Effective date: 13 February 2024
This Privacy Policy (Policy) applies to all websites, applications, and other services by By Lawyers that link to this Policy (our Services).
In this Policy, By Lawyers means:
Where your personal information is provided directly to By Lawyers, the controller of your personal information is the By Lawyers entity in the country in which your personal information is collected. In the event there is no By Lawyers entity in your jurisdiction, By Lawyers Holdings Pty Ltd, located at Level 8, 207 Kent Street Sydney NSW 2000 will be deemed the data controller of your personal information.
Full details of our global parents’ subsidiaries and affiliates can be found here.
Where you access the Services via one of By Lawyers’ clients, the controller of your personal information is the entity that has the contract with us and By Lawyers processes your personal information as a data processor.
This Policy explains how we collect, use, maintain, and disclose information collected about you, including when you visit our website or use our Services, attend one of our events, or otherwise interact with us. This Policy also describes your choices regarding use, access, deletion, and correction of your personal information. By submitting your personal information to us, interacting with our website, or using our Services, you acknowledge and agree to the processing of your personal information as set out in this Policy. If you do not agree to this Policy, you should not use the Services or interact with our website.
If you use our Services as part of an entity or organisation that has an agreement with us (such as your employer), the terms of that organisation’s contract with us for the Services apply to our collection or use of your personal information through the Services and may restrict processing further than as set out in this Policy.
If you have questions about this Policy, or how we collect, use, or otherwise process your personal information, including the transfer or onward transfer of your personal information outside your jurisdiction of residence, please contact us at:
Privacy Officer, By Lawyers
privacy@ati-global.com For Australia and New Zealand: (62) 2 4858 0619
For United Kingdom and Ireland: (44) 845 683 2517
For Canada: (647) 259 4133
Mail: Level 8, 207 Kent Street Sydney NSW, Australia 2000
When you use or access our Services or otherwise interact with us, we may collect a variety of information about you that contains information that identifies you or may be combined with other information to identify you (your personal information). We may collect this personal information from you or others acting on your behalf (e.g. your employer), from third parties, or automatically through use of the Services.
| Information type | Purpose of Collection and Use | Legal basis |
|---|---|---|
| Information submitted to us via our website or in discussions about our Services including your name, email, phone number, and employer’s street address (Contact Data) and information about your firm or employer (employer name, phone number, practice area) | To communicate with you about the Services or events that we offer and to provide recommendations for products and services |
Legitimate interest (business development)
Performance of contract
Consent from the data subject (which may be withdrawn at any time) |
| Support information related to a request for assistance with the Services including Contact Data and usage information within the Services | To respond to support requests and improve the Services |
Performance of a contract
Legitimate interest (service improvement) |
| Event information including your disability, accessibility, or dietary requirements (that may include religious affiliation or health information) and Contact Data | To register you for events and accommodate disability, accessibility, or dietary requirements at events |
Legitimate interest (business development)
Consent from the data subject (which may be withdrawn at any time) |
| Payment information associated with an event or contract for the Services | Billing | Performance of a contract |
| Information about your role in a firm e.g., firm information, your Contact Data, billing rate, area of practice that is submitted to the Services by an administrator | To facilitate use of the Services | Performance of a contract |
| Information type | Purpose of Collection and Use | Legal basis |
|---|---|---|
| Event information from our event partners including Contact Data | To market relevant products and services | Legitimate interest (business development) |
| Information regarding your interaction with our campaigns, how you use our website, and how you interact with our communications e.g., emails through cookies and third-party analytics tools | To provide information that may be relevant to you, aimed at driving engagement | Legitimate interest (business development) |
| Deidentified data about how you use our Services |
Internal training and troubleshooting To report on usage of and to improve the Services |
Legitimate interest (service improvement) |
| Information from our existing clients, partners, or users including Contact Data | To market relevant products and services | Legitimate interest (business development) |
| Information that is publicly available about you e.g., LinkedIn | To market relevant products and services | Publicly available information Legitimate interest (business development) |
| Information type | Purpose of Collection and Use | Legal basis |
|---|---|---|
| Information about usage of our Services that may include IP addresses and Contact Data from automatic logging services | Security and / or support investigations and improvement of the Services |
Compliance with legal obligation
Performance of contract |
| Information submitted to or stored within the Services or transferred to the Services by an integration partner such as matter information and files that may incidentally include sensitive data including copies of identification documents | To facilitate use of the Services and support investigations and improvement of the Services | Performance of contract |
| Device data when you use one of our applications | To understand usage of the Services and make improvements |
Legitimate interest (Service improvement) |
For more information about our use of cookies and tracking technologies, please see our Cookie Notice.
