing access to certain areas, functionalities, and features of our Services; and
  • Answering requests for customer or technical support.

Serve Administrative and Communication Purposes, such as:

  • Pursuing legitimate interests, such as research and development (including marketing research), network and information security, and fraud prevention;
  • Sending communications about new product features, promotions, Notion's strategic partners, and other news about Notion;
  • Measuring interest and engagement in our Services, including analyzing your usage of the Services;
  • Developing new products and services and improving the Services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Carrying out audits;
  • Communicating with you about your account, activities on our Services and Privacy Policy changes;
  • Preventing and prosecuting potentially prohibited or illegal activities;
  • Enforcing our agreements; and
  • Complying with our legal obligations

Facilitating Collaboration in a Workspace: If you join a Workspace owned by another user or organization, or collaborate with other users on Notion, Notion may share basic information about you such as your name, email address, profile picture, Workspace name and Workspace ID with the other users or organizations.

Managing Workspaces for Organizations: If you register a Notion account or associate a Notion account with an email address provisioned by your organization, Notion may share information about you and any Workspaces owned or managed by you with your organization.  Such information could include your name, email address, and profile picture, as well as the Workspace name, Workspace ID, membership size, creation date of your Workspace, email address, and content within your Workspace with your organization. If you registered to use Notion’s Services with such an email address, but you do not use the Services in connection with your organization and you do not wish for this information to be shared with your organization, you may transfer your account to a different email address. For information on how to change the email address associated with your Notion account please follow the instructions here: https://www.notion.so/help/account-settings. If you would like additional assistance, please contact team@makenotion.com.

Marketing of Products and Services: In accordance with applicable legal requirements, we may use your information to tailor and provide you with content and advertisements. If you have any questions about our marketing practices or if you would like to opt out of the use of your information for marketing purposes, you may contact us as set forth below.

Consent: We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

De-identified and Aggregated Information Use: We may use de-identified and/or aggregated information that can no longer be reasonably linked to you or your device from the information we collect. De-identified and/or aggregated information is not subject to this Privacy Policy, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

Process Information on Behalf of Our Customers: Our customers may choose to use our Services to process certain data of their own, which may contain information from or about you. Such personal information that is processed by us on behalf of our customers, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

If you have any questions or concerns about how such information is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this information. Our customers control the information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them.

Subprocessors: For more information regarding our Subprocessors, please see our Subprocessor Page.

How We Use Automatic Collection Technologies: Our uses of Technologies fall into the following general categories:

  • Operationally Necessary;
  • Performance Related;
  • Functionality Related; and
  • Marketing Related.

For more information, please see our Cookie Notice.

Cross-Device Tracking: Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop. To do this our technology partners may share data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.

3. Disclosing your information

We may disclose your information to the following categories of third parties:

Service Providers: We may disclose information we collect about you to our third-party service providers. The categories of service providers to whom we entrust your information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested, including Non-Notion Services as that term is defined in the Agreement; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; (vi) the provision of IT and related services; and (vii) fraud prevention and user authentication.

Business Partners: At your request, we may provide information to business partners to provide you with a product or service of interest to you. We may also provide information to business partners with whom we jointly offer products or services.

Affiliates: We may disclose information to our affiliated entities, who are under common ownership and/or control with us.

Advertising Partners: We do not disclose or use your information to advertise any third party’s products or services via the Services. However, as explained in detail in the “Information Collected Automatically” section above, we may disclose your information to third-party advertising partners to market our own Services and grow our Services’ user base, such as to provide targeted marketing about our own Services via third-party services. I Please see the “Your Choices” and “Your Rights” sections below for more information and to opt out.

We may disclose your information to other third parties, including other users, in the following circumstances:

Workspaces Accessible by Other Users: When you submit information in a workspace that can be accessed by others, such information may be displayed to other users in the same or connected workspaces. For example, your information may be included in your notes or reminders in a workspace which can be viewed by other users collaborating with you in that workspace. Further, your email address or photo may be displayed with your workspace profile to other users collaborating with you in that workspace.

Organizational Workspaces: We allow organizations  to access the profile information of users within their workspace, including to allow such organization to validate that such user  is actually authorized by such organization to use the Services.

