Hopp til innhold

This policy was last updated on 2021-01-25

PocketLaws Privacy Policy

Why and for whom?

At Pocket Solutions AB org.nr (559169-9623) (" PocketLaw ", " we ", " us ", " our ") we care about personal integrity. This means that we respect and safeguard your privacy and the right to control and transparency in the processing of your Personal Data.

PocketLaw is responsible for Personal Data in relation to the Processes of Personal Data listed in this Privacy Policy (the " Policy "). The policy describes for what purposes we need your Personal Data, what legal basis we rely on and what measures we take to protect personal data. We also provide information on how you exercise the rights you have attached to our processing of your Personal Data.

We will also list our Personal Data Assistants so that you can feel 100% sure of where your Personal Data is stored and Processed.

The policy informs about our handling of Personal Data in cases where you communicate with us, use the Service or visit our website pocketlaw.se (together " Functions ").

This policy is aimed at:

  • Users of the Service
  • Employees of potential customers
  • Employees of existing customers
  • Visitors to our website

Definitions

Processing " of Personal Data is anything that can be done with a Personal Data, e.g. storage, modification, reading, handover, etc.

Applicable law " means the legislation applicable to the processing of Personal Data including the Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.

Personal information" is all kinds of information that can be linked to an identifiable, living person.

Personal data controller " is the company / organization that decides for what purposes and in what way the Personal Data shall be processed and thus is also responsible for the Personal Data being processed in accordance with Applicable Law.

Personal Data Assistant " is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Controller's instructions and applicable legislation.

Registered " means the living, natural person whose Personal Data is processed.

"The Service " means our web application (app.pocketlaw.se).

PocketLaw's personal data responsibility

The information in this Policy includes the Processes of Personal Data over which PocketLaw is the Person responsible for Personal Data, ie. the Processes for which we determine the purpose of (why a processing is done) and means for (in what way, what personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Personal Data Assistant - that is, when we process personal data on behalf of our customers.

PocketLaw provides a platform for companies to manage law. Users can, among other things: 1) have access to general legal information / guidance and find out their needs, 2) produce agreements and other documents, 3) upload and store agreements and other documents in a digital agreement management system, 4) be referred to an external lawyer for advice.

Our vision is that all companies should be able to handle and solve legal challenges themselves. We do this by creating a user-friendly platform where legal knowledge and expertise are made available through digitization and new technology.

PocketLaw's processing of personal data

We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to inform about:

  • Why the processing of personal data is necessary in relation to the purpose
  • What legal basis we have identified for the Treatment

Legal bases

Balance of interests - PocketLaw may process personal data if we have judged that there is a legitimate interest that outweighs the data subject's protection of personal privacy and whether the Processing is necessary for the purpose in question.

How long do we store your Personal Information?

We store your Personal Information for as long as is necessary for the purpose for which it was collected. Depending on the legal basis on which we support the treatment, this may a) follow from an agreement, b) be dependent on a valid consent, c) appear in legislation or d) follow from an internal assessment based on a balance of interests. In the list below, we indicate (to the extent possible) the period in which the Personal Data will be stored or the criteria used to determine the period.

Treatments

  1. Processing and the purpose of the processing: Register a user account to enable the customer's employees to log in and gain access to the Service.

    Personal information: Name, e-mail address, company.

    Source: Directly from the Registered

    Legal basis: The legitimate interest in providing the Service in accordance with the agreement with the customer.

    Period of storage: As long as the registered person has access to a user account linked to a customer.

  2. Processing and the purpose of the Processing: Register a user account linked to a test account to enable the customer's employees to log in and test the Service.

    Personal information: Name, e-mail address, company.

    Source: Directly from the Registered

    Legal basis: The legitimate interest in presenting the Service for the purpose of converting the customer into a paying customer.

    Period of storage: One year from the time the user linked to the test account was created.

  3. Treatment and the Purpose of Treatment: Verify user credentials to increase security and prevent abuse.

    Personal information: Name, e-mail address.

