Privacy Policy

Effective date: 24 November 2021

Legal Software Pty Limited and each of its global subsidiaries and affiliates (collectively, “LEAP”, “we”, “us” or “our”) respect your privacy and are committed to processing your personal information in accordance with applicable law.  Full details of each of our global subsidiaries and affiliates can be found here.

This Privacy Policy (“Policy”) applies to all websites, applications, and other services operated or furnished by LEAP linking to or posting this Policy (our “Services”).

This Policy explains how we collect, use, maintain and disclose information collected about you, including when you visit or use our Services, attend a LEAP event, or otherwise interact with us.

If you use our Services as part of an entity or organisation that has an agreement with LEAP (such as your employer), the terms of that organisation’s contract for your use of our Services may restrict our collection or use of your personal information further to what is described in this Policy.

Please read this Policy carefully to understand how we will collect, use, maintain and disclose your personal information. This Policy also describes your choices regarding use, access and correction of your personal information.  By using our Services, you acknowledge and agree to the processing of your personal information as set out in this Policy.

Changes to this Policy

This Policy may be updated from time to time for reasons such as operational or regulatory changes.  If we make any changes, we will notify you by posting the revised Policy on this page, revising the “Effective Date” at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a notice to our Services prior to the change becoming effective, or by sending you an email notification). We encourage you to periodically review our Policy for the latest information on our privacy practices and the ways you can help protect your privacy.

Contact us

For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”) and other applicable laws globally, the LEAP entity that is responsible for your personal information (the “data controller”) is the LEAP entity in the jurisdiction where your personal information is collected.  For more information about your data controller ask your LEAP business contact, consult our list of locations here, or contact us using the details below.

Should there be no LEAP entity in the jurisdiction where your personal information is collected, Legal Software Holding Pty Limited located at Level 11, 207 Kent Street Sydney NSW 2000 is deemed to be the data controller responsible for your personal information.

If you have questions about this Policy, or the manner in which LEAP collects, uses or otherwise processes your personal information, including the transfer or onward transfer of your personal information outside your jurisdiction of residence, please contact us at:

Privacy Officer, Leap Global

For Australia: 1800 007 709

For Europe: (44) 845 683 2517

For the US: (844) 702 5327

For Canada: (437) 900 2140

privacy@leaplegalsoftware.com

Level 11, 207 Kent Street Sydney

NSW, Australia 2000

What personal information do we collect?

When you use or access our Services or otherwise interact with us, we may collect a variety of information about you and others, as described below. Such information includes, but is not limited to, information about you which is in a form that permits us to identify you either on its own or in combination with other available information (your “personal information”).

Information you provide to us.  We collect information that you provide to us, or that someone on your behalf (such as your employer or account administrator) provides to us.  For example, when you contact us about our Services, complete our “Request Demo” (or similar) online form, request our marketing materials, create a user account on our Services, access and use our Services, send an email via our Services, request customer support or technical assistance, attend an event, apply for a job with us, or communicate with us by phone, email, via third-party social media sites or otherwise.  The types of information may include:

  • Contact data, such as your name, employer, job title, department, username or similar identifier, postal address, email address and telephone numbers.
  • Credentials, such as passwords, password hints or similar security information used for authentication and account access.
  • Marketing data, such as your preferences in receiving marketing from us, or information about your use of our products or services.
  • Event data, such as your contact data and a record of your participation in our events as an attendee or presenter.
  • Financial data, such as invoice information, bank account and payment card details to process payments.
  • Authentication data, such as information to complete know-your-client and/or anti-money laundering checks and property transactions; and
  • Candidate data, such as employment history, qualifications, academic qualifications and education records, and any other information that you provide to us when applying for a job with us, for example in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider.

LEAP will take all reasonable precautions to ensure the personal information it has collected remains correct and accurate. You can choose not to provide your personal information to LEAP, however it may mean that we are unable to provide you with the Service required.

