Effective Date: 15 February 2024
It sets out how Josef will collect, use, store and dispose of any personal information collected via the joseﬂegal.com website (Josef website) and our products and services.
“Personal information” or “personal data” is any information about an individual which can be used to identify them. We may collect personal information from you in the following circumstances:
– when you interact with us electronically or access the Josef website (e.g. by signing up to our subscription page or newsletter, requesting a demonstration of our products, using our products, clicking links, or completing a form or survey)
– when your employer uses our products and/or services, they may provide your personal information to us on your behalf (e.g. when you are registered as a user of our products and services for the purposes of setting you up with account access);
– when you contact our support team or make an enquiry about our products and services;
– if you are an employee or prospective employee of Josef we may collect personal information from you or other third parties (e.g. recruiters);
– As is true of most other websites, Josef’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Josef’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, to help protect against data breaches caused by malicious bots and gather broad demographic information that assists us in identifying visitor preferences.
The Josef website and our products and services are not intended for or targeted at persons under 16 years of age and we do not knowingly or intentionally collect information about persons under 16 years of age.
The personal information we collect may include your name, email address, business name, phone number and any other contact information you provide us, information about your legal and personal affairs and any other information requested by us and provided by you.
We do not generally collect sensitive information about you. Sensitive information includes things like information or opinions about your racial or ethnic origin, political opinion, religious beliefs and sexual orientation.
We may use personal information collected from you to:
– contact you or to provide you with information, updates and our services;
– improve our products and services and better understand your needs and improve your browsing experience of the Josef website;
– promote our services and products and share promotional information and content with you in accordance with your preferences.
If you are located in the EEA, we process personal information in accordance with the principles of data processing under the General Data Protection Regulation. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform our obligations under a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
When you visit our website, or use our product and services, we collect your IP address for security reasons pursuant to our legitimate interest under the GDPR.
We may disclose your personal information to our employees. We will only disclose your personal information to third parties if you have authorised us to do so, if our businesses or assets (or part thereof) are transferred to that third party or if it is required, authorised or permitted by law.
We do not otherwise reveal your personal data to third parties for their independent use unless:
(1) you request or authorize it;
(2) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
(3) the information is provided to our agents, vendors or service providers who perform functions on our behalf;
(4) to address emergencies or acts of God;
(5) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; or
(6) We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for product and services improvement and/or marketing or promotional purposes.
Information that we collect is stored on the servers of the cloud-based database management services Josef engages. That information may from time to time be stored, processed in or transferred between parties located in countries outside of the country in which you access Josef. This may include, but is not limited to, the USA. By using Josef’s services, you acknowledge that your personal information may be processed in the United States to enable Josef to perform a contract with you; or to fulfill a compelling legitimate interest of Josef in a manner that does not outweigh your rights and freedoms. Josef endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Josef and the practices described in this Privacy Statement. Josef also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Josef has received zero government requests for information.
If you are located in the EEA, note that the USA has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, we provide for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. We also take additional “supplementary measures” to ensure the protection of this data, in accordance with guidance from the European Data Protection Board.
Before we transfer your personal information overseas, we will take all reasonable steps to ensure that your information is only processed for authorised purposes and adequately protected using the appropriate technical, organisational, contractual or other lawful means. You consent to us disclosing your personal information to overseas recipients on this basis.
We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information. However, we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk. Josef is SOC2 Type I and II certified.
How long we keep information we collect about you depends on the type of information and what it is used for. We retain personal information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
We retain service data for the duration of your business relationship with us and for a period of time thereafter, to analyze the data for our own operations, and for historical and archiving purposes associated with our services. When we have no ongoing legitimate business need to process your personal information, we will securely delete or anonymise it or, if this is not possible, securely store your personal information until deletion is possible. You have certain rights regarding the deletion of your personal information as described below.
To provide our products or services, we may need to disclose your personal information to third parties, including to:
– payment service providers;
– your employer if they are our client;
– where we are required by law to do so (e.g. to enforcement agencies, and government agency, regulatory bodies); and
– third parties such as our suppliers, subcontractors, professional advisors, courts of law, and our insurers who help us to deliver and support our products and services and related activities such as product usage analytics data storage and back-up, hosting our servers and website and providing IT services.
We also enter into data processing agreements and model clauses with our vendors whenever feasible and appropriate.
We do not sell or trade your personal information. However, we may from time to time send direct marketing communications to you about our activities, products and services and other content which we think you may find interesting. If you do not wish to receive such direct marketing, you may opt out of receiving this material at any time.
A list of our third party sub processors can be provided on request.
You have certain rights under law regarding your personal information, including:
– a right to request access, rectification, correction, update or deletion of your personal information;
– a right to object to processing of your personal information or withdraw your consent to our processing of your personal information at any time;
– a right to request information about the purpose of the processing, the categories of data concerned, how long the data will be stored and to restrict our processing of your personal information or request that we provide you with a copy of your personal information;
– a right to request information about who else outside Josef might have received the data from us;
– a right to know what the source of the information was, if you didn’t provide it directly to us;
– rights related to automated decision making including profiling;
– the right to lodge a complaint with a supervisory authority if you think our processing of your personal information infringes applicable laws.
If you wish to confirm that we are processing your personal data, to have access to the personal data we may have about you, or to exercise any of your other rights, you can contact info@joseﬂegal.com. Alternatively, if you are located in the EEA, you can also contact the European Data Protection Supervisor or your nation’s data protection authority.
Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Josef will provide you with a date when the information will be provided. If for some reason access is denied, Josef will provide an explanation as to why access has been denied.
We take your questions, concerns and complaints seriously. You can contact us at any time if you have any questions, concerns or complaints about our privacy practices, you can send details to info@joseﬂegal.com. We take these communications very seriously, and will respond to you as soon as possible.
If we cannot answer your questions or resolve your concern or complaint to your satisfaction you are entitled to lodge your complaint:
– for residents in Australia, with the Office of the Australian Information Commissioner at: https://www.oaic.gov.au/privacy/privacy-complaints/; or
– for residents in the EEA and UK, with the relevant supervisory authority.