At SpineLegal, we are committed to ensuring the privacy and security of personal data processed by our legal software in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, store, and protect personal data within our software platform, and the rights individuals have regarding their data.
Lawful Basis: We will only collect and process personal data in accordance with a lawful basis as defined by GDPR, such as the necessity of processing for the performance of a contract or compliance with legal obligations.
Purpose Limitation: Personal data collected within SpineLegal will be used for specific, explicit, and legitimate purposes as defined by the client law firm. We will not process personal data for any other purpose without obtaining proper consent or a legal basis.
Data Minimisation: We will only collect and process personal data that is adequate, relevant, and necessary for the specified purposes. We will not retain personal data for longer than required to fulfill those purposes.
Data Protection Measures: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.
Confidentiality: We ensure that our employees and authorised third parties accessing personal data within SpineLegal are subject to strict confidentiality obligations and are trained in data protection and security best practices.
Data Transfers: In the event of any data transfer outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect personal data as required by GDPR.
Access and Rectification: Data subjects have the right to access and rectify their personal data processed within SpineLegal. They can review, update, and correct their information through appropriate mechanisms provided by the law firm using our software.
Erasure: Data subjects have the right to request the erasure of their personal data within SpineLegal, subject to any legal obligations or legitimate interests that may require data retention.
Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Restriction and Objection: Data subjects have the right to restrict the processing of their personal data and object to specific processing activities within SpineLegal, subject to any legal obligations or legitimate interests.
Data Breach Notification:
In the event of a data breach impacting personal data processed within SpineLegal, we have implemented procedures to detect, report, and investigate such breaches promptly. We will notify the affected law firm as required by GDPR and provide assistance to mitigate the impact of the breach.
Data Protection Officer:
SpineLegal has appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection activities within our organization. The DPO can be contacted regarding any concerns, questions, or requests related to personal data processed within SpineLegal. InSpine Technologies Limited is registered with the Information Commissioner’s Office under registration number ZA444144 for data protection.
We are committed to upholding the principles and requirements of GDPR within our legal software. This policy reflects our dedication to protecting personal data, ensuring transparency, and respecting the rights of individuals using SpineLegal. We will regularly review and update this policy as necessary to maintain compliance with applicable data protection laws.
We support all the GDPR requirements for legal practices and if you have any queries we are here to support and help you in all ways we could.
Book a Demo
All the above software components will be installed with 1-Click on your computer.