Information we collect automatically.  When you use or access our Services, we may also collect certain information through automated means, including but not limited to some or all of the following:

  • Device data, such as information about your computer and about your visits to and use of our Services, including your IP address, inferred geographical location, browser type and version, operating system, and referral source.  We also may collect any telephone number from which you contact us.
  • Log data, including information associated with your activities on our Services, including information about the way you interact with our Services, statistics regarding your page views and traffic to and from our Services, and the number of bytes transferred, hyperlinks clicked, and other actions you take.

Cookies and similar tracking technologies.  As with most websites and other digital services, we employ cookies, pixel tags, web beacons, and similar technologies to collect and store certain information about visitors to our Services.  We use this information to improve our Services, and to help us remember you and your preferences when you next visit our Services.  We may allow selected third parties to place cookies through the website to provide us with better insights into the use of the website or user demographics or to provide relevant advertising to you.  These third parties may collect information about a user’s online activities over time and across different websites when he or she uses our website.  For more information about our practices in this area, please see our Cookie Notice.

Information we collect from other sources.  When using our Services, you may upload documents containing personal information (including sensitive personal information) relating to third parties.  Our Services also involve storage of your appointments and sending emails on your behalf.  These may include confidential or proprietary information about a company, or personal information relating to individuals.  LEAP will not access these documents or view their content in the normal course, unless instructed by the relevant customer or where required as part of our Services, such as to provide maintenance services or troubleshooting, etc.  We process any personal information contained therein as a “service provider” or “data processor” (as defined by applicable law) on behalf of, and pursuant to the instructions of, our customers.

To the extent permitted by applicable law, we may also collect information about you from third party suppliers and government database services.  We will process such information in line with this Policy and applicable law.

How do we use personal information?

We process your personal information for the purposes set out in this Policy only where we have a valid legal ground for doing so under applicable data protection law.  The legal ground will depend on the purpose for which we process your personal information and the data protection law that applies with respect to LEAP’s activities in your jurisdiction.

We will use your personal information for the following purposes as is necessary for the performance of our obligations under our customer terms, or to answer questions or take steps at your request prior to entering those terms:

  • to create and maintain your user account;
  • to enable your use of our Services;
  • to supply you with Services purchased;
  • to send technical alerts, updates, security notifications, and administrative communications;
  • to send statements and invoices to you, and to process payments;
  • to assist with the resolution of technical support issues or other issues relating to our Services;
  • to verify your identity, investigate and prevent fraudulent activities, unauthorised access to our Services, and other illegal activities;
  • to manage registration, payments and your attendance to our events; and
  • to provide personal information to third parties as set out in this Policy.

We may use special category or “sensitive” personal information, such as health data, to provide you with specialised services, such as disabled access to our events, where you have given your consent to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law).

We use your personal information for the following purposes as is necessary for certain legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time):

  • for internal administrative and technical operations to keep our Services, network and information systems updated, patched and secure;
  • to improve your browsing experience by personalising our websites;
  • to notify you of new or changed services offered in relation to LEAP;
  • to confirm, update and improve our records, and to analyse and develop our relationship with you;
  • to promote our business and send you marketing communications relating to our Services or carefully selected third parties which we think may be of interest to you where you have given opt-in consent, where required by applicable law;
  • marketing emails and request form used to gather leads;
  • to deal with enquiries and complaints made by or about you relating to the Services;
  • to seek your views or comments on our Services;
  • to carry out training relating to our Services;
  • to continually improve our Services, including adding new features or capabilities, and to develop new products and services; and
  • to (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our interests; (iv) protect our rights, safety or property, and/or that of our partners, you or others; and (v) enforce or defend our legal rights.

If you apply to work for LEAP, we will use your personal information in the following ways as necessary in our legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law) and to decide whether to enter into a contract with you:

  • to assess your skills, qualifications, and suitability for the role you have applied for;
  • to carry out background and reference checks, where applicable;
  • to communicate with you about the recruitment process;
  • to keep records related to our hiring processes; and
  • to comply with legal or regulatory requirements.

