Privacy policy

Personal data and Privacy Policy


1.1. DATALEX, LDA., as a Service provider, guarantees to the Customer and User that it employs all technical, human and legal means in order to guarantee the privacy, confidentiality and security of the data entered in the User´s account, including their personal data, as well as those relating to its customers and business partners. However, DATALEX, LDA. cannot be held responsible for the acts of third parties.

1.2. This section aims to clarify when, why and how DATALEX, LDA processes the personal data of website visitors, as well as those who contact the company or purchase any service, including dataLEX, from that company. The privacy policy also aims to define the conditions under which DATALEX, LDA may disclose information to third parties and how to keep it safe.

1.3. As a general rule, DATALEX, LDA:

a) It will never sell the personal data of customers, or anyone who has contacted it.

b) You will never share, for a fee or free of charge, personal data with third parties for marketing purposes.

c) Will keep personal data secure by using strong encryption, complying with data protection rules and implementing good security practices.

1.4. DATALEX, LTD. will provide the User account data in the event that the Client or User violates the terms and conditions of use of the service in such a way that it is necessary to trigger judicial mechanisms of civil, administrative or criminal liability or if it is notified or subpoenaed in court for this purpose.

1.5. This policy (together with our terms of use Terms and Conditions below and any other documents mentioned in it) establishes the basis on which any personal data that DATALEX, LDA. collects or is provided to it, and which it processes.

1.6. According to the General Data Protection Regulation (GDPR), the data controller is DATALEX - Legal Tech Solutions, Lda., a private limited company with a unique registration number and tax identification number 515494941, registered at the Porto Commercial Registry Office, headquartered at Avenida do Atlântico, 16 Panoramic Building - 12.11, Parque das Nações, 1990 - 019 Lisbon, Portugal.


When does DATALEX, LDA collect personal data?

1.7. DATALEX, LTD. can collect personal data in the following ways:

a) on any filling out forms of the Sites or the Service which includes information provided at the time of registering to use the Site or the Service, subscribing to any of the services, posting material or soliciting others services. Personal data may also be requested when technical problems with the Site or dataLEX are reported;

b) or the Site;

c) Direct contact via email Subscribing to and using the Service, including but not limited to traffic data, location data and other communication data necessary for security, diagnostics, authentication and billing.


What personal data does DATALEX, LDA collect?

1.8. When visiting and browsing the site, the following information is collected:

a) IP address

b) Location (by IP region)

1.9. When using the Service, the following information is collected

a) Name

b) Address

c) email address

d) phone numbers

e) Registration number with the Bar Association

f) IP address

g) Payment details

h) NIF/NUIPC

i) Other data of a confidential nature introduced by the Customer when using the Service.


Where DATALEX, LDA. store and process personal data?

1.10. The collected data are stored in dedicated services located in the European Economic Area (EEA) partners of DATALEX, LDA, or by entities that, not being located in that region, guarantee that the data, regardless of where they are processed, are treated safely and in a safe way. in accordance with this privacy policy and the GDPR.


How data is protected personal?

1.11. DATALEX, LTD. acknowledges that part of the information contained in the service is likely to be part of number 3 of article 92 of the Statute of the Bar Association, approved by Law no. 145/2015, of 9 September (Statute); In this case, DATALEX, LDA. undertakes that all information contained of the databases that are confidential information for the purposes of that regulation, will be accessed exclusively by lawyer(s) registered with the Bar Association, or by technicians covered by the same duty of confidentiality, under the terms of number 7 of the aforementioned article. In this sense, DATALEX, LDA. treats all data with the utmost care and takes appropriate measures in accordance with data protection regulations to ensure that they are kept secure, namely:

a) All data collected is done through encrypted connections (https);

b) All data is stored through state-of-the-art firewalls managed by security teams;

c) All data is controlled by access to ISO27001 standards;

d) All systems that store personal data have an access record;

e) All passwords are encrypted;

f) All systems are subject to regular penetration testing and are monitored for vulnerabilities and attacks;

g) All systems are equipped with backup and disaster recovery mechanisms.


