How we collect Personal Information
We are the makers of the “Prose” suite of software products and services for the legal industry (“Prose”). We also operate our Websites. In connection with the supply of Prose and our Services, including but not limited to through our Website/s, we may collect a range of personally identifiable information that may be used to identify or contact you. This includes but is not limited to your first name and last name, email address, your job title, organisation and contact details such as phone number and postal address.
Once you sign up with us, if you have an active Prose account, then you may upload information to the Prose database (“Prose DB”) in Prose file format. We do not access information which you may upload to the Prose DB and so will not know whether that information includes Personal Information, unless you request that we access that information, or we are required to access that information to perform a contract with you or to comply with laws or regulations.
We collect Personal Information directly from you in a range of circumstances including when you:
- send us an enquiry, or request a demo of our software, including through our Website
- register or sign up to an account to use our software or to receive information from us about a Service
- purchase a subscription to our software or otherwise purchase any Services
- attend a conference, meeting or other event hosted or attended by us
- post or otherwise contribute to our digital forums
- when you apply for employment with us; or
- when you or your organisation offer to provide, or provides, services to us.
You may choose not to provide your Personal Information to us at any time, but it may mean that we are unable to provide some of the Services to you as requested or to fulfil the purpose for which the information was requested.
When you visit our Website/s, we collect certain data that your browser sends whenever you visit the site (“Log Data”). This may include information such as your computer's Internet Protocol address, browser type, browser version, the pages of the website that you visit, the time and date of your visit, the time you spent on those pages and other statistics. We use the third-party web analytics service “Google Analytics” provided by Google, Inc. to collect, monitor and analyse this information and compile a report for us which helps us understand how people use our Website, but none of this information is personally identifiable information. You can find more information about how Google uses data when you access our Website here. Also, you can opt out of Google Analytics across websites you visit without impacting your ability to access our Website (https://tools.google.com/dlpage/gaoptout).
We use “cookies” to collect information about the use of our Websites. A “cookie” is a small text file which may contain an anonymous unique identifier, that is sent to your browser from a website and may be stored on your computer. A cookie does not identify you personally, but it does identify your computer. We may use a combination of persistent cookies (which remain on your hard drive for a certain period) and session ID cookies (which expire when you close your browser) to track and report on your overall site usage and to help us improve our Website and our Services. You can change your cookie settings through your browser, including whether your browser should accept or reject cookies. However, rejecting cookies may have a negative impact on the functionality and usability of the Website.
We use the third party online payments processing platform “Stripe” provided by Stripe, Inc. to process payments made for our Services. All billing information is encrypted before transmission to Stripe. Your payment card information is communicated directly from your browser to Stripe, so we never see your card details. We only store unique token identifiers that are required to manage your subscription to any software or Services that you have purchased from us and to identify any transactions made using Stripe.
How we use Personal Information
We may use the Personal Information we collect for any of the following purposes:
- to verify your identity when you register for a user account, or purchase a subscription to our software
- to send you information, correspondence and marketing and promotional materials in relation to our Services, which may include emails that you can opt out of receiving
- to fulfil a contract, or take steps related to a contract, with you or your organisation
- to process your payments for software subscriptions or other Services which you purchase from us
- to provide you with the latest training and product related information and any updates
- to administer and improve the provision of our Services and/or our Website
- to notify you of changes to our Services
- to conduct employment related activities where you are seeking employment with us, and
- to comply with laws and regulations
Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our legal basis is consent, you have the right to withdraw consent any time.
It is important for the proper provision of our Services that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
We maintain organisational, technical and administrative measures designed to protect Personal Information within our organisation against unauthorised access, destruction, loss, alteration or misuse. Any transmissions to and from any server hosted by us is over an encrypted HTTPS connection.
The security of your Personal Information is important to us, but please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable precautions to protect your Personal Information, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
We only disclose Personal Information in limited circumstances
We only disclose the Personal Information we hold where legitimately permitted to do so. This may include sharing your Personal Information with our service providers who assist us in providing our Services, or in connection with a merger, reorganisation or sale, or in the event of insolvency, or where required to comply with a law or regulation.
International data transfers
All Document Modelling servers are in Australia however we may use third party service providers located outside Australia to assist us in the provision of our Services. If you are a Prose customer, any Personal Information that you upload into the Prose database may be stored by Amazon Web Services, Inc. servers located in Australia or the United States. Amazon Web Services, Inc is part of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Therefore, if you are a customer in the EEA, then the processing of your Personal Information may involve transfers of data outside of the EEA to our servers located in Australia and/or servers hosted by Amazon Web Services in Australia and/or the United States.
We will only keep your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your Personal Information or restrict the processing of it. There are certain rules around when you can exercise this right depending on the privacy jurisdiction and privacy laws applicable to you.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You may request access to your Personal Information
You may ask us to provide you with access to your Personal Information or a copy of your Personal Information in a common format (e.g. a txt or json file). Also, you may ask us to update or correct any Personal Information about you that may be inaccurate or incomplete. You can do this by emailing our Privacy Officer at firstname.lastname@example.org.
Links to third party web sites
How to contact us
If you have a privacy enquiry or would like to exercise any of your privacy rights, or wish to make a complaint about how we have handled your Personal Information, please email our Privacy Officer at email@example.com.
We try to respond to all privacy related correspondence within one week of receipt, however we may require longer to handle your request depending on its nature and complexity in which case we will notify you and keep you updated.
If the General Data Protection Regulation applies to you then you have the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to address your concerns and so request that you first notify us of your complaint before approaching the ICO.
In Australia, the Office of the Australian Information Commissioner is responsible for case management and resolution of privacy complaints under the Privacy Act 1988 (Cth) (www.oaic.gov.au), but it will generally not investigate unless the complainant has first complained to the respondent and provided the respondent with the opportunity to respond. Therefore, we would generally request that you contact us in the first instance. Thank you.