We may process your personal information to protect your vital interests or the vital interests of another person (for example, lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety).

Where permitted by applicable law and our contract obligations to customers, LEAP may aggregate your non-personally identifiable data.  This data will in no way identify you or any other individual.  LEAP may use this aggregated non-personally identifiable data to:

  • assist us to better understand how our customers are using our Services;
  • provide existing and potential customers with further information regarding the uses and benefits of the Services; and
  • otherwise to improve the Services.

When LEAP is acting as a data processor or service provider, LEAP will process personal information in compliance with the instructions of its customers, who act as data controllers in respect of such data and will be responsible for ensuring that the personal information is appropriate and only processed for limited purposes.

Who do we disclose personal information to?

There are circumstances where we wish to share or are compelled to disclose your personal information to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this Policy.

To the extent permitted by applicable law, we may share your personal information with the following third parties for the purposes listed in this Policy:

  • Our affiliated companies and offices, which are generally located in the United States, Canada, United Kingdom, Ireland, Poland, Australia and New Zealand.
  • Our professional advisors, such as our auditors, accountants and lawyers.
  • Trusted third-party service providers who perform services on our behalf in connection with our Services.  The services provided by such third parties include services in the following categories: processing payments on our behalf, sending marketing communications on our behalf, authenticating identities on our behalf, helping us to create or maintain our databases, helping us to research or analyse visitors to our Services and maintaining the security of our cloud-hosting services, backend support services, data analysis and visualisation support services, insurance services, and commissioned mailing house services.
  • Third party suppliers who develop, maintain and sell integrations and applications on LEAP Marketplace.
  • Another legal entity, on a temporary or permanent basis, as required for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
  • A successor organisation or other legal entity, in the case of a merger, financing, acquisition or dissolution, transition, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets.  Except to the extent required by applicable law, we do not guarantee that any entity receiving your information in connection with one of these transactions will comply with all of the terms of this Policy following such transaction.
  • Any other third party where you have provided your consent.

We may disclose personal information to public authorities and other third parties, to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce other agreements you may have with LEAP, to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a reporting agency for fraud protection) or as otherwise permitted by applicable law.  Except to the extent prohibited by applicable law, we reserve the right to disclose information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.

We may also share aggregated or anonymous information that cannot identify you with third parties.  For example, we may share the number of visitors to our Services and what features were used.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law.  We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Children

Our Services are not directed to individuals under the age of 18.  We do not knowingly collect personal information from individuals under the age of 18.  If you become aware that an individual has provided us with personal information, please contact us using the contact details contained in the “Contact us” section at the beginning of this Policy.  If we become aware that an individual under the age of 18 has provided us with personal information, we will take steps to delete such information.

Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures designed to safeguard and secure personal information we process.  Some examples of the measures we take to help protect your personal information include:

  • the use of suitable password protection measures and access privileges to monitor and control access to our IT systems;
  • imposing restrictions on physical access to paper files;
  • requiring any third parties engaged by LEAP to provide appropriate assurances to handle personal information in a manner consistent with applicable law; and
  • taking reasonable steps to securely destroy or de-identify personal information after we no longer need it for our business or to comply with the law.

However, the internet is not in itself a secure environment and we cannot give an absolute assurance that personal information submitted online will be secure at all times. Transmission of information over the internet is at your own risk and you should only enter, or instruct the entering of, information to the Service within a secure environment.

We recommend you take every precaution in protecting your personal information when you are on the Internet. For example, change your passwords at least once a year. Passwords should not include your name, date of birth or other personal data.   A combination of upper and lower-case letters, numbers and symbols is recommended for less than 12 characters long passwords. Make sure you use a current antivirus and an up-to-date operating system and Internet browser.   It is your responsibility to keep your password to our Services safe.  You should notify us as soon as possible using the “Contact us” section at the beginning of this Policy if you become aware of any misuse of your password, and immediately change your password within the Services.