Use of data personal

1.12. DATALEX, LTD. use the information held for the following purposes:

a) Verify the identity of the entities that contact DATALEX, LDA.;

b) Customer;

c) Provide the services subscribed to by the Fulfill the obligations arising from any contracts entered into, including licensing;

d) Ensure that the content of the website or the Service is presented in the most effective way for the device of the recipients of the same;

e) Provide information or services that are requested, provided that you have consented to being contacted;

f) services, Terms and Conditions of use or Privacy Policy;

g) custom;

h) Notify about changes to display ads Prevent fraud;

i) Detect, prevent and diagnose potential security breaches.


Legal basis for collection and processing of personal data

1.13. Data protection law sets out the conditions under which personal data may be retained and the basis for collection and processing.

1.14. The law requires that they be collected and processed data for certain purposes, such as to maintain financial records (such as invoicing) and to respond to requests for data by legal authorities.


Contractual obligations

1.15. When the Service is purchased, DATALEX, LDA. needs to obtain personal data to fulfill contractual and legal obligations, such as managing and billing the account, contacting for technical support purposes.


Legitimate interest

1.16. Data is collected under legitimate interest in a way that is reasonably expected for the normal functioning of the Site and the Service. For this purpose, IP addresses, actions within the service and access log are collected and recorded to ensure traceability and protection and security against fraud, as well as to analyze the performance of the Service.


How long will personal data be retained?

1.17. Personal data will be kept for the duration of the license agreement and until it is no longer needed for the Service.

1.18. At the end of the retention period, the data will be deleted or anonymized so that it can no longer be associated with an individual.

1.19. The data provided will be kept for the duration of the contractual relationship and the period for which responsibility for the services provided may arise, such as: 10 years in relation to tax documentation (Article 130 of the IRC Code); 7 years with regard to the conservation duty established in the Law for the Prevention of Money Laundering and Terrorism Financing (Art. 51.º).


With whom DATALEX, LDA. share your personal data?

1.20. DATALEX, LTD. uses various third-party services for Service support features. Below is a list of companies with which data is shared. This list does not include services with which anonymous data is shared or which provide services on an ad-hoc basis, such as IT providers. All vendors below have been carefully screened to ensure they provide protections appropriate in accordance with the GDPR.

a) Amazon Web Services (AWS), Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, United States of America;

DATALEX, LDA. use the services AWS for dedicated infrastructure where the Service is installed and running and for cloud storage of files for customers who use the Service´s integrated document management system.

Privacy Policy: https://aws.amazon.com/pt/ compliance/gdpr-center/

b) Wildbit LLC, 1800 JFK Blvd., Suite 300, 96864, Philadelphia, PA 19103, United States of America;

b) Wildbit is the entity that owns the Service´s transactional message distribution system. Email addresses of notification recipients are shared.

Privacy policy: https://postmarkapp.com/eu-privacy

c) Stripe, Inc, 510 Townsend Street, San Francisco, CA 94103, United States of America

The Stripe service is used to provide secure credit and debit card processing services. If the customer chooses to pay for the Services via this method, card details, name, address and email will be transmitted to Stripe securely for payment processing and fraud prevention.

Privacy Policy: https://stripe.com/en-pt/privacy

d) Rupeal - Consulting and Software Development, Unipessoal Lda., Avenida Duque D´Ávila, Nº 46, 3º A 1050-083 Lisbon, Portugal.

Rupeal is the company that owns the billing software InvoiceXpress certificate, used by DATALEX, LDA. for that purpose. The personal data shared with the service in question are the name, tax address, postal code, tax identification number and e-mail.

Privacy Policy: https://www.invoicexpress.com/pt/politica-de-privacidade/

e) MindCoordinate, Lda. Avenida Sérgio Vieira de Mello, 19 6B, 1750-246, Lisbon, Portugal.

