Select Legal Systems Limited is a specialist provider of software to law firms (and sometimes other types of organisation). In this capacity we collect, process and store personal data on behalf of our clients, our employees and our suppliers/business associates. We are committed to General Data Protection Regulation (GDPR) compliance and the purpose of this privacy notice is to communicate how and why we collect, process and store personal data. It also provides instructions and the appropriate contact information should you wish to exercise any of your data processing rights under GDPR.
Select Legal Systems Limited realises the importance of providing you with a clear and honest explanation of what personal information we collect from you, how we use it, where we store it and for how long, whether or not we share your information with anyone else and what rights you have over your personal information.
To be clear, personal data is any type of data from which someone else would be able to identify you as an individual.
- There are Six Lawful Bases for Processing
- What is the Legal Bases Under Which We Process Personal Data
- How We Process Personal Data
- How Do We Collect Your Personal Information
- Legitimate Interest Assessment (LIA)
- Data Storage and Security
- How Long Do We Keep Hold of Your Personal Data
- Do We Share or Disclose Your Personal Information
- Your Rights Under GDPR
- Google Analytics
- Website Cookies
- Complaints Procedure
- Our Contact Details
There Are Six Lawful Bases For Processing
Under the GDPR there are six lawful bases for processing personal data, described by the Information Commissioners Office (ICO) the UK regulator responsible for enforcing GDPR in this country, as follows:
• Consent – the individual has given clear consent for you to process their personal data for a specific purpose.
• Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
• Legal Obligation – the processing is necessary for you to comply with the law (not including contractual obligations).
• Vital Interests – the processing is necessary to protect someone’s life.
• Public Task – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
• Legitimate Interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Further information regarding the lawful bases for processing personal data can be found at ico.org.uk
What Is The Legal Bases Under Which We Process Personal Data
We have assessed all six grounds for the lawful processing of personal data and have chosen the following as the most suitable bases for the processing of all of the different types of personal data for the various activities we perform.
Select Legal Systems Limited will process the personal data required from clients, employees, and suppliers/business associates in order to fulfil the terms of our contracts with them under the legal basis of ‘contract’ under GDPR e.g. to deliver software and related services to clients, to employ our employees, to commission products and services from our suppliers and business associates relating to the delivery of our software and services to our clients, or to run the Select Legal Systems business.
We will only ever collect, process and store the essential information required for delivering the contract and for making contact with the data subjects that have a contract with Select Legal Systems. The personal data we collect is typically contact details, business / employee / supplier contractual details, social profiles (e.g. LinkedIn), sometimes IP address and other relevant data that enables us to fulfill our side of the contract. We will never collect further personal data such as those classed under ‘sensitive or special category personal data’ from clients and suppliers, and we will only record sensitive or special category personal data when freely given to us by employees. All data is stored securely following best practice under the terms of our ISO 27001 : 2013 certification – for data security management.
Any data subject wishing to exercise any of their privacy rights under GDPR should forward requests to email@example.com.
• Legitimate Interests
Select Legal Systems Limited collects, processes and stores data relating to businesses (primarily law firms) and decision makers at those firms. This includes the personal data of our clients, prospective clients, former clients, and target organisations we would like to do business with. We process this data under the legal basis under GDPR of ‘legitimate interests’ as we believe that the individuals that we process the data of, are likely to have an interest in our LAWFUSION software system and related services. Deemed as ‘Legitimate Interest’ this is based upon specific criteria including the sector, size of firm as well as the individual’s job function within the firm.
We will only ever collect, process and store the essential information required for making contact with the data subjects within a business environment. The personal data we collect is typically first name, last name, email address, law firm name, business address, job function, IT software history of the firm, their requirements for new software and services, social profiles (e.g. LinkedIn) as well as business IP address. We will never collect further personal data such as those classed under ‘Sensitive Personal Data’.
We also keep our employees up-to-date by processing their data for internal marketing purposes re product development, business progress, related services and relevant industry news under the grounds of ‘legitimate interest’.
From time to time, we also keep our suppliers / business associates up-to-date by processing their data with product development, business progress and related services and industry news, under the legal grounds of ‘legitimate interest’.