Where permitted by applicable law and our obligations in contracts with our clients, we may aggregate your non-personally identifiable data and use this data to analyse or improve our Services.
When we act as a data processor or service provider on behalf of our clients, we will process personal information in compliance with the instructions of the client, who acts as data controller of such personal information.
Where permitted by applicable law, we share your personal information for third parties to deliver the Services or in our legitimate interest. These third parties include:
We may disclose personal information to regulatory authorities and other third parties to comply with a regulatory or legal obligation, to enforce our rights, or where we have a good faith belief that it is necessary for the protection of a legitimate or vital interest such as the safety of a person or property, to the extent permitted by applicable law.
We may update this Policy from time to time for reasons such as operational or regulatory changes. If we make any changes, we will notify you by posting the revised Policy on this page, revising the Effective Date at the top of this Policy and, in some cases, we may provide you with additional notice such as within our Services or by sending an email. We encourage you to review our Policy regularly for any changes.
Our website and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If you become aware that an individual under the age of 18 has provided us with personal information, please contact us using the contact details contained in the Contact Us section at the beginning of this Policy. If we become aware that an individual under the age of 18 has provided us with personal information, we will take steps to delete such information. We may process the personal information of children in the course of delivering Services when information is provided by a user of the Services.
Our Service is hosted and operated in Australia, Canada, Ireland, New Zealand and the United Kingdom, through By Lawyers and our service providers. By using our Services you acknowledge that your personal information may be accessed by us or transferred to us in those jurisdictions, and accessed by or transferred to our personnel, affiliates, partners, and service providers who are located around the world.
As required by applicable laws, we take appropriate measures to ensure adequate protection of your personal information when it is transferred internationally and, if necessary, seek your prior consent. For example, if you are located in the European Economic Area (EEA), when we transfer personal information to a third party in a country located outside the EEA that is not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission (SCCs), to safeguard such personal information.
When we transfer your personal information from By Lawyers entities in the UK or EEA and By Lawyers entities located elsewhere, we rely on adequacy findings by the European Commission or the Intercompany Data Transfer Agreement to ensure the adequate level of protection.
Please note that your personal information may be subject to the laws of the jurisdiction in which you or your personal information are situated.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure of personal information we have put in place suitable physical, electronic, and managerial procedures to ensure the security of personal information we hold and process. Some examples of the measures we take include:
For more information about the technical and organisational measures we take to protect the information we process, please see our global parent’s Security Policy.
However, the internet is not a secure environment and we cannot warrant that the personal information you share will be completely secure. When you share personal information with us, you do so at your own risk and we recommend that you take security precautions to protect your personal information on the internet. It is your responsibility to keep your password to our Services safe. You should notify us as soon as possible using the Contact Us section at the beginning of this Policy if you become aware of any misuse of your password, or compromise of the security of the Services, and immediately change your password within the Services.
When you cease engaging with us or using the Services, we will store your personal information in identifiable form for the period permitted by applicable laws while we have a legitimate purpose for doing so.
Our website may contain links to other websites of interest. You should note that we do not have any control over external websites or their privacy procedures. You should exercise caution and review the privacy statement of any website before providing your personal information.
When you use a third-party application within our Services, you are responsible for any transfers of data (including personal information) to those applications. We have no control over, and take no responsibility for, the privacy practices or content of these applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.
You have the option to not share information with us. If you choose not to share your personal information with us this may mean you are unable to create a user account or take advantage of some features in our Services. Please note, some information may still be collected about you automatically through your use of our Services.
For personal information that we process on behalf of our clients, we do so on the instructions of the client as a controller. If we process your information on behalf of a client and you wish to exercise any of your data protection rights under applicable law, please contact the relevant client directly.
You may have rights under data protection laws in relation to the personal information we hold about you, depending on which laws are applicable (e.g. the European General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018) such as:
To submit a request or complaint regarding our processing of your personal information, please contact us via the details outlined in Contact Us above.
For us to facilitate your request, please ensure that your request specifies the type of request in the subject line and contains the information we need to investigate the request. We may require additional information from you to verify your identity or understand your request before providing additional information or actioning your request.
We will grant your request to exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law and in accordance with the timeframes (if any) in that applicable law.
You can opt-out of receiving certain marketing communications from us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting us using the details contained in the Contact Us section. We may continue to send you non-promotional communications, such as service-related emails, billing information, and certain product updates via email.
If you believe that we have not complied with our obligations under this Policy or applicable data protection law, please contact us via the details outlined in the Contact Us section above.
We would appreciate the opportunity to help you resolve any concerns you may have regarding our processing of your personal information, but if we are unable to assist you with your issue or you wish to make a complaint, you may have the right to make a complaint to an authority responsible for data protection in your jurisdiction.