Share Content with Friends or Colleagues: Our Services may allow you to provide information about your friends, and may allow you to forward or share certain content with a friend or colleague, such as an invitation email. You agree to only provide information about a friend or colleague with their consent.

Disclosures to Protect Us or Others: We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfer: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of some or all assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

4. International Data Transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. When we engage in such transfers, we endeavor to safeguard your information consistent with the requirements of applicable laws.

5. Your Choices

General: You may have the right to object to or opt out of certain uses of your information. Where you have consented to the processing of your information for a specific purpose, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use your information for other purposes that were not based on your consent.

Email Communications: If you receive an email from us and do not want to receive future emails from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).

Mobile Devices: We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. With your consent, we may also collect precise location information if you use our Apps. You may opt out of this collection by changing the settings on your mobile device.

“Do Not Track”: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications that you do not wish such operators to track certain of your online activities over time and/or across different websites. Like most online services, we do not currently respond to Do Not Track signals. However, as discussed below in the “Your Privacy Rights” section, we do honor legally-recognized browser-based mechanisms (such as the Global Privacy Control designed to signal your opt out choices under certain state laws).

Cookies: You may stop or restrict the placement of Technologies on your device. Notion provides settings for you to update your preferences in our Services. These settings can be found in the footer of our website. If you have a Notion account and are logged in to the Services, you can access your Cookie settings in the “Settings & Members” menu under the “My notifications & settings” section. For more information, please see our Cookie Notice.

6. Your Privacy Rights

Depending upon your location and in accordance with applicable laws, you may have the right to:

  • Access information about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic information transferred to another party.
  • Request Correction of your information where it is inaccurate or incomplete.
  • Request Deletion of your information, subject to certain exceptions prescribed by law.
  • Request Restriction or Object to Processing of your information.
  • Not be Discriminated Against by us for exercising your privacy rights.

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws, and in some circumstances may need to deny your request in whole or in party (e.g., if we have a legal obligation to maintain your information for a certain purpose). To protect your privacy, we will take steps to verify your identity before fulfilling your request, such as by requiring you to submit your request via your account. You have the right to submit a request through an authorized agent, but we will require the agent to provide us with your written permission, and we may need to confirm your identity before processing the agent’s request.

Depending on your location of residence, you may have the right to appeal our response to your request. In such circumstances, we will inform you of the right to appeal and the appeal process.

Request restriction on selling or sharing of "personal information":  As explained in the "Information Automatically Collected" section above, we provide information about your device and online browsing activities to third-party advertising providers for targeted advertising and related purposes, so that we can provide you with more relevant and tailored ads regarding our Services. The disclosure of your information to these third parties to assist us in providing these services may be considered a “sale” of personal information under applicable law or the processing/sharing of personal information for targeted advertising purposes.

If you would like to opt out of our online disclosure such as through cookie and pixel technology of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” for purposes of targeted advertising, please click on the "Do Not Sell or Share My Info" link on the bottom of our website footer at www.notion.so/product. You can also submit a request to opt out of our disclosures of information that are subject to applicable opt out rights by emailing us at privacy@makenotion.com.

Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, (e.g., global privacy control) we recognize such preference in accordance with applicable law.

7. Data Retention

We store the information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

8. Security of your Information

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using the Services or providing information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.

9. Third-Party Websites/Applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

10. Children's Information

Our Services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible.

11. Supervisory Authority

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your information violates applicable law.

12. Additional Information for California Residents

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information. Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.  Our use of third-party online advertising services, which are described in detail above, may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” or "sharing" under the CCPA.

For information about our purposes of use of personal information, see the "Information we collect" section above.

For purposes of the CCPA, we have collected the following categories of consumers’ personal information, and disclosed the personal information to the following categories of third parties for a business purpose, in the last 12 months:

Your Choices Regarding “Sharing” and “Selling”: You have the right to opt out of our sale/sharing of your personal information for purposes of online analytics and advertising by clicking on the "Do Not Sell or Share My Info" link on our website footer.  To opt out of the offline disclosure of your information to third parties for these purposes, please email us at privacy@makenotion.com.

Other CCPA Rights: If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives.

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes.  Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.

Please see the “Your Rights” section of our Policy above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.

Retention of Your Personal Information. Please see the “Data Retention” section above.

Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we disclose certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We currently do not disclose your personal information to third parties for their own direct marketing purposes.

13. Changes to Our Privacy Policy

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

Contact us:

If you have any questions about our privacy practices or this Privacy Policy, please contact us at:

Notion Labs, Inc.2300 Harrison StreetSan Francisco, CA 94110United Statesprivacy@makenotion.com

‍

‍This privacy policy (“Policy”) will inform you as to how Lexical Labs collects, uses and looks after your personal data when you use our website (regardless of where you use it from), including any data you may provide, visit or use any of our other sites, products, or services that link to this Policy.

If you or your organisation has a contract with us, that contract may have privacy terms that also apply to the information you provide to us under that contract.  Please review the terms in that contract as they may be different or more restrictive than the terms in this Policy.

Lexical Labs is made up Tiro Law Ltd (trading as Lexical Labs), and Lexical Consulting Ltd. This privacy policy is issued on behalf of the Lexical Labs Group - when we mention “Lexical Labs”, "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Lexical Labs Group responsible for processing your data.

‍

‍Changes to this policy

‍We keep this Policy under regular review and may amend it to reflect changes in law, our services, our data collection use and practices, or advances in technology. Use of information we collect is subject to the version in effect at the time of use. Depending on the type of change, we may notify you by posting on this page or by email. Please carefully review any changes made to this Policy. This version was last updated on 18 December 2020.

‍

‍Third-party links

‍This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

‍

‍The data we collect about you

‍Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).To provide and improve our services and to support marketing, we collect information about visitors to our sites. We may collect, use, store and transfer different kinds of personal data groups:

‍Identity Data: name, company and position, username or similar identifier

‍Contact Data: email address and telephone numbers, company and position

‍Technical Data: IP address, date, time, location, and duration of your visit, browser type and version, browser versions, operating system and platform, and other technology on the devices you use to access this website.

‍Profile Data: any feedback and survey responses.  

‍Usage Data: information about how you use our website, products and services.

We do not collect any Special Categories of Personal Data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. This website is not intended for children and we do not knowingly collect data relating to children.

‍

‍How is your personal data collected?

We use different methods to collect data from and about you including through:

‍Direct interactions. We collect certain information directly from you, such as when give us your Identity, and Contact Data by filling in forms with a name or email address, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you request us to contact you or book a demo through our website, give us feedback, or contact us.

‍Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data usually about devices, browsers, browsing actions and patterns, or sometimes locations (without you typing it into a form). We collect this personal data by using cookies, server logs and other similar technologies. Data may include:

‍Device data such as:IP addressUnique device identifiers and device attributes (operating system and browser type).

‍Usage data, such as:web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, time spent on particular pages, the date, time and frequency of use, error logs, and other similar information

‍Cookies, Server Logs and Related TechnologiesWe may use cookies, which are text files containing small amounts of information that are downloaded on your device, or local shared objects and tracking pixels to store or collect information, including your preferences.

‍Third parties or publicly available sources.

We may receive personal data about you from various third parties. We use services like Google Analytics and Hubspot. They use Cookies to gather usage data and help us learn how people use our Software, such as the pages they visit and for how long and the website or page they were on before coming to this website.

‍

‍How we use your personal data?

‍In general, we collect, use and store or process your information to provide our services, to fix and improve our services, develop new services, and to market our products and services.We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override those interests, and only where the law allows. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person.If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in the final paragraph of this Policy.

‍

‍Purposes for which we will use your personal data

‍Examples of how we use the information we process are set out below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

Provide you with the services and products you request, for example delivering services to you under an engagement letter or other contract

(a) Identity

(b) Contact

Performance of a contract with you

Use information to create and manage an account

(a) Identity

(b) Contact

Create and review data about our users and how they use our services

Test changes in our Software and develop new features and products

To respond to communications from you, including consent to receive certain communications, such as responding to your communications to us

(a) Identity

(b) Contact

Performance of a contract with you

On the basis on consent you provide us to receive certain communications

Answering or responding to support questions

To manage our relationship with you, including:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur

Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you

(a) Identity

(b) Contact

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

Prevent, investigate and respond to: fraud, unauthorised access to or use of our  databases or software products, breaches of terms and policies, or other wrongful behaviour

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

‍

‍Opting out

‍Where your consent to process personal data has been provided, you have the right to withdraw consent at any time and can do so by contacting us using the contact details provided in the final paragraph of this Policy. You can ask us to stop communicating with you by contacting us at any time.

