1 Purpose & application
LOD is committed to protecting and safeguarding the privacy of all current, past, and prospective LOD Professionals and LOD HQ staff in accordance with all applicable legislation.
This policy sets out what data is collected and how LOD handles the personal data of its current, past, and prospective employees and independent contractors. It applies to both LOD Professionals (as described below) and LOD HQ staff, as well as applicants for these positions.
Lawyers On Demand Inc. (“LOD”, “we”, “us” or “our” in this privacy notice) operates as a staffing services provider.
An “LOD Professional” referred to in this privacy notice is a lawyer, paralegal or other professional engaged on a project or assignment through LOD, whether as an employee or an independent contractor
3 Policy Statement
3.1. Personal Data
As used in this notice, personal data has the meaning set out in the applicable privacy laws.
If you are an LOD Professional (whether currently engaged or in between assignments), a member of LOD HQ staff, or going through an application process, the personal data we may collect about you includes your:
- Date of birth;
- Mailing address, telephone numbers, email address and other contact details;
- Government identification data such as social security, drivers’ license, and passport numbers;
- Data we are required to collect by governmental authorities including
- information regarding race/ethnicity, sex, disability, and veteran status;
- Biometric data for identification purposes;
- CV, educational qualifications, professional qualifications and certifications and
- employment references;
- Employment and training history;
- Names of references, next-of-kin, spouse, other family members and
- emergency contact details; Name or alias, gender, passport number, date of
- birth, nationality and country and city;
- Time record details;
- Photographs, videos, and other audio-visual information;
- Salary and benefit information and bank account details;
- Leave records (including annual leave, sick leave, and maternity/paternity leave);
- Performance records;
- Any additional information provided to us by you during the recruitment process or while engaged by us;
- Work-related health issues and disabilities, in which case the data is ‘special category; and
- For some types of assignment or client we may need to undertake criminal records checks, in which case the data is ‘criminal offence and conviction data.
3.2. Collection, Purposes and Lawful Basis
3.2.1. Sources of personal data
We generally collect and process personal data that you knowingly and voluntarily provide in connection with your engagement or application with us, or via a third party who has been duly authorized by you to disclose your personal data to us. We may also process personal data that we acquire from third party sources such as LinkedIn, credit reference check providers or clients.
3.2.2. Purposes of processing
Your personal data will be collected and used by us for the following purposes, and we may disclose your personal data to third parties where necessary for the following purposes:
- Performing obligations under or in connection with your contract with us, including payment of fees and tax;
- Administrative related matters within LOD, including granting access to our premises and computer systems, administering insurance policies, provision, monitoring and management of IT systems and resources for you to provide services to clients, management and reporting purposes, and investigating any acts or defaults (or suspected acts or defaults);
- Human resources related matters within LOD;
- Managing and terminating our relationship with you;
- Assessing and evaluating your suitability for secondments and assignments with our clients;
- Assessing and evaluating your suitability for engagement in any current or prospective position within LOD;
- Ensuring business continuity for LOD if your engagement with us is or will be terminated;
- Performing obligations under or in connection with the provision of services to our clients;
- Facilitating any proposed or confirmed merger, acquisition or business asset transaction involving any part of the LOD and SYKE Group, or corporate restructuring process; and
- Facilitating our compliance with any laws, customs and regulations which may be applicable to us.
We may also use your personal data to keep you updated on relevant news and industry updates, events, and other information of ours that we think may be of interest to you. You can unsubscribe from these communications at any time.
The purposes listed in the above paragraphs may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, and for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
3.2.3. Lawful basis for processing
To process your personal data lawfully under GDPR we need to identify the lawful basis for processing. We rely on one or more of the following lawful bases for processing the personal data of LOD Professionals and prospective LOD lawyers:
- The processing is necessary to fulfil the contract we have with you, or to take specific steps before entering a contract with you at your request.
- The processing is necessary to comply with law.
- The processing is necessary for our legitimate interests or the legitimate interests of a third party (such as a client), and there is no negative impact of our processing on you that overrides those legitimate interests.
- In limited cases our lawful basis will be that you have given clear consent to the processing.
3.2.4. Sensitive personal data
Where we need to process special category data or criminal offence and conviction data, we need to identify a further condition for processing as required under applicable privacy laws. We inform you of this at the time of collecting that data and will normally rely on gaining your consent as the further condition.
3.3. Your personal data rights
The personal data we hold about you is your data, so you have certain rights over that data. This section summarizes your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, and withdrawal of consent cannot be backdated.