Storage of personal information

We will store your personal information in a form which permits your identification for no longer than is necessary for the purpose for which such personal information is processed.  Please note, however, that we may retain and use your personal information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements and rights, or if it is not technically and/or reasonably feasible to remove it.  Consistent with these requirements, and to the extent required or permitted (as the case may be) by applicable law, we will try to delete your personal information quickly upon request.

When LEAP is acting as a data processor or service provider, when the provision of our Services to a customer cease, we will, as agreed with the customer, return or securely delete personal information processed on behalf of that customer, unless we are required to retain the personal information by applicable law.

Where we process your personal information on behalf of a LEAP customer as a service provider or data processor, we will retain such information in line with our customer’s instructions and our contractual obligations.  You may have the right to ask the controller of your personal information to delete, block or correct such personal information in line with applicable data protection law.

International transfers

Our Service is hosted and operated in the United States, the United Kingdom, Ireland, Australia, Canada and New Zealand through LEAP and its service providers. By using our Services you acknowledge that your personal information may be accessed by us or transferred to us in those jurisdictions, and accessed by or transferred to our personnel, affiliates, partners, and service providers who are located around the world.

Where required by applicable laws, we will take appropriate measures to ensure adequate protection of your personal information when transferred internationally and, if necessary, seek your prior consent.  Such measures may include use of data transfer agreements or official transfer mechanisms such as data authority approved contractual clauses. For instance, if you are located in the European Economic Area (“EEA”), we may store your personal information as described in this policy outside the EEA.  Where we transfer EEA personal information to a third party located in a country not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission, to safeguard such personal information.

Please note that your personal information may be subject to the laws of the jurisdiction in which it is situated.

Links to other websites or third party applications

Our websites may contain links to other websites of interest. You should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

You are responsible for any transfers of data (including personal information) to third-party applications that you initiate within our Services.  LEAP has no control over, and takes no responsibility for, the privacy practices or content of these applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.

Your rights in relation to your personal information

You can always opt not to disclose information to us, but keep in mind some information may be needed to create a user account or to take advantage of some of the features of our Services, and other information about you may be collected automatically in connection with your use of our Services.

For personal information that we process on behalf of our customers, we are not responsible for and have no control over the privacy and data security practices of those customers, which may differ from those explained in this Policy.  Except where the Privacy Act 1988 (Cth) (the “Australian Privacy Act”) applies, the data protection rights listed below do not apply to LEAP where we process personal information as a service provider or processor on behalf of a customer.  If we process your personal information as a service provider or processor on behalf of a customer, and you wish to exercise any data protection rights you may have under applicable data protection laws, please inquire with the customer directly.  Where the Australian Privacy Act applies to your personal information, you will have certain data protection rights regardless of whether LEAP is a data controller or data processor.

Marketing communications.  You can opt-out of receiving certain marketing communications from us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting us using the details contained in the “Contact us” section at the beginning of this Policy.  We may continue to send you non-promotional communications, such as service-related emails, billing information, and certain product updates via email.

“Do Not Track” signals. At this time, our Services do not support “do not track” signals (“DNT”) that may be available in your browser for letting websites know that you do not want them collecting certain kinds of information.  If you turn on the DNT setting on your browser, our Services are not currently capable of following whatever DNT preferences you set.  For more information about DNT, visit www.donottrack.us.

Data protection rights.  In certain circumstances you may have rights under data protection laws in relation to your personal information that we hold about you – specifically:

  • Request access to your personal information. You may have the right to request information regarding our processing of your personal information and access to the personal information which we hold about you;
  • Request correction of your personal information. You may have the right to request that we correct your personal information if it is inaccurate or incomplete;
  • Request erasure of your personal information. You may have the right to request the deletion of your personal information in certain circumstances.
  • Request restriction of processing your personal information. Your may have the right to object to, and requesting that we restrict, our processing of your personal information in certain circumstances.
  • Request transfer of your personal information. You may have the right to request transfer of your personal information directly to a third party where this is technically feasible.

