EU-US & Swiss-US Privacy Shield and GDPR Compliant
Trust is built through confidence and performance.
doeLEGAL has adopted the most advanced and sophisticated security measures, and we will do whatever is needed to ensure the safety of our clients’ and visitors’ information.
Some of our pages contain links to other sites. These other sites may have practices different than ours. Visitors to linked sites should consult those sites’ privacy notices, as we have no control over information that is submitted to, or collected by, these third parties.
- The information we collect
- The choices that are available to you regarding how the information is used and to whom it is disseminated
- Your rights to access and correct or update your personally identifiable information
- Our pledge to have reasonable security procedures that are in place to protect against the loss, misuse, or alteration of the information under our control
Transferring personal data from the EU, UK, or Switzerland to the US
doeLEGAL has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. doeLEGAL relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, doeLEGAL collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of doeLEGAL in a manner that does not outweigh your rights and freedoms. doeLEGAL endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with doeLEGAL and the practices described in this Privacy Notice. doeLEGAL also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
What Information doeLEGAL collects
Personally Identifiable Information
The only personally-identifying information that we collect and store about you is the information that you choose to provide to us. For example, if you submit a question online, we will use the personally identifiable information you provide so that we may respond according to your preferred method of contact. If you register with our site, we will gather your personally identifiable information in order to sign you up for our services. We also may use the information you provide us to send you information that we think you might be interested in, and about the products and services of our partners requested. If you choose to complete our optional survey instruments that may collect other information as to industry and geographic information, this information will not be stored with personally identifiable information. Such demographic or biometric information will be gathered and reported in the aggregate only. Your choice to complete or not complete such questionnaires will have no bearing on the quality of service you receive from us. We do not intentionally collect any information from visitors under 13 years of age.
Non-Personally Identifiable Information
We do not merge personally-identifiable information with non-personally identifiable information. We may, however, develop a non-identifiable profile of you based on the pages within our site that you visit. How Information May Be Used: doeLEGAL.com will not sell, rent, loan, trade, or lease personal information collected at this site to any outside party. Personal information may be disclosed to judicial or other government agencies subject to warrants, subpoenas, or other government orders.
EU-US and Swiss-US Privacy Shield Frameworks – For EU, Swiss, and UK Data Transfer Into the United States
NOTE: a recent judgment by the EU courts, stated the current EU-US Framework is not adequate. The Swiss-US Framework followed suit later. The responsible governments are in extensive negotiations regarding modifications to the existing Framework(s). The result will create a new policy agreement replacing the current Framework. The current requirements are still being overseen by the US Department of Commerce, with full enforcement and oversight authority of the FTC, and will continue to administer self-certifications. All data protections are still in place as far as the resolution methods.
The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with all Privacy Shield Frameworks.
Pursuant to the Privacy Shield Frameworks, we attest to the following:
- EU, Swiss, and UK individuals have the right to access their data to update inaccurate or outdated information and request deletion of information that has been handled in violation of the Principles. (Instructions on how to access this data can be found lower down in this document.)
- doeLEGAL engages third parties who act as our agents. “Third parties” include software doeLEGAL uses to efficiently and effectively send emails to our user and prospect database using stored information visitors have provided to help us identify their business role, the business needs, email addresses, and business location. We store this information in our secure servers and never sell any part of it or allow it to be used for reasons other than those for which it was provided. If this practice should change in the future, we will update this policy and provide data subjects with opt-out or opt-in choices as appropriate.
- doeLEGAL, Inc. remains liable for the onward transfer of personal information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
- doeLEGAL may be compelled to release personal data in response to lawful requests by public authorities including to meet law enforcement and national security requirements.
Zac Schindler, Director of Information Technology Privacy & Security Team Leader doeLEGAL, Inc. 1200 Philadelphia Pike Wilmington, Delaware 19809 302-798-7500 email@example.com
doeLEGAL, Inc. has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/bbb-eu-privacy-shield-consumers/ProcessForConsumers for more information and to file a complaint.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Any information that we collect on you may be accessed by contacting our web administration at: doeLEGAL, Inc. 1200 Philadelphia Pike Wilmington, Delaware 19809. We will require proof of identity prior to releasing any information to protect individuals’ rights to privacy. Should you have any disputes regarding any information collected, you may open a dispute case with the web administration by contacting us with a detailed outline of the disputed information as well as the correct information. If your request is to purge our system of your information, please state that in the letter. Mail the correspondence to the address shown above. We will evaluate your request and respond in the most appropriate manner. If you provide your email address, we will email you prior to any action to ensure your wishes are adequately met. Our dispute resolution policy is on file and can be viewed by anyone by emailing the administrator of our website at the following address:firstname.lastname@example.org. We publish this policy to adhere to all Privacy Shield Principles.
