We are the makers of the “Prose” suite of software products and services for the legal industry (“Prose”). We also operate our Websites. In connection with the supply of Prose and our Services, including but not limited to through our Website/s, we may collect a range of personally identifiable information that may be used to identify or contact you. This includes but is not limited to your first name and last name, email address, your job title, organisation and contact details such as phone number and postal address.
Once you sign up with us, if you have an active Prose account, then you may upload information to the Prose database (“Prose DB”) in Prose file format. We do not access information which you may upload to the Prose DB and so will not know whether that information includes Personal Information, unless you request that we access that information, or we are required to access that information to perform a contract with you or to comply with laws or regulations.
We collect Personal Information directly from you in a range of circumstances including when you:
You may choose not to provide your Personal Information to us at any time, but it may mean that we are unable to provide some of the Services to you as requested or to fulfil the purpose for which the information was requested.
When you visit our Website/s, we collect certain data that your browser sends whenever you visit the site (“Log Data”). This may include information such as your computer's Internet Protocol address, browser type, browser version, the pages of the website that you visit, the time and date of your visit, the time you spent on those pages and other statistics. We use the third-party web analytics service “Google Analytics” provided by Google, Inc. to collect, monitor and analyse this information and compile a report for us which helps us understand how people use our Website, but none of this information is personally identifiable information. You can find more information about how Google uses data when you access our Website here. Also, you can opt out of Google Analytics across websites you visit without impacting your ability to access our Website (https://tools.google.com/dlpage/gaoptout).
We use “cookies” to collect information about the use of our Websites. A “cookie” is a small text file which may contain an anonymous unique identifier, that is sent to your browser from a website and may be stored on your computer. A cookie does not identify you personally, but it does identify your computer. We may use a combination of persistent cookies (which remain on your hard drive for a certain period) and session ID cookies (which expire when you close your browser) to track and report on your overall site usage and to help us improve our Website and our Services. You can change your cookie settings through your browser, including whether your browser should accept or reject cookies. However, rejecting cookies may have a negative impact on the functionality and usability of the Website.
We use the third party online payments processing platform “Stripe” provided by Stripe, Inc. to process payments made for our Services. All billing information is encrypted before transmission to Stripe. Your payment card information is communicated directly from your browser to Stripe, so we never see your card details. We only store unique token identifiers that are required to manage your subscription to any software or Services that you have purchased from us and to identify any transactions made using Stripe.
We may use the Personal Information we collect for any of the following purposes:
Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our legal basis is consent, you have the right to withdraw consent any time.
It is important for the proper provision of our Services that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
We maintain organisational, technical and administrative measures designed to protect Personal Information within our organisation against unauthorised access, destruction, loss, alteration or misuse. Any transmissions to and from any server hosted by us is over an encrypted HTTPS connection.
The security of your Personal Information is important to us, but please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable precautions to protect your Personal Information, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
We only disclose the Personal Information we hold where legitimately permitted to do so. This may include sharing your Personal Information with our service providers who assist us in providing our Services, or in connection with a merger, reorganisation or sale, or in the event of insolvency, or where required to comply with a law or regulation.
All Document Modelling servers are in Australia however we may use third party service providers located outside Australia to assist us in the provision of our Services. If you are a Prose customer, any Personal Information that you upload into the Prose database may be stored by Amazon Web Services, Inc. servers located in Australia or the United States. Amazon Web Services, Inc is part of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Therefore, if you are a customer in the EEA, then the processing of your Personal Information may involve transfers of data outside of the EEA to our servers located in Australia and/or servers hosted by Amazon Web Services in Australia and/or the United States.
We will only keep your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your Personal Information or restrict the processing of it. There are certain rules around when you can exercise this right depending on the privacy jurisdiction and privacy laws applicable to you.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You may ask us to provide you with access to your Personal Information or a copy of your Personal Information in a common format (e.g. a txt or json file). Also, you may ask us to update or correct any Personal Information about you that may be inaccurate or incomplete. You can do this by emailing our Privacy Officer at firstname.lastname@example.org.
If you have a privacy enquiry or would like to exercise any of your privacy rights, or wish to make a complaint about how we have handled your Personal Information, please email our Privacy Officer at email@example.com.
We try to respond to all privacy related correspondence within one week of receipt, however we may require longer to handle your request depending on its nature and complexity in which case we will notify you and keep you updated.
If the General Data Protection Regulation applies to you then you have the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to address your concerns and so request that you first notify us of your complaint before approaching the ICO.
In Australia, the Office of the Australian Information Commissioner is responsible for case management and resolution of privacy complaints under the Privacy Act 1988 (Cth) (www.oaic.gov.au), but it will generally not investigate unless the complainant has first complained to the respondent and provided the respondent with the opportunity to respond. Therefore, we would generally request that you contact us in the first instance. Thank you.