These rights may differ depending on where you live or where your personal information is collected or held. For example, where the Australian Privacy Act applies, you will have the right to request access to and/or correction of your personal information, but not the other rights listed above.

We will grant your request to exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law and in accordance with the timeframes (if any) prescribed by that applicable law.  You can submit a request to exercise the above-mentioned rights, or raise a question, comment or complaint, by contacting us using the contact details contained in the “Contact us” section at the beginning of this Policy.  We reserve the right to request the provision of additional information necessary to confirm the identity of the enquirer. Subject to applicable law, you may also have a right to make a complaint to the authority responsible for data protection in your country.

Subject to applicable laws, you may exercise the above data subject rights through a legal representative or delegated person, in which case we will verify whether the requesting party is a duly authorised representative.  We may reject such request if there is justifiable reason for rejection under applicable laws.

California residents

Your California Privacy Rights

California residents with an established business relationship with us are permitted by California law once a year to request information about the manner in which we shared certain categories of information with others for their marketing purposes during the prior calendar year.

We may share your personal information with others for their marketing use unless you tell us not to.  To opt-out please email our Privacy Officer at privacy@leaplegalsoftware.com with the subject line “Californian Resident – Opt-Out Request” and your opt-out request. Please ensure that your request includes information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information).  We will not share your information after we have received and processed your opt-out.

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information.  This section describes your CCPA rights and explains how to exercise those rights.

Verified California residents have the right to:

  • request and receive disclosure of our information collection practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, and the categories of third parties with whom we share such information;
  • request and receive disclosure of our information sharing practices during the prior 12 months, including a list of the categories of personal information sold with the category of third-party recipients and a list of the categories of personal information that we disclosed for a business purpose;
  • request and receive a copy of the specific personal information we have collected about them during the prior 12 months;
  • request that we not sell personal information about them; and
  • request that we delete (and direct our service providers to delete) their personal information subject to certain exceptions.

For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

The CCPA rights described above do not apply to information collected in the employment context about our current, former or prospective employees or contractors (who receive separate disclosures under the CCPA) or to information collected about California business contacts (employees, owners, directors, officers, or contractors of companies, sole proprietorships, and other entities collected in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such companies, sole proprietorships, or entities).  California business contacts have the right to tell us not to sell their information; please see below for how to exercise this right.

Information collected, sources, and business purpose for collecting information.  During the past 12 months we may have collected the following categories of personal information.  This includes information that individuals provide to us directly, information we collect from automatically through the website, information that we collect when individuals interact with us such as through online postings, and information that we may collect from third parties such as service providers, affiliated companies, marketing, staffing, or data partners, or other third parties. It also includes information that we collect about employees and business partners and vendors from those individuals directly or from references, referrals or consumer reporting agencies.  Not all information is collected from everyone who interacts with us. Information we collect is used for the business purposes described above in “How do we use information”.

  • Identifiers such as contact information (name, address, phone number, email or postal address), unique personal identifiers (that may include but are not limited to a legal name or preferred alias and online identifiers like user account names), and an encrypted version of your password.  We may collect additional information from suppliers, vendors, or employees including business contact information, phone number, email and postal addresses and titles.
  • Sensitive information such as financial and payment information like credit or debit card information, or PayPal account email address.
  • Commercial information such as transaction histories, billing and shipping information, and product preferences.
  • Electronic network activity information such as the internet protocol (IP) address collected from users’ computers and mobile devices, and information about online activity, including your interactions with our website, through the use of cookies and similar technologies, system logs, and analytics monitoring.
  • Inferences we make about individuals or their interests based on analysis of other information we have collected.
  • Geolocation information.
  • Audio or video information such as call centre recordings or monitoring records from our customer support centres and security video recordings at our facilities.
  • Employment, education and professional related information, protected classification information, biometrics (collected from current and prospective employees, contractors, service providers, vendors and suppliers).
  • Other types of personal information that we may disclose to you prior to the point of first collection.