Messages from Select Legal Systems Limited could be delivered via email, social media, via telephone or any other business to business (B2B) marketing methods that may be relevant.
All our data subjects have the right to object from any method of correspondence at any time by contacting us via post, email, telephone or by using the unsubscribe link we include on every marketing and sales email. The best email address to use for this purpose is firstname.lastname@example.org, but full contact details are at the foot of this privacy notice.
• Legal obligation
We will use personal information where we have to comply with the law e.g. we have to provide information to HMRC etc.
How We Process Personal Data
Select Legal Systems takes your privacy seriously and we will only use your personal business data in the following ways:
• We process data belonging to our clients, in order to deliver our LAWFUSION software, and related services, primarily to law firms, sometimes to other types of organisation.
• We process data for sales and marketing purposes belonging to clients, former clients, prospective clients and target organisations we would like to do business with, regarding our company, our legal practice management system LAWFUSION, and related services, and related industry news and opinions.
• We process supplier data and business associate data in order to deliver our LAWFUSION software, and related services, primarily to law firms, sometimes to other types of organization.
• We process employee and prospective employee data in order to recruit, employ, pay and retain/develop our workforce.
• We process business contact enquiries to fulfil requests for certain services and information.
• We process business contact data to carry out our obligations arising from any contracts we enter into with you.
• We process business contact data to process payment from you.
• We process business contact data to request feedback from you on the services we provide.
• We process business contact data to notify you of changes to our products and services.
• We process employee personal information to comply with the law.
Should you choose to withhold your personal information when we require it, we may not be able to provide you with the services you have requested.
How Do We Collect Your Personal Information?
At Select Legal Systems we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. If you have received correspondence from us, we will have procured your data in one of the following ways:
• You have requested information from Select Legal Systems Limited on a previous occasion.
• Someone has sent us your e-mail address requesting information about our products / services and articles be sent to you.
• You or someone else has expressly shared your contact details with us for the purpose of receiving information now and/or in the future.
• We have previously met face-to-face at an event and your business card or contact details were handed to us willingly.
• You or a business colleague has visited our website and we believe that there is a genuine legitimate interest in our services.
• You have previously connected with a member of our team via social media and discussed our product/services.
• A member of our team has found your business and your contact details online, believing that your business would genuinely be interested in the LAWFUSION system, and related services, based upon your job function aligning with our typical prospective customer criteria they have made contact to introduce you to our product.
• Your data has been purchased by a registered third party data supplier, which will have been segmented by industry, organisation size and job function based upon our typical customer profiles. (Due diligence checks around GDPR compliance will have been conducted accordingly).
• We also collect information from you when you voluntarily complete customer feedback surveys.
• We also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the pages on our Website you visited.
Legitimate Interest Assessment (LIA)
Select Legal Systems has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding Select Legal Systems and LAWFUSION and that in no way would a data subject be caused harm by our correspondence.
Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, we believe that any individual that receives correspondence from Select Legal Systems in a direct marketing or sales capacity, could be legitimately interested in the LAWFUSION system and related services.
It is also deemed that direct marketing and sales is necessary in the context of promoting LAWFUSION to professionals in law firms in order to increase awareness of software in the marketplace.
As per the ICO guidance, Select Legal Systems can confirm:
• We have checked that legitimate interests is the most appropriate basis for processing data for the purposes of sending marketing and sales messages to our clients, prospective clients, former clients and target organisations we wish to do business with.
• We understand our responsibility to protect the individual’s interests.
• We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
• We have identified the relevant legitimate interests.
• We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
• We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
• We only use individuals’ data in ways they would reasonably expect.
• We are not using people’s data in ways they would find intrusive or which could cause them harm.
• We do not process the data of children.
• We have considered safeguards to reduce the impact where possible.
• We will always ensure there is an opt-out / ability to object.
• Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA.
• We keep our LIA under review every six months, and will repeat it if circumstances change.