How we share information with others
Information about your doeLEGAL purchases or contracted services is maintained in association with your profile account. The personal information the doeLEGAL collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, doeLEGAL engages third parties to mail information to you. “Third parties” include software doeLEGAL uses to efficiently and effectively send emails to our user and prospect database using stored information visitors have provided to help us identify their business role, the business needs, email addresses, and business location. We store this information in our secure servers and never sell any part of it. If you wish to have your information purged or to know what is stored, please email doeLEGAL’s Marketing Department at email@example.com.
Notification of Changes
Choices Available to the User, Including Access & Accuracy
This Web site may contain links to other sites. PLEASE BE AWARE THAT WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF OTHER SITES. Some third-party companies we work with collect data from web traffic. These parties hold all collected data as proprietary and will not disclose any visitor or client data to any other party, enforceable by our contracted terms. doeLEGAL acknowledges the potential liability in cases involving onward transfers of Privacy Shield data to third parties. We encourage our users to read the privacy statements of each and every Web site that they visit. We collect only basic data in our CRM, Web site tracking, social media, business partnerships, advertising sourcing, outbound marketing, and other outside vendor tools. We do not share that collected data with any other third parties not under contract. These collected data sources are used to better identify messaging for marketing purposes, to identify general metrics for Web traffic, to identify leads and client activity for sales, and to report on market/ Web site trending within our business market verticals. doeLEGAL does not forward, transmit, or disclose data received from clients as part of our contracted business services to any outside third parties without prior client request, agreement, and consent.
Data subject rights
To the extent that GDPR applies to the processing of data subjects information, this Privacy Notice is intended to provide you with information about what personal data the doeLEGAL collects about you and how it is used. If you have any questions, please contact us at firstname.lastname@example.org.
If you wish to confirm that doeLEGAL is processing your personal data, or to have access to the personal data doeLEGAL may have about you, please contact us at email@example.com.
CCPA Updates and Service Provider Definition
CCPA’s Service Provider Definition:
The California Consumer Privacy Act defines a service provider as a for-profit legal entity that processes personal information on behalf of a business pursuant to a written contract for a business purpose. Businesses use service providers and share personal information with them’ therefore it is not considered a sale of personal information under the law if the sharing of personal information is necessary to perform a business purpose, the business has provided notice that the information is being used or shared, and the service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.
To fall within the scope of the CCPA for service providers, the business must also meet one of the additional three criteria:
- Have $25 million or more in annual revenue; or
- Possess the personal data of more than 50,000 “consumers, households, or devices” or
- Earn more than half of its annual revenue selling consumers’ personal data.
doeLEGAL does not meet any of these criteria shown above, but we do take data privacy and visitor information security seriously. We notify website visitors that PII may be collected during their use of our website to coimply with “notification,” but it is safeguarded and never shared. Visitors may request the information or request that any be deleted in compliance with our privacy policies.
Security of your information
To help protect the privacy of data and personally identifiable information you transmit through the use of this Web site, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Data storage and retention
Your personal data is stored by doeLEGAL on its servers, and on the servers of the cloud-based database management services doeLEGAL engages, located in the United States. doeLEGAL retains data for the duration of the customer’s business relationship with doeLEGAL. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the IAPP’s data protection officer at firstname.lastname@example.org
Changes and updates to the Privacy Notice
As our organization changes from time to time, this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice at the Web site. We may email periodic reminders of our notices and terms and conditions and will email of material changes thereto, but you should check the Web site frequently to see the current Privacy Notice that is in effect and any changes that may have been made to it.
This privacy statement applies solely to information collected when you visit doeLEGAL’s Web site.
We do not currently provide any form of online payments on our website. If we decide to allow service payments through our website, we will not store personal financial information on any publicly accessible servers or share that data with any outside companies. Credit card and/or PayPal information will be kept in a separate, encrypted, and secure server to provide the security necessary to safeguard all transactions. Please submit requests for reprinting and reproduction of materials by using our online copyright request form, or send requests directly to: email@example.com. For more information, please contact doeLEGAL at 302-798-7500.
Questions, concerns, or complaints
Please contact the doeLEGAL at: 302-798-7500 or firstname.lastname@example.org