MindCoordinate is a company responsible for the development of the Service, as well as its maintenance and technical support. Within the scope of these attributions, you may have access to personal data, being assured, by contractual means, an NDA that binds the company to the fulfillment of the terms of this Privacy Policy.

1.21. DATALEX, LDA also uses Google Analytics to collect anonymous data about visitors to the site, such as how often they visit, what pages they visit, what time they visit, how long they stay and what country they are accessing from.

This data is collected using cookies and, starting from the IP address, the resulting statistics are used for the following purposes:

The) website performance;

b) marketing campaigns;

c) Improved usability and Monitoring the success of browsing behavior pattern analysis (UIX).

Visitors can prevent Google Analytics from collecting this information by installing the Google opt-out browser add-on: https:// tools.google.com/ dlpage/gaoptout


Customer rights DATALEX, LDA. GDPR

1.22. In accordance with the RGPD, DATALEX, LDA. You have several rights related to your personal data.


Right to Restrict data processing

1.23. The customers of DATALEX, LDA. may request that the processing of personal data be restricted where there is no legitimate interest for this purpose:

1.24. The right of restriction must be exercised by email addressed to dpo@datalex.pt.


Right of Access (to information)

1.25. At any time, customers may request information from DATALEX, LDA. about what personal data is held by the company.

1.26. DATALEX, LDA will request the applicant´s identity before processing any right of access request. Once the legitimacy of the request has been verified, the data will be provided within a maximum period of 28 (twenty-eight) days.

1.29. The request for access to this information should be addressed to dpo@datalex.pt.


Right of deletion

1.30. Also known as right of be forgotten, dataLEX Customers may request the definitive removal of all data that is managed and processed by DATALEX, LDA., without prejudice to the legal requirements in force, if the personal data is no longer necessary in relation to the purpose for which it was originally collected and processed.

1.31. The deletion request must be sent by email to the address dpo@datalex.pt.


Right of rectification

1.32. The GDPR grants the right to rectify any personal data that may be incorrect or incomplete.

1.33. DATALEX, LDA customers can update their own personal data through the customer area. However, if that is not enough, they may direct the request through the Service´s technical support.


Right to object

1.34. DATALEX, LDA customers have the right to object to the processing of their personal data when there is no legitimate or legal reason to do so.

1.35. The right to object must be exercised by email addressed to dpo@datalex.pt.


Right to data portability

1.36. DATALEX, LDA Customers may request the portability of their personal data contained in the Service by means of a written request addressed to the Service´s technical support or to the e-mail address dpo@datalex.pt.

1.37. In any of the above situations foreseen, if there is a rule or legally imposed contractual obligation that overrides these rights, DATALEX, LDA. may invoke the impossibility of executing the order, indicating the respective basis or rescind the contract for the provision of services and licensing due to the impossibility of providing the services object of the same due to the exercise of said rights, without the Customer having any right to compensation for the remaining period that may have already been paid.

1.38. Also in any of the indicated cases, DATALEX, LDA. will carry out the necessary operations to fulfill the request formulated without any additional charge for the Customers, but a fee may be applied when the request is manifestly unfounded or excessive, namely if it is repetitive.

1.39. DATALEX, LTD. knows and complies with the rules provided for the processing of personal data, which are currently provided for in Regulation (EU) 2016/679, of the European Parliament and of the Council of April 27, 2016 transposed into the Portuguese legal order by Law n.º 58/2019 , of August 8.

1.40. Any doubts and questions regarding this privacy policy can be sent to technical support at dpo@datalex.pt.

1.41. The contact details of the Data Protection are the following:

DATALEX Legal Tech Solutions - DPOD

Avenida do Atlântico, 16 - Building Panoramic - 12.11, Parque das Nações,

1990 - 019 Lisbon

Portugal

dpo@datalex.pt