Select Legal Systems Limited has a dedicated marketing/sales team that leads on the validity and quality of the data contained within our CRM system. However, all members of staff use the system and are all responsible for continually cleansing the data held within the CRM system. Any records found to be out of date are amended or placed into a deletion queue which is regularly executed.
Data Storage and Security
All data held by Select Legal Systems is processed and stored in the UK within a secure environment.
We are committed to making sure that your personal information is kept secure. In order to prevent unauthorised access or disclosure and to protect against loss we use up-to-date industry procedures to keep personally identifiable information as safe and secure as possible.
We store your personal information on our own managed servers all based in the UK and in some instances with third party cloud service providers, depending on the services contracted by our individuals clients.
We are ISO 27001:2013 security certified at company level and also at our data centre. ISO 27001 is the international standard that stipulates best practice for information security management. Achieving certification demonstrates that Select Legal Systems Limited, the company responsible for developing and supporting the popular legal practice management system – LAWFUSION – is following information security best practice to ensure its own data and the data it handles on behalf of clients are adequately protected. The certification process is extensive aiming to improve information security considerably and relies on regular assessments enabling the company to significantly reduce the risk of security breach situations.
Select Legal Systems Limited is also cyber essentials accredited. Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security for organisations. The scheme is designed to prevent cyber attacks.
How Long Do We Keep Hold of Your Personal Data?
Client Data: we hold client contract data, correspondence and contact details on our CRM system through the period of the contract, and after the contract ends for at least 7 years. The reasons for retaining the data are so that we have accurate business records of the business relationship should the client decide to return to Select Legal systems as a client in the future, for marketing purposes under the grounds of ‘legitimate interests’ to keep the client / former client informed of progress and news about Select Legal Systems, LAWFUSION and relevant industry news, and for analytical and statistical business planning purposes. Depending on individual circumstances the data will either continue to be processed for these reasons, or it will be obfuscated and no longer processed in line with the client / former clients wishes re their rights under GDPR. The client can make a request to exercise their rights under GDPR at any time by emailing email@example.com including their right to restrict processing.
Prospective Client /Target Organisations’ Data: For prospective clients and organisations we wish to do business with, we hold contact details for marketing purposes under the legal basis of GDPR of ‘legitimate interests’ – we are continually adding, updating and keeping this data accurate, and once added to our CRM system we keep this data indefinitely, unless the data subject asks for it to be obfuscated or removed in line with their rights under GDPR.
Employee Data: we hold employee and perspective employee data on our HR system. We hold this data for the purposes of recruitment and employment. We hold the data of successful candidates as long as their employment contract lasts with Select Legal Systems and for 6 years following their departure. For unsuccessful candidates we hold personal data for 2 years so that we can have accurate business records for efficient recruitment processes. e.g. so that we do not process an unsuccessful candidate for the same type of role more than once etc.
Supplier / Business Associate Data: We hold the personal data of suppliers and business associates for as long as their contract with us to supply goods and services lasts. We may hold onto their details afterwards indefinitely in case we ever want to purchase products or services from them again in the future, including correspondence relating to the levels of product quality and service quality we had received from them.
Do We Share or Disclose Your Personal Information?
Select Legal Systems will not sell or rent your personal information to anyone. All the personal information we hold about you will be processed by our staff in the United Kingdom. We will send personal information about you to other companies or people only when:
• we have your consent to share the information.
• we need to share your information to provide the LAWFUSION software and related services you have requested.
• we need to send the information to companies who work on behalf of Select Legal Systems to provide a product or service to you (unless we tell you differently, these companies do not have any right to use the personal information we provide to them beyond what is necessary to assist us). E.g. We may also store personal information with third party cloud service providers depending on the services we are contracted to deliver to you.
• we respond to subpoenas, court orders or legal process.
Client personal data will not be transferred outside of the UK or the European Economic Area.
Your Rights Under GDPR
You have the following rights under GDPR. If you would like to exercise any of them you should send your Subject Access Request to firstname.lastname@example.org or write to us using our contact details at the foot of this privacy notice. Please ensure that you provide as much detail as possible about the personal information you wish to see/change etc. and provide necessary proof of identification to enable us to deal with your request promptly.
