Updated December 4, 2020
When you use or access the Level Legal website or service, or otherwise communicate with us, such as at our offices or events, we may collect, use, share and process information relating to you. Our privacy policies explain how we may collect, use, and maintain your personal information. They also describe your choices as well as your rights regarding the correction and removal of your personal information.
- Access or use any of Level Legal’s licensed technology platforms, services, and related applications offered by Level Legal (collectively our “Services”) as an authorized user under our client’s Level Legal account (each a “Service User”); or
- Visit our website (such as LevelLegal.com) that display a link to this Policy (our “Site”), visit our social media pages; visit our offices; receive communications from us, including emails and phone calls; subscribe or contribute to our blog posts; or interact with, register for, attend and/or otherwise take part in our events, tutorials or webinars (including demonstrations of our Services) (we collectively refer to all of these activities as our “Marketing Activities” and each person as a “Visitor”).
Changing Our Policy
We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our Services or sending you an email notification).
If there are material changes to this Policy, we will notify you directly by email or by means of a notice on the Services prior to the change becoming effective. We encourage you to review our Policy whenever you access the Services to stay informed about our information practices and the ways that you can control your personal information.
If you are a Service User and do not wish your information to be subject to the revised Policy, you may deactivate your account with us by contacting privacy@LevelLegal.com and stop using our Services. For further information about the privacy rights available to you, review the section titled Your Privacy Rights.
Who We Are
We are Level Legal, a company headquartered in the United States. We provide legal services, specializing in eDiscovery, litigation, compliance, and privacy support. We provide these services through our customers’ software platforms or through our platforms we license from market leaders in eDiscovery and compliance software.
What Information We Collect
Information We Collect Via Our Services
In general, we provide our Services to our Service Users and collect personal information on their behalf. As a result, for much of the personal information we collect and process through the Services – such as the files and other content our customers upload– we act as a processor or service provider. This means it is primarily our customers that control what personal information we collect and process through our Services and how we use it.
Information You Provide to Us. If you are a Service User (or your organization’s administrator) you may provide certain personal information to us through the Services – for example, when you sign up for a Level Legal account to access and use the Services, create or modify your profile and account, participate in any interactive features of the Services, consult with customer support, or send us an email or communicate with us in any way.
The personal information we collect may include:
- Business contact information (such as your name, job title, email address, mailing address, and phone number);
- Professional information (such as your employer’s name, company address, and phone number);
- Marketing information (such as your contact preferences);
- Account credentials (such as your email or username and password when you sign-up for an account with us);
- Transactional information (including Services purchased or subscribed to and billing address); and
- Troubleshooting and support data (such as information about your account preferences or data you provide when you contact Level Legal for help, such as the solution you use, and other details that help us provide support. For example, contact or authentication data, the content of chats and other communications with Level Legal, and the solution you use related to your help inquiry).
Information We Collect Automatically. When you use or interact with the Services, we automatically collect or receive certain information through our Services (e.g., log files) and other technologies (such as cookies) about your device and usage of the Services (we call this “Platform Data”). In some (but not all) countries, including countries in the European Economic Area (“EEA”) and UK, this information is considered “personal data” under data protection laws. For further information please review the section Cookies and Similar Technologies below.
Platform Data may include:
- Log data, which is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. This log data may include Internet Protocol (IP) address, device information, browser type, and settings and information about your activity in the Services (such as the date/timestamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you use).
- Information about the content you upload, download, share, or access while using the Services, and any actions taken in connection with the access and use of your content in the Services), device event information (such as system activity and hardware settings).
- Device data, such information about your computer, phone, tablet or other device you use to access the Services. This device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.
Some of the data automatically collected within the Services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used for the purposes of identifying the uniqueness of a Service User logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers (where we act as a data processor).
Information We Collect Via Marketing Activities
Information You Provide to Us. Our Site offers various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Services. For example, when expressing an interest in obtaining information about Level Legal or our Services, subscribing to receive marketing communications, or otherwise contacting us, we will collect personal information from you (such as business contact information you provide to us). We may also collect information from you when you participate in a survey, or interact with us in person at a tradeshow or event, or via a phone call with one of our sales representatives, or if you visit our offices (where you may be required to register as a Visitor and provide us with certain information).