Exercising your CCPA rights.  To make a request for disclosure California residents may contact us by calling us at +(844) 702-5327 or emailing us at privacy@leaplegalsoftware.com.  We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be.  We will acknowledge receipt of your request within 10 days and will endeavour to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 business days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our information collection practices, the specific information we collected about you, or our information sharing practices up to twice within a 12-month period.  You may make a request that we not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances.  By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.

We will not discriminate against you as a result of your exercise of any of these rights.

Using an Authorized Agent.  You may submit a request through someone holding a formal Power of Attorney.  Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorize the person to make the request on your behalf, (4) you verify your own identity directly with us and (5) your agent provides us with proof that they are so authorized.  We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

Personal information sales opt-out and opt-in rights.  We do not sell your information for monetary consideration but we may transfer your information to a third party that provides us with services such as helping us with advertising, data analysis and security, which may fall under the definition of for “other valuable consideration” which may be considered a ‘sale’ under the CCPA. During the past 12 months we disclosed select which of the following categories were disclosed: identifiers, electronic network activity, commercial information, sensitive information, protected classification information, geolocation, biometrics, education or professional information, audio or video information, inferences from collected information with third parties such as advertising and analytics providers for a business purpose which falls within the definition of a ‘sale’.  If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”).  We do not sell the personal information of individuals we know are less than 16 years of age.  To exercise the right to opt-out, you (or your authorised representative) may submit a request to us by visiting the following page: Do Not Sell My Personal Information or calling us at +(844) 702-5327.  Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorise personal information sales.

Nevada Residents

We may transfer personal information for monetary consideration.  If you would like to tell us not to sell your information in the future please email us at privacy@leaplegalsoftware.com with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.

How to make a complaint

If you believe that we have not complied with our obligations under this Policy or applicable data protection law, we ask that you contact us in the first instance to see if we can resolve the issue.  We will investigate the complaint and determine whether a breach has occurred and what action, if any, to take.  We will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner.  However, you may have the right to make a complaint to an authority responsible for data protection in your country (or the country in which your information is collected and/or held).  For example, if you are a resident of:

  • Australia, or your personal information is collected or held by us in Australia when we do business in Australia, we suggest you contact the Office of the Australian Information Commissioner at www.oaic.gov.au to make a formal complaint or for guidance on alternative courses of action which may be available to you.  We are subject to the operation of the Australian Privacy Act in respect of personal information collected, used and disclosed in Australia, and will handle such personal information in accordance with this Policy so as to ensure we meet our obligations under the Australian Privacy Act.
  • Canada, you have the right to lodge a complaint with the privacy authority responsible for the privacy law in effect in your province of residence:
    • Alberta: The Information and Privacy Commissioner of Alberta at www.oipc.ab.ca.
    • British Columbia:  The Information and Privacy Commissioner for British Columbia at www.oipc.bc.ca.
    • Québec: la Commission d’accès à l’information du Québec at www.cai.gouv.qc.ca/english/.
    • All other provinces and territories: The Privacy Commissioner of Canada at www.priv.gc.ca/en.
  • European Union, you have the right to lodge a complaint with the Supervisory Authority of the EU Member State in which you live or work, or where the alleged infringement took place should you prefer.
  • New Zealand, you have a right to make a compliant to the Office of the Privacy Commissioner (New Zealand) at www.privacy.org.nz.
  • United Kingdom, you have the right to make a complaint to the UK Information Commissioner’s Office at www.ico.org.uk/.

 

ADDENDUM TO PRIVACY POLICY – PAYMENT PLANS

As Legal Financial Services Pty Ltd (LFS) is a subsidiary of the LEAP Legal Software group, in addition to LEAP’s foregoing global Privacy Policy applicable to all companies with in LEAP, the following Addendum applies to LFS’s Payment Plans business.