• The right to be informed
If we hold your personal data you have the right to be informed about the collection and use of it. This privacy notice is designed to fulfil our obligation under GDPR to keep you informed. In line with guidance from the ICO we have made every effort to ensure this privacy notice is concise, transparent, intelligible, easily accessible, and it must use clear and plain language. If you have any questions about any aspect of this privacy notice please contact us at email@example.com or contact us via the details at the foot of this privacy notice. For more detail about the right to be informed, please visit the ICO website here.
• The right of access
You have a right to access your personal information by making a ‘Subject Access Request’ to Select Legal Systems (via firstname.lastname@example.org) at any time if you wish to see what personal information we hold about you and how we are using it so you can be satisfied it is being processed lawfully. You can ask for copies of this information and we will usually provide it free of charge and within one month of the date we receive your request (unless there are exceptional circumstances when we may then charge a reasonable fee to cover administrative charges or advise you that we require longer to deal with your request).
• The right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. If you believe the personal data we hold about you is incorrect, please let us know on email@example.com, and we will respond to the request within one month. For more information about the right to rectification please visit the ICO website here.
• The right to erasure
It is important to understand the difference between a right to object and a request for deletion. If you make a request for deletion, we will remove any data we hold about you from the Select Legal Systems CRM system. If you are removed from our system, there is a risk that your data may be processed again in the future if your details are re-added to our CRM system by a member of our marketing or sales team who genuinely believes that your firm would have a legitimate interest in LAWFUSION and related services. If you do not wish for us to contact you again about LAWFUSION, we would recommend you ‘request to object’ or to ‘restrict processing’ rather than a request deletion, as these alternative bases will ensure that your details are no longer processed.
The option however is yours, and whichever option you choose we will process your request within 30 days. For more information about the right to erasure please visit the ICO website here.
• The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. When processing is restricted, Select Legal Systems will store the personal data, but not use it. Requests for restricting processing will be dealt with within one month of receiving the request. For more information about the right to restrict processing please visit the ICO website here.
• The right to data portability
Under GDPR Select Legal Systems are expected to provide clients with their personal data in a structured, commonly used and machine readable format, e.g. as CSV files. However, we are not required to adopt or maintain processing systems that are technically compatible with other organisations. The data itself must be provided free of charge, however as a processor we have the right to charge the data controller for our time spent making the data available. The fee for this will be agreed between ourselves and our clients on an order by order basis depending on the amount of work involved.
• The right to object
Our business contacts have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. In all correspondence with you we will give you the right to object from receiving further correspondence from Select Legal Systems. On any emails you receive from us there will be the option to ‘unsubscribe’ from receiving any further email correspondence. If you receive a telephone call from us, you have the right to request not to receive any further calls. Select Legal Systems Limited has a companywide CRM system, your request to object will be logged within our CRM system to ensure that you do not receive any further correspondence or calls.
To exercise your right to object, please email us at firstname.lastname@example.org or contact us via our contact details at the foot of this privacy notice. For more information about the right to object please visit the ICO website here.
• Rights in relation to automated decision making and profiling.
Under GDPR individuals have rights in relation to automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Select Legal Systems Limited do not carry out automated decision making or profiling. For more information about this right please visit the ICO website here.
When someone visits our websites using a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We cannot see the identities of those visiting our website via the Google Analytics tool. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Please note that cookies cannot harm your computer.
We do use encrypted information gathered from cookies to help us improve your experience of the Website, to help us improve our Website and to help us resolve any issues. The cookies we use do not collect or use personal information which means we cannot identify web visitors as individuals.
To find out more about cookies and how to manage them, you may find the following links useful. www.aboutcookies.org or www.allaboutcookies.org.
If you wish to lodge a complaint regarding how we have handled your personal data or dealt with your request to exercise any of your rights please email us at email@example.com or telephone 01482 567601.
We will endeavour to deal with your complaint at the earliest opportunity. If you are not satisfied with our response or you believe we are not processing your personal information in accordance with current data protection legislation you can complain to the Information Commissioners Office.
Our Contact Details
Select Legal Systems Limited
Telephone: 01482 567601