Where we process your data based on “legitimate interests” you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We confirm that we do not currently undertake any automated decision-making, or profiling, based on the processing of personal data.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, if carried out based on your consent or where it is necessary to perform a contract with you.
If you wish to exercise any of these rights the best way is to submit your request via email to our email@example.com.
Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests quickly, but in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
3.4. Protection of personal data
We have appropriate security measures in place to protect personal data from being accidentally lost or used or accessed in an unauthorized way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
3.5. Accuracy of personal data
We generally rely on personal data provided by you. To ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing us via email at the contact details provided below.
3.6. Retention of personal data
We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable privacy laws, and it is our policy to retain certain personal data of LOD Professionals when they cease to be engaged on assignments through us. This data may be required for general communication purposes, to enable us to suggest or process new assignments or in case of legal claims relating to past assignments. For former LOD employees’ data may be retained for residual employment-related activities, including for example, provision of references, processing of applications for re-employment, matters relating to retirement benefits and allowing LOD to fulfil any of LOD’s contractual or statutory obligations.
We will cease to retain your personal data or remove how the data can be associated with you as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected and are no longer necessary for legal or business purposes.
3.7. Transfers of personal data to data processors
We use several different service providers (acting as ‘data processors’) who provide services or cloud-based software to enable us to operate our business and the services we provide to our customers. Your personal data is transferred to (and stored by) these service providers (as our ‘data processors’), who generally fall under the following categories:
- Payroll and benefits administration
- Website analytics
- Website and data hosting
- IT and system administration
- Document storage
- Email, contacts, and calendar
- CRM, accounting, and billing
Please contact us (see below) if you want further information on specific data processors or the types of personal data, they process for us.
3.8. Other transfers of personal data
For LOD Professionals, when we put you forward for assignments with our clients, we provide clients with your LOD profile, which contains your personal data and, in some instances, the client may ask for proof of your right to work in the relevant country. Additionally, if you are offered an assignment a client may require further checks to be undertaken, which may include checking your credit history, academic qualifications and if you have any criminal records. You will be asked to consent to these checks before they are carried out.
If you attend an event we have put on, we may need to share your name and any special dietary requirements with the event hosts or organizer and the names of attendees may be shared with speakers and other attendees.
LOD may from time to time need to transfer your personal data to the following classes of persons (within or outside the country where you are based):
- Any member of the LOD and SYKE Group (hereinafter defined);
- Clients of LOD;
- Insurers and banks of LOD and/or any member of the LOD and SYKE Group;
- Outside parties involved in a merger, acquisition, or due diligence exercise with LOD;
- Companies, third party service providers and professional advisers LOD or a member of the LOD and SYKE Group engages to perform functions for LOD;
- Applicable regulators, governmental bodies, tax authorities or other industry recognized bodies located inside or outside the country where you are based where required by any applicable laws, rules and regulations, codes of practice or guidelines of any applicable jurisdiction or any governmental or regulatory authority in or outside the country where you are based; and
- Anyone you authorize.
“LOD and SYKE Group” means the group comprising LOD and SYKE and all its subsidiaries, all its holding companies and each other subsidiary of any of its holding companies, including Lawyers On Demand (Singapore) Pte Ltd.
3.9. International transfer of personal data
Whenever we, or our data processors, need to transfer or store your personal data outside the USA we will ensure that an appropriate transfer safeguard mechanism, or derogation, as required under applicable privacy laws, is in place to protect your privacy rights. The countries to which international transfers may be made include Australia, the EEA, Hong Kong, Singapore, the UAE and the UK. This section explains more.
For LOD Professionals, if we need to transfer your data to a client located outside the USA, we will ensure we have your consent to such transfer (which you will normally agree to in writing when you sign up to be a LOD lawyer).
Many of our data processors operate “cloud-based systems”, which means the information is held in data centers in different locations. Some of them reserve the right to hold copies of your personal information outside the EEA.
In this case we and our processors employ one or more of the following mechanisms that are designed to help safeguard your privacy rights.
Please contact us (see below) if you want further information on the specific mechanisms used by us or our data processors when transferring your personal data out of the USA.
3.10. How to contact us
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at firstname.lastname@example.org. Our contact address is 119 West 24th St, 4th Floor, New York, NY 10011.
3.11. Effect of this notice and changes to this notice
This notice applies in conjunction with any other policies, notices, contractual clauses, and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this privacy notice from time to time without any prior notice. If we make any significant changes, we will endeavor to notify you by email. You can request a copy at any time by emailing email@example.com.