The personal information we collect may include:
- Business contact information (such as your name, phone number, email address and country);
- Professional information (such as your job title, institution or company);
- Nature of your communication;
- Marketing information (such as your contact preferences); and
- Any information you choose to provide to us when completing any “free text” boxes in our forms.
Information We Collect Automatically. When you visit our Site or interact with our emails, like most websites, we use to automatically collect certain technical information from your browser or device. In some countries, including countries in the EEA and UK, this information is considered “personal data” under data protection laws.
The information we collect may include:
- Device data, such as your IP address, operating system, browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called the “exit page”), information about other websites you have recently visited and the web browser used (software used to browse the internet) including its type and language).
- Usage data, such as information about how you interact with our emails, Sites and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).
Information We Collect from Other Sources. In order to enhance our ability to provide relevant marketing communications, offers and services to you, and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties. This information may include mailing addresses, job titles, email addresses, phone numbers, user behavior data, IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising, event promotion and optimizing our Sites, Services and Marketing Activities.
Social Media Features
Our Sites may use social media features, such as the Facebook “Like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
Cookies and Similar Technologies
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie.
In connection with our Services and Site, we may make use of first or third party cookies (whether session or persistent cookies) and similar technologies, for such things as session management, account access/authentication, to recognize returning Service Users, for storing and honoring Service User’s preferences and settings, combating fraud, maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our Site and Services perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Policy (such as fixing issues with and improving our Services and related Service User experience).
A Note about Do Not Track. Some browsers offer a “do not track” (“DNT”) option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
How We Use Information Collected
We use and process personal information we collect or receive, alone or in combination, for the following purposes, and if you are resident in the EEA or UK, on the legal bases identified below:
- Providing our Site and Services: In reliance on our legitimate interest, we process your personal information to operate and administer our Site, and to provide, operate, monitor, and maintain the Services;
- Communicating with you about the Services: We process your personal information to enable you to access and use the Services that you request, including sending you technical notices, updates, security alerts, and support and administrative messages, in reliance on our legitimate interests in administering the Services and providing certain features;
- Providing necessary functionality: We process your personal information in reliance on our legitimate interest to provide you with the necessary functionality required during your use of our Site and Services. To provide and deliver the services and features you request and process;
- Transactional considerations: We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our contract with you and to the extent necessary in reliance on our legitimate interest;
- Handling contact and support requests: To perform our contract with you, or to the extent necessary for our legitimate interests in fulfilling your requests and communicating with you, we process your personal information to respond to your comments, questions, and requests, and provide customer service and support;
- Developing and improving our Marketing Activities and Services: We process your personal information to review and analyze trends, usage, and interactions with our Services, Site and other Marketing Activities so that we can personalize and improve our Marketing Activities and the Services, and provide content and/or features that match your interests and preferences or otherwise customize our Marketing Activities and your experience on the Services. We do so to the extent it is necessary for our legitimate interest in developing and improving our Marketing Activities and Services and providing our Visitors and Service Users with more relevant content and service offerings, or where we seek your valid consent;
- Sending marketing communications: We will process your personal information for marketing purposes in accordance with your preferences, such as to communicate with you via email, SMS or telephone about services, features, surveys, newsletters, promotions, trainings, or events we think may be of interest to you and/or to provide other news or information about Level Legal and/or our select partners, in each case in reliance on our legitimate interest in conducting direct marketing or you’re your consent. Please see the Your Privacy Rights section below, to learn how you can control the processing of your personal information by Level Legal for marketing purposes;
- Promoting the security of our Sites and Services: To the extent necessary for our legitimate interests in promoting the safety and security of our Marketing Activities and Services, we use your personal information to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
- Compliance purposes: We will process your personal information for purposes of compliance with laws or regulations and to review compliance with applicable usage terms; and
- Other purposes: We will process your personal information for other purposes about which we notify you in advance, or for which we receive your consent.
What Information We Share or Disclose to Others
Third-Party Service Providers
Compliance with Laws
Anonymized Statistical Data
Links to Third-Party Websites
How We Secure Information
We have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use or processing of information we collect. We also choose to undergo security testing by an independent, third-party auditor.