Effective Date: 25 February 2022

Personal information we collect

In relation to our Payment Plan business, the types of personal information we may collect from you include:

  • information required for identity verification purposes such as driver’s licence;
  • your registered business name and trading name if different from your registered business name, ABN/ACN, nature of business, listed directors and or major shareholders including beneficial and non-beneficial owners, nominated business bank accounts, business assets and liabilities, verifiable income, trading address, contact number, email address, and other relevant information as it pertains to verifying the nature of the business and business dealings;
  • your transaction history with LFS and its subsidiaries or relevant third parties.

We may also collect your credit information such as the collection of bank statements, account numbers and customer identifier numbers.

From time to time, we may request you to provide additional information or update your personal information to ensure that it is accurate, up to date, complete and relevant for the purposes of providing our products and services.

The Australian Privacy Act has specific rules about two types of consumer credit related information that we may collect:

  • Credit related information – This relates primarily to your credit-related dealings with us. For example identification information, information about your account with us and its status (whether it is still on foot, payment and internal default information), as well as any publicly available information.
  • Credit eligibility information – This relates to any personal information that is credit reporting information about the individual which was disclosed to a credit provider by credit reporting bodies (CRBs), or derived from it, so it may also include information about your credit related dealings with other credit providers.

There are also certain instances in which we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. For example, where we need to verify information you have provided. Even where your application is for consumer credit, we may collect information about you from a business which provides information about commercial credit worthiness for the purpose of assessing your application.

Other third parties that we may collect your information from include:

  • Our related companies, business partners, subsidiaries and affiliates that are assisting in the review or processing of a credit application with which you are connected, or with the provision of our services, such as by providing data storage and other similar services
  • your accountant, banks, guarantors, financial advisers or others with whom you have previously had dealings;
  • in relation to credit information, by contacting other credit providers who may have information about you relevant to us;
  • CRBs such as Equifax and Illion when we seek verification of information in relation to your identity
  • by accessing information about you that is publicly available such as those maintained by the Australian Securities and Investment Commission as well as internet sources.;
  • your executor, administrator or attorney;
  • service providers to us (including debt collection agencies, introducers, private investigators, professional advisers);
  • professional organisations;
  • public and subscriber only databases;
  • any person considered necessary in our view to execute your instructions;
  • and government authorities.

We may also log information about your access and use of our website. This information may include your internet service provider (ISP), browser type, operating system, internet protocol addresses, referring/exit page, date/time stamp and clickstream data.

Anti-Money Laundering and Counter-Terrorism Financing

In order for us to comply with the customer identification obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AMLCTF Act), we may be required to collect your personal information such as:

  • your full legal name
  • your residential address
  • your date of birth

In some cases, we may need to collect information about the political activities and opinions of individuals to determine whether they are politically exposed persons for the purposes of the AMLCTF Act. We may also need to clarify and/or update the personal information we previously collected for identity verification purpose, and/or collect further information including financial information about individuals.

As part of the verification processes, we may need to take copies of your personal identification documents in order to verify your identity in accordance with the requirements of that Act.

We may also disclose your full name, residential address and date of birth to CRBs for the purposes of providing an assessment of whether this identification information matches (wholly or in partly) personal information held by the CRBs. The CRBs may compare your details with personal information held by the body (being the names, residential address and dates of birth of other individuals) for the purpose of making this assessment.

If you do not wish to disclose your personal information to CRBs for the purposes of the AMLCTF Act, please contact us by email at support@rapidpaylegal.com and we will provide an alternative means of verifying your identity.

Use and disclosure of personal information

The purposes for which we may use and disclose your personal information in relation to our Payment Plans business include:

  • identity verification purposes and conduct appropriate due diligence;
  • in order for us to decide whether to provide a product applied for or service requested (this might involve evaluating your credit worthiness);
  • to detect and prevent instances of fraud, unlawful conduct, and other risks to you or our products and services;
  • to ensure fast and accurate approval and processing of payment transactions;
  • to assess any insurance risks or claims associated with you or our products or services;
  • dispute and complaint resolution, and assisting other credit providers to do the same;
  • enforcing our rights, including the collection of outstanding payments and where necessary, initiating legal proceedings;
  • undertaking research and development of new products and services;
  • undertaking securitisation activities and other activities relating to funding and capital requirements;
  • enabling our associated entities and selected other entities to promote their products and services to customers;
  • developing an understanding of the products and services you may be interested in receiving from us and our related entities;
  • produce and optimise our credit models;
  • produce reports containing anonymised summaries derived from personal information and other information that is not personal information (General Information);
  • assisting customers in meeting their credit related obligations;
  • enforcing our rights, including debt recovery and other enforcement;
  • dealing with serious credit infringements, and assisting other credit providers to do the same; and
  • complying with various Australian laws including the Anti-Money Laundering and Counter – Terrorism Financing Act 2006 (Cth) or the Australian taxation laws which may specifically require us to collect your personal information, and with other regulatory requirements and laws where collecting your information is necessary in order for us to comply with our obligations.

Although the Privacy Act permits us to disclose your credit information to CRBs for certain purposes, and to receive information from them, we do not actively do this at present. However, we will appoint an agent to ensure that any previously listed defaults will be updated with the CRB as required (e.g. when repayments are received). The CRBs to which we disclose this information may include the information in their reports to other credit providers in order for them to conduct an assessment of your credit worthiness.

The CRBs from which we may collect, and to which we disclose, credit information include:

Website: www.illion.com.auPhone: 1300 734 806Address: Public Access Centre, PO Box 7405, St Kilda, VIC 3004‍

Website: www.equifax.com.auPhone: 13 83 32Address: PO Box 964, North Sydney, NSW 2059

You are entitled to contact the CRBs and request not to:

  • use your credit reporting information for the purposes of pre-screening of direct marketing by a credit provider.
  • use or disclose your credit reporting information for a period if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.

Disclosure to third parties

We may also disclose your personal information to third parties, including:

  • your co-applicant (if any);
  • entities providing other services to us, including legal services, financial services, market research, CRBs such as Equifax or Illion and data providers;
  • our assignees or potential assignees, or where we act as an agent for, or otherwise on behalf of, another person, to the principal or that other person;
  • the supplier of services financed with credit we provide;
  • service providers, where the payment or credit service provided by us involves payments to the service provider for services rendered by them;
  • other financial institutions or entities such as banks and credit providers;
  • organisations involved in debt assignment or securitisation arrangements; and
  • debt collectors or other enforcement bodies.

Overseas disclosure

We will take reasonable steps to ensure that disclosure of your personal information to third parties who are located overseas is in compliance with the Australian Privacy Principles.It is likely that such disclosures will be made to persons in countries including the Philippines, where our customer service support centre will be operating from.

Access and correction

We take every step that is reasonably practicable to ensure that the personal information we collect and hold is accurate, complete and up-to-date.

You may, at any time, request access to personal information (and personal credit information) that we hold about you, if there is an error, where the information is incomplete, inaccurate or out of date. Upon such request, we will verify your request and correct, amend or add to the information we hold about you.

In the event that we do not agree to your request for correction, we will give you notice of this outlining our reasons and what next steps you can take. You may also request us to associate a statement with that information to the effect that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading so that it is apparent to users of the information.

You are entitled to specify how you wish to access your personal information, so long as this is reasonable and practicable. In order to access your personal information, please contact us at support@rapidpaylegal.com.

We will not charge you a fee for your access request, but may charge you the reasonable cost of processing your request to allow us to provide you with access to your personal information (e.g. if you request a voluminous printings of hard copy records).

We verify the identity of anyone requesting access to personal information. This will ensure that we do not provide information to a person who does not have the right to access that information.

We ask that your request for information be as specific as possible so that we can accommodate your request. We will usually provide you with access within thirty (21) days of a request but in some circumstances, it may take longer.

Please note, that under Australian law, we are entitled to refuse you access to your information in certain circumstances, including where:

  • access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  • access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct.

Over 1,500 law firms choose RapidPay

APPLY HERE