Privacy Policy
LEGALMIKE PRIVACY POLICY
1. Introduction
This is the privacy policy of Novitec B.V., also trading under the name ‘LegalMike’, located in Groningen and registered in the commercial register under number 90900375.
We process personal data in accordance with the rules applicable in the Netherlands regarding the protection of personal data, including the General Data Protection Regulation (GDPR). In this privacy policy, we explain how we do this.
This privacy policy applies to:
- our customers and end users of our software and services, and all persons with whom we have had business contact;
- all visitors to our websites;
- all recipients of our newsletter and other mailings; and
- all persons whose personal data we otherwise process.
2. Website Visit
Regarding our websites, we are the ‘data controller’ and use a number of cookies. Through our cookie banner and on this special page, we provide detailed cookie information and options to manage your preferences.
The legal basis for our use of all functional and necessary cookies is the necessity for our legitimate interest in enabling the use of the website and researching its use to improve the website. Partly by choosing privacy-friendly settings as much as possible, we do not require the visitor’s consent for this. For marketing cookies and other non-functional cookies, we first request your consent, unless we can already infer from your browser settings that you do not wish to provide it. In the latter case, we only place functional and necessary cookies.
In principle, we do not provide any personal data to third parties, unless this is necessary to comply with an official order or legal obligation, for example, in the investigation of criminal offenses.
Our website may also contain hyperlinks to websites of other parties over which we have no control. We therefore accept no liability for them.
3. Newsletter
When you receive a newsletter from us, we process only your name and email address for that purpose. The goal is to inform you about our services. We have made appropriate agreements with our newsletter provider HubSpot Netherlands B.V. regarding the security of personal data entrusted to us.
The legal basis for our use of the newsletter is the necessity for our legitimate interest in informing recipients of news regarding (the sale of) our services and legal matters. If you receive newsletters from us, it is always possible to easily unsubscribe.
The relevant personal data will be processed for as long as you are subscribed to the newsletter. If you unsubscribe, we will only need to process your personal data to ensure that you do not receive a newsletter from us again. We will also delete that data from the newsletter system after six (6) months.
4. Our Services
Regarding our services, we act as a ‘processor’ for some services and as a ‘data controller’ for others.
Regarding the LegalMike service (the AI-driven web application), we have the role of ‘processor’. As ‘data controllers’, our customers determine the basis for the processing operations we perform for them.
In the context of training sessions we provide, we are the ‘data controller’ because we determine the purpose and means for those processing operations. The basis for processing lies either in the necessity to perform the agreement with you (if the trainee is also our client) or in the necessity for our legitimate interest in providing training to trainees (if the trainee’s organization is our client).
We commit to the data processing agreement included in our terms and conditions.
We maintain internal privacy records with a register of processing activities, and we consistently apply the principles of privacy-by-design and privacy-by-default during our development. This means that, as far as this fits within our normal business operations, we pseudonymize and anonymize data as much as possible and that the default settings are privacy-friendly. We also apply data minimization by storing as little privacy-sensitive data as possible. Naturally, we carefully secure all data processed by us in accordance with our data processing agreement and regularly conduct security tests.
We have concluded appropriate data processing agreements where necessary with our (sub-)processors, such as providers of telephony, email systems, customer and file management systems, accounting, and invoicing systems. One of these processors is a party located outside the European Union that processes only telemetric data but complies with GDPR requirements for data export. In all cases, there is a guaranteed level of protection and appropriate data processing agreements.
Data entered and output in our LegalMike service is stored for 30 days by default after deletion by the end user. Furthermore, we store customer and contact data for five (5) years by default from the date we stop providing services to the relevant customer, which period is only extended to twenty (20) years in cases where our liability is in question. Additionally, we store administrative data for five (5) years by default from January 1st following the acquisition of the relevant data to comply with legal and fiscal administrative obligations.
5. Rights of Data Subjects
Data subjects have the right, when we are responsible for the relevant processing, to request access to, correction, or deletion of personal data, or a restriction of its processing. Data subjects also have the right to object to processing and the right to data portability. These rights are not always absolute, as privacy rules also set limits on them.
6. Further Information
For further questions about our privacy policy, you can always contact us at privacy@legalmike.ai. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is also the competent supervisory authority and the body where any complaints regarding our processing of personal data can be filed.