Through our technology partnerships, our systems are designed to operate effectively and keep the personal data that we process secure. Level Legal has data centers in Las Vegas, NV, Arlington, VA, and London, UK.
Among many other certifications, these data centers have the following:
- GDPR Compliant/ EU-US Privacy Shield membership
- HIPAA Compliant, ISO27007 and ISO27077 certified
- HIPAA, PCI, NIST and ISO Compliance (amongst others)
- SOC 2 Type 2 certification in Security, Availability, Confidentiality and Privacy
- FEDRAMP authorized (Arlington, VA data center)
You may access your account information and our Services only through the use of an individual account via either a Level Legal user ID and password or an authorized single sign-on provider (“Account Credentials”). To protect confidentiality, you must keep your Account Credentials confidential and not disclose to any other person. Please advise us immediately if you believe your Account Credentials have been compromised in any way. In addition, always log out and close your browser when you finish your session. Please note that we will never ask you to disclose your password to us. If you have any questions about the security of your personal information, you can contact us at security@LevelLegal.com.
Level Legal is headquartered in the United States and has service providers and clients who operate around the globe. Therefore, as a global business, Level Legal processes, hosts, and transfers personal information in different countries, including in the United States. These countries may have data protection laws that are different from the laws of your country.
Level Legal fully assesses the circumstances involving all cross-border data transfers and has appropriate safeguards in place to ensure that your personal information will remain protected in accordance with this Policy and all applicable laws and regulations. Currently, Level Legal uses the European Commission’s Standard Contractual Clauses as the basis for Level Legal’s approach to global data privacy protection. These Standard Contractual Clauses provide safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and the exercise of the corresponding rights. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards where legally required with our third party service providers and partners. Further details can be provided upon request.
Your Privacy Rights
Where we are acting as a data controller, and depending on your location and applicable law, you may have the rights below with regard your personal information. For all requests surrounding your personal information or questions about your rights per this Policy, please contact us at privacy@LevelLegal.com, and we will respond promptly.
You can access, correct, update and delete your personal information by emailing us at privacy@LevelLegal.com.
If you are a Service User, you can also update, correct, or modify your account information at any time by contacting us at support@LevelLegal.com.
If you are a resident or a visitor from the EEA, UK, or Switzerland, you can object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. To exercise these rights, please send an email to privacy@LevelLegal.com.
Receiving Promotional and Other Communications
Withdrawing Your Consent
Lodging a Complaint with a Supervisory Authority
You have the right to submit a complaint to a European Union (“EU”) supervisory authority if you believe that your personal information has been processed in a manner that is not compliant with the EU General Data Protection Regulation (“GDPR”). You also have the right to submit a complaint to an EU supervisory authority if Level Legal is unable to comply with your right of data portability or does not respond to your request within a timely manner.
If you are resident in the EEA and UK, the contact details for data protection authorities are available here. If you are resident in Switzerland, the contact details for the data protection authorities are available here.
How Long Do We Keep Your Personal Information?
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Policy. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will retain your personal information to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for as long as your Level Legal account is active or as needed to provide you with the Services, but no longer than the period necessary to fulfill the purposes outlined in this Policy.
Under California law, California residents who have an established business relationship with Level Legal may choose to opt out of Level Legal’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt out at any time after granting approval, email privacy@LevelLegal.com. In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at (916) 445-1254 or (800) 952-5210; or by email to firstname.lastname@example.org.
The California Consumer Privacy Act (“CCPA”) requires businesses to disclose whether they sell Personal Data (as defined in the CCPA). As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our Sites or Services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use our Services to interact with third parties or direct us to disclose your Personal Data to third parties.
California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our products. We disclose the following categories of Personal Data for our business purposes:
- Customer records information;
- Commercial information;
- Internet activity information;
- Professional and employment-related information; and
- Inferences drawn from any of the above information categories.
Our Policy Toward Children
In compliance with COPPA, the Children’s Online Privacy Protection Act, the Level Legal Service is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at privacy@LevelLegal.com. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. Please note, if you are under the age of 13, you may not use our website, products, or services.
If you have any questions about this Policy,
please contact privacy@LevelLegal.com or:
1755 North Collins Blvd., Floor 4