    Source: Directly from the Registered.

    Legal basis: The legitimate interest in verifying the user's identity in order to increase security and avoid misuse of the Service.

    Period of storage: As long as the Registered Party has access to a user account linked to a customer.

  4. Treatment and the purpose of the Treatment: Communicate in order to effectively help customers with any problems (customer support) and provide relevant information about the Service.

    Personal information: Name, e-mail address, telephone number, company.

    Source: Directly from the Registered.

    Legal basis: The legitimate interest in The The legitimate interest in providing the Service in accordance with the agreement with the customer and increasing and maintaining customer satisfaction.

    Period of storage: As long as the Registered Party has access to a user account linked to a customer.

  5. Treatment and the purpose of the Treatment: Marketing and information initiatives with the aim of arousing and maintaining potential customers' interest in the Service.

    Personal information: Name, e-mail address, telephone number, company.

    Source: Direct from the Registered and sourcing from publicly available sources (LinkedIn, potential customers' websites, etc.) and from third parties.

    Legal basis: The legitimate interest in increasing sales and conducting our business.

    Period of storage: Two years or until the Registered person registers for mailing by e-mail.

  6. Treatment and the purpose of the Treatment: Marketing and information initiatives aimed at retaining and upgrading existing customers.

    Personal information: Name, e-mail address, telephone number, company.

    Source: Directly from the Registered.

    Legal basis: The legitimate interest in creating a long-term customer relationship where we provide value for the customer over time.

    Period of storage: As long as the Registered Party has access to a user account linked to a customer or until the Registered Party registers for mailing.

  7. Processing and the purpose of the Processing: Collection (sourcing) of contact information to potential customers.

    Personal information: Name, e-mail address, telephone number, company.

    Source: Sourcing from publicly available sources (LinkedIn, potential customers' websites, etc.) and from third parties.

    Legal basis: The legitimate interest in increasing sales and conducting our business.

    Period of storage: Three months.

  8. Processing and the purpose of the Processing: Save information about the Registered who have unsubscribed from information mailings to avoid sending similar unwanted e-mails in the future.

    Personal information: E-mail address.

    Source: Directly from the Registered.

    Legal basis: The legitimate interest in complying with applicable law and meeting the wishes of the data subject.

    Period of storage: Two years.

  9. Treatment and the purpose of the Treatment: Compile statistics and analyzes to be able to improve the Service and the user experience and for business purposes.

    Personal information: E-mail address, IP address, browser.

    Source: Internally generated.

    Legal basis: The legitimate interest in improving and developing the Service.

    Period of storage: 7 days.

Your rights

You are the one who decides over your Personal Information. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access - You always have the right to receive information about the Personal Data Processes that concern you. We only disclose information if we have been able to ensure that you are in fact asking for the information.

Correction - If you discover that the Personal Data we process if you are not correct, get in touch and we will fix it!

Deletion - Do you want us to forget you completely? You have the right to request deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your information in accordance with law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then we make sure that the data is deleted as soon as possible.

Objection - Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting your privacy? No danger - in that case, we review our balance of interests and check that it still holds. We of course consider your objection when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Information at once without reviewing our assessment.

Restriction - You can also ask us to limit our Processing of your data:

  • While we are handling a request from you for any of your other rights
  • If, instead of requesting deletion, you want us to mark that the data should not be processed for a specific purpose. If you e.g. do not want us to send you advertising in the future, we still need to save your name to know that we will not contact you
  • In cases where we no longer need the data for the purpose for which it was collected; provided that you have no interest in us retaining the information in order to be able to assert a legal claim.

Data portability - We can give you the information you have provided to us or that we have received from you in connection with the conclusion of an agreement with you. You receive your information in a commonly used and machine-readable format which you can then take with you to another Personal Data Officer.

Withdrawal of consent - If you have consented to one or more specific processing (s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only revoke your consent for future Processing (s) of Personal Data and not for any Processing that has already taken place.