‍

‍Disclosures of your personal data

‍We will not rent, sell or share your personal data with others, except as set out in the Policy. We may disclose information to the following parties:

  1. ‍Internal Third Parties:
    (a) Other group entities performing services for you;
    (b) Contractors acting as sub-processors and who are based [SPECIFIC COUNTRIES] and provide [IT and system administration services].
  2. External third parties
    (a) Service providers – we may disclose your personal data to third-party service providers such as IT providers - we use to support our Software. These companies provide services like online web chat, search technology, advertising and authentication systems. Our service providers are bound by confidentiality undertakings with us to protect your data.
    (b) Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers based in [SPECIFIC COUNTRIES] who provide [consultancy, banking, legal, insurance and accounting services].
    (b) HM Revenue & Customs, regulators and other authorities [acting as processors or joint controllers] based [in the United Kingdom] [who require reporting of processing activities in certain circumstances].
  3. ‍Legal reasons: we may use or disclose your personal data as we deem necessary or appropriate under applicable laws, to respond to regulators or court orders, as part of legal proceedings or to protect our employees, you or others. We may share your information to follow applicable law, or to respond to legal process.
  4. ‍Safety, security, and compliance. We also may share your information when there are violations of this Policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
  5. ‍Corporate activities: we may disclose your personal data to a third party in connection with a reorganisation of the group, merger, joint venture, sale or other corporate change. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

‍International transfers

‍We share your personal data within the Lexical Labs Group, including our contractors. This could involve transferring your data outside the European Economic Area (EEA) where this is necessary for performing services to you.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.  
  2. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

‍

‍Data security ‍

We have put in place technical and organisation security measures to protect your personal data. We implement these measures based on the sensitivity of the information and the current state of technology. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

‍

‍How long will you use my personal data for?

‍We do not collect more personal data than we need for the purposes stated. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, in accordance with our retention policies, and in accordance with applicable law.We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Where there are technical limitations that prevent deletion or anonymisation, we safeguard personal data and limit active use of it.To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

‍

‍Your choices

‍This paragraph describes many of the actions you can take to change or limit the collection or use of your information.

‍Cookies and Other Related Technology. You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our website or services.

‍Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.

‍

‍Your legal rights

‍The terms “Personal Data,” “Process/Processing,” “Controller,” “Processor,” “Sub-processor,” and “Data Subject” will have the meanings ascribed to them in the Data Protection Act 1998 and the General Data Protection Regulation (2016/679), as amended or replaced from time to time, and any applicable laws implementing it.

  1. By using our website you:acknowledge that your information will be processed as described in this Policy; andconsent to having your information transferred to certain Sub-processors outside the EEA in accordance with this Policy.‍
  2. Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can request the following information from us at any time:how we collect and use your information and why;the categories of personal data involved;the categories of recipients of your personal data;how we received your personal data; andhow long we use or store your personal data or the manner in which we determine relevant retention periods.
  3. ‍Corrections. You have a right to correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide.
  4. ‍Withdraw consent. Where we rely on your consent to process your personal data, you have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. At any time, you can request that we stop using your information for direct marketing purposes.
  5. ‍Request erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  6. ‍Object to processing. Where we are relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, you have the right to object. You also have the right to object where we are processing your personal data for direct marketing purposes.
  7. ‍Provide Guidance. You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death.
  8. ‍Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:If you want us to establish the data's accuracy.Where our use of the data is unlawful but you do not want us to erase it.Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  9. ‍Complaints. You have a right to raise questions or complaints with your local data protection authority at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We are committed to resolving valid complaints about your privacy and our collection or use of your personal data. For questions or complaints regarding our data use practices or Policy, including requests to exercise your legal rights, please contact us at info@lexicallabs.com.

Join our community and start optimising your legal operations.

Book a demo using the contact form below, and we can show you the power of Tiro up-close and personal.

About Us
Book Demo

Sign up for our newsletter

No spam, we promise! Just the occasional email with product updates and value from our whitepapers.

By clicking Sign Up you're confirming that you agree with our Terms of Service.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.