1.2. If you have any questions about this Policy or wish to report any suspicious activity, please email us at firstname.lastname@example.org.
1.3. Your use of our Services is subject to our Terms and Conditions (the “Terms”).
1.4. The purpose of this Policy is twofold:
(a) it provides information about how we process the Personal Information (as defined below) of our Users in our capacity as “data controller”; and
(b) it sets out our obligations in relation to our processing of Controller Data (as defined below) in our capacity as “data processor” on behalf of our Users. In this regard, this Policy shall be incorporated in the Terms by reference and we agree to be bound by our obligations under this Policy in relation to our processing of Controller Data.
1.5. 1.5. When you start using our Services, you should print off a copy of this Policy for your records. Any subsequent modifications to the Policy will apply to you only if have agreed to such modifications.
2. What information is collected?
2.1. Depending on the use of our Services, we may collect the following information about each User:
- information that we may receive from you in connection with the creation of your User account and similar activities, such as your name, address, telephone number, email address, credit card details, date of birth, gender, address and similar information;
- information that we receive from you, or on your behalf, if you send us an enquiry and other communications;
- information in your social media account, as authorized by you through such account, if you register or log into our Services through a third-party social media service, such as your name, account name and similar information. You have the ability to disable the connection between our Services and your social media account at any time;
- information about your use of our Services, such as the number of logins, your utilisation of our Services and similar information;
- information received from your devices, such as browser type, OS type, IP address and similar information;
- information that we receive from other sources, as permitted by applicable laws,
(collectively, “Personal Information”).
2.2. The Personal Information is necessary for the provision of our Services to you, and we will be unable to provide you with certain features in accordance with our Terms if you choose to withhold the requested Personal Information.
2.3. In relation to all information uploaded, stored or otherwise used by you in our Services (collectively “Controller Data”), we will act as your “data processor” and will process all such information strictly on your behalf and in accordance with your documented instructions from time to time, as further set out in our Terms. We will not make any use of such Controller Data for our own purposes whether in anonymised form or otherwise.
3.1. In addition, we may collect certain information in your browser such as cookies and similar technologies (collectively “cookies”). These are small pieces of information sent to your browser and stored on your computer's hard drive, mobile phone or other device, which may constitute Personal Information.
- First party cookies are set by our websites and Services and third party cookies are provided by third parties, such as Google.
- Session cookies are used to confirm that Users are logged in. These cookies terminate once the User closes the browser. By default, we use a persistent cookie that stores your login ID (but not your password) to make it easier for you to login when you come back to the Services.
- Our performance cookies collect anonymous information about how Users interact with our Services.
3.2. We may combine information from these types of cookies and technologies with information about you from other sources.
3.3. When you arrive on our website a pop-up message will appear asking for your consent to place cookies on your device. In order to provide your consent, please click ‘I understand’. Once your consent has been provided, this message will not appear again when you revisit, unless you clear cookies in your browser.
3.4. If you, or another User of your device, wish to withdraw your consent in relation to cookies at any time, you can remove or block cookies using the settings in your browser. However, this may cause some Services to be impaired.
4. Purposes for which we process your information
4.1. We will only process your Personal Information for the following lawful purposes:
- creating and maintaining your User account in connection with our Services;
- responding to your enquiries;
- administering, operating, providing, hosting, configuring, designing, maintaining our Services;
- to occasionally email you notifications regarding activities in connection with our Services;
- enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, providing collocation services, hosting, verification, technical, logistical or other functions;
- sending you personalised marketing communications, strictly in accordance with your marketing preferences selected within the Services;
- ensuring the security of your User account and our business, preventing or detecting fraud or abuses of our Services, for example, by requesting verification information in order to reset your account password; and
- to comply with applicable law, for example, in response to a request from a court, regulatory body or law enforcement agency, but only where such request is made in accordance with the law.
4.2. We will process Controller Data for the purposes of complying with our obligations under the Terms and your documented instructions from time to time. We will comply with all applicable laws in relation to the processing of Controller Data and all guidelines and codes of practice issued by a regulator with jurisdiction over the processing of Controller Data. We will assist you, free of charge, in ensuring compliance with your obligations under applicable law in relation to your use of Controller Data in connection with the Services.
4.3. We will promptly inform you if we become aware of anything that suggests that (i) the processing of Controller Data by us or our Sub-Processor (as defined below) is unlawful, (ii) we are unable to fully comply with our contractual or statutory obligations, or (iii) we are otherwise unable to guarantee sufficient safeguards in connection with our processing of Controller Data (including without limitation for reasons related to any Sub-Processor).
5. Legal basis of processing
5.1. The legal basis for our processing of your Personal Information for the purposes described above will typically be because you have provided us with your consent. However, we may also rely on other legal grounds, for example, where the processing is necessary:
- to fulfil our obligations under any contract that we may have in place with you, such as the Terms;
- for our legitimate business interests; or
- for compliance with our legal obligations.
6. When is your information disclosed?
6.1. There are circumstances where we wish to disclose or are compelled to disclose your Personal Information to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure to:
- our business partners, outsourced providers or suppliers to facilitate the provision of our Services, for example, the disclosure to our data centre, collocation provider, webhosting provider, as applicable;
- third party services providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Information will be permanently transferred to a successor company;
- third parties, courts, regulatory bodies, law enforcement agencies or other third parties in order to comply with valid requests and legal processes but only to the extent such disclosures are required under applicable law; and
- any other third party with your permission.