How to use your rights

Send an e-mail to legal@pocketlaw.se and we will help you take advantage of your rights.

Transfer of Personal Data

In order to run our business, we may need the help of others who process Personal Data on our behalf, so-called Personal Data Assistants.

In cases where our Personal Data Assistants transfer the Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal in accordance with applicable law by one of the following requirements being met:

  • there is a decision by the European Commission that the country ensures an adequate level of protection;
  • application of the European Commission's standard contractual clauses for third country transfers; or
  • other appropriate safeguards that comply with applicable law.

We have entered into a personal data assistant agreement (PUB agreement) with all our Personal Data Assistants. The PUB agreement regulates how the Personal Data Assistant may process the Personal Data and what security measures are required for the processing of personal data.

We may also need to provide your Personal Information to certain designated authorities in order to fulfill obligations under law or government decision.

Our Personal Data Assistants

  1. Personal Data Assistant : Auth0

    Personal data processed: E-mail address, name, IP address, password.

    Instructions: Auth0 is a trusted authentication and authorization provider that helps us securely collect, store and manage sensitive user data as passwords.

  2. Personal data assistant : Sendgrid

    Personal data processed: E-mail address, name.

    Instructions: Sendgrid helps us to communicate with our customers by sending out automatic e-mail linked to the use of the Service.

  3. Personal Data Assistant : Google (GSuite)

    Personal data that is processed: E-mail address, name, company and other information that arises through communication.

    Instructions: We use GSuite as an email provider.

  4. Personal data assistant : Cloudflare

    Personal data processed: IP address.

    Instructions: Cloudflare is our first line of defense against malicious software. It provides secure certification for all our services and protects us from DDoS attacks.

  5. Personal Data Assistant: Amazon Web Services (AWS)

    Personal data processed: E-mail address, name, telephone number, company.

    Instructions: AWS is the largest and most secure cloud infrastructure provider and it is therefore natural for us to use them for handling and storing our application information.

  6. Personal data assistant : Hubspot

    Personal data processed: E-mail address, name, company, telephone number.

    Instructions: We use Hubspot as a customer management system (CRM). Through Hubspot, we can create and share marketing, customer service and sales content. We can also organize our sales data (leads, customers, offers, etc.). We also use it to track ads in order to collect data on their effectiveness.

  7. Personal data assistant: Sumo Logic

    Personal data processed: E-mail address, IP address, browser.

    Instructions: We use Sumo Logic for statistics and analysis, e.g. number of logins per user and from which country they use the Service.

Transfer of Personal Data to another Personal Data Manager

When our customers request "Legal support", they are referred to one of our partners. To streamline the process regarding Know Your Customer (KYC) and conflicts of interest, we collect personal data on behalf of our partner.

For more information on what this means, see the current partner's privacy policy.

Security

PocketLaw has taken technical and organizational measures to ensure that your personal data is processed securely and that it is protected from loss, misuse and unauthorized or unauthorized access.

Our security measures

Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:

  • Internal governing documents (policies / instructions)
  • Information security policy
  • Physical security (premises etc.)

Technical safety measures are measures that are implemented through technical solutions. Our technical safety measures are:

  • Encryption
  • Access list
  • Access log
  • Secure network
  • Regular security level check
  • Two-step verification
  • Password management software for all passwords

Cookies

PocketLaw uses cookies and similar tracking techniques to e.g. analyze how Functions are used so that we can give you the absolute best user experience. More information about how we use cookies can be found in our Cookie Policy (pocketlaw.se/cookies).

If we do not keep our promises

If you feel that we process your Personal Data incorrectly, even after you have notified us of this, you always have the right to submit your complaint to the Privacy Protection Authority.

More information about our obligations and your rights can be found at https://www.imy.se/. You can also contact the Privacy Protection Authority at imy@imy.se .

Changes to this policy

We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you of the changes in advance so that you are given the opportunity to take a position on the updated policy.

Contact

Contact us if you have questions about your rights or if you have any other questions about how we process your personal data:

legal@pocketlaw.se