6.2. Subject to clause 6.3, we will not publish, disclose or divulge (and ensure that our personnel do not publish, disclose or divulge) any Controller Data to any third party without your prior written consent or as directed by you from time to time.
6.3. The Notaries Society. On request from the Notaries Society or as otherwise envisaged in the Terms, we will provide a copy of all Controller Data to the Notaries Society in a secure manner. This may include granting a representative of the Notaries Society access to your NotarySAFE account in order to download Controller Data to the Notaries Society’s own systems.
6.4. We will inform you promptly and not later than within 2 business days of any enquiry, request, complaint or other communication relating, directly or indirectly, to our processing of Controller Data received from any data subject, third party, court, regulatory body, law enforcement agency or other third party. We will provide, free of charge, all details, information and assistance as you may reasonably require in order to comply with your obligations under applicable law.
7. Information security
7.1. We have implemented appropriate technical and organizational measures to safeguard all your Personal Information and Controller Data against unauthorised and unlawful processing and against accidental loss, destruction, disclosure, damage or alteration in accordance with applicable law and good industry practice.
7.2. We understand that your Controller Data is highly sensitive and confidential. Accordingly, our measures are appropriate to the harm and risk which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to your Controller Data and having regard to the nature of your Controller Data which is to be protected and shall include inter alia, as appropriate:
(a) the pseudonymization and encryption of Controller Data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing Controller Data;
(c) the ability to restore the availability and access to Controller Data in a timely manner in the event of a physical or technical incident; and
(d) a process for regular testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing of Controller Data.
7.3. We will only grant access to your Controller Data to such personnel who have given a binding undertaking of confidentiality or who or are under an appropriate statutory obligation of confidentiality and who need to have access in order to process your Controller Data in connection with the Services. We will take all reasonable steps in accordance with best industry practice to ensure the reliability of all such personnel.
7.4. We require any third parties who receive Personal Information from us in the circumstances set out above to implement appropriate technical and organisational measures in accordance with industry standards to safeguard and ensure the confidentiality of your Personal Information.
7.5. We shall promptly inform you if we wish to sub-contract, outsource, assign, novate or otherwise transfer, in whole or in part, the processing of Controller Data, either directly or indirectly, to any other person or entity, including any of our affiliated entities (each a “Sub-Processor”). We shall not engage (by way of sub-contracting, outsourcing, assignment, novation or other transfer, in whole or in part), or amend an existing engagement of, a Sub-Processor, without your prior written consent, and subject in all cases to us:
(a) providing to you reasonable prior notice of the identity and location of the Sub-Processor and a description of the intended processing to be sub-contracted or outsourced to the Sub-Processor to enable you to comply with applicable law, and to evaluate any potential risks to Controller Data;
(b) imposing legally binding contract terms on the Sub-Processor that are at least the same as we have under the Terms and this Policy; and
(c) providing you copies of any documentation to demonstrate the Sub-Processor’s compliance with such contract terms.
7.6. We acknowledge and agree that we shall remain liable to you for any breach of the Terms or this Policy by any Sub-Processor.
7.7. We shall notify you in the most expedient time possible under the circumstances and without unreasonable delay of any actual or suspected accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Controller Data ("Security Breach") suffered by the us or our Sub-Processor. We will provide to you, free of charge, a detailed description of the Security Breach as well as any other information which you may reasonably request relating to the Security Breach. We will provide to you, free of charge, all necessary co-operation and assistance to enable you to comply with your obligations under applicable law and to reduce the impact of the Security Breach on the affected data subjects.
7.8. We agree to take action immediately, at our own expense, to investigate the Security Breach and to identify, prevent and mitigate the effects of any such Security Breach and, with your prior agreement, to carry out any recovery or other action necessary to remedy the Security Breach.
7.9. We will not release or publish any filing, communication, notice, press release, or report concerning any Security Breach without your prior written approval.
8. Your Rights in relation to Personal Information
8.1. You may have rights, such as the right to access, rectify, erase, restrict or object to the processing of, your Personal Information. For more information about your rights in relation to Personal Information, please visit the website of your local data protection authority.
8.2. Where our processing is based on consent, you may withdraw consent at any time. Withdrawing your consent will not affect any previous processing of your Personal Information.
9. International transfers of Personal Information
Except as required in relation to clause 6.2, we will not transfer your Personal Information to a third party outside of the UK.
10. Retention of Personal Information
10.1. Your Personal Information will be retained for as long is reasonably necessary in connection with the Services for the purposes listed above or as required by applicable local law. Please contact us for further details of applicable retention periods.
10.2. We will retain your Controller Data for as long as you may direct from time to time in accordance with our Terms. Upon terminating the Services, we will provide you with a free copy of all Controller Data and, at your option, either return or destroy all such Controller Data within 30 days from termination.
In relation to Controller Data, we will permit, or procure permission for, you to inspect any of our premises, computer and other information systems and records, and comply with all your reasonable requests for information or directions, as may be reasonably required to enable you as data controller to make an informed assessment of your compliance with the applicable law. Where applicable, this will include, without limitation, providing to you our Information Security Policy, specifications of cyber security measures and other information.
12. Miscellaneous provisions
12.1. Please note that our Services are intended for qualified Notaries only. We do not intent to collect any Personal Information of minors.
12.2. The parties shall, and shall ensure that their agents, employees and subcontractors shall, execute and deliver any necessary documentation (including without limitation any variations to this Policy) as may be reasonably required in order to comply with the applicable laws and/or any relevant guidance or code of practice issued by a regulator with jurisdiction over the processing of Controller Data.Last updated August 2017