Version 1.0 | Applicable from September 2022
Lawcadia (UK) Limited (company number 11845823) (“Lawcadia“, “we, us, our“) owns and operates Lawcadia.co.uk (our “Website“) with support from our affiliates and subprocessors.
We also make available access to our secure client platform and services (the “Lawcadia Platform“) via Lawcadia.co.uk or other websites or interfaces that we or our affiliates operate from time to time.
2. Digital transformation of Legal Operations and Service Delivery
The Lawcadia Platform is a secure, two-sided cloud-based platform that was created to enhance the collaborative nature of the law firm / client relationship. Rather than addressing one single function, it has been designed to address core operational needs of law firms and clients, including:
(a) Engagement Framework
(b) Legal Project Management
(c) Budget Management
(d) Relationship Management
(e) Business Process Improvement
(f) Strategic Planning
Please contact us for more information about Lawcadia or to obtain a copy of our Law Firms Guide to Lawcadia.
3. These terms apply to law firms
By accessing and/or using the Lawcadia Platform and related services for or on behalf of a law firm, you agree to these Terms and Conditions for Law Firms (“Terms“”). You should review these Terms carefully and immediately cease using the Lawcadia Platform if you do not agree to these Terms. These Terms govern the use of the Lawcadia Platform by you and your partners, employees and contractors who use it. You will be responsible for ensuring that persons who access the Lawcadia Platform on your behalf comply with your obligations in these Terms.
4. Please help us keep the Lawcadia Platform secure
4.1 Please keep your username and password confidential
In order to obtain secure access to the Lawcadia Platform, you and/or persons authorised by you will be asked to choose a unique username and password, unless we have agreed alternative security arrangements with you. You must keep your username and password and any other security credentials used to access the Lawcadia Platform confidential and not disclose them to any third party without our prior authorisation.
4.2 Report any suspected misuse
You agree to notify us promptly if you become aware or suspect that your username or password or other security credentials used to access the Lawcadia Platform have been lost or stolen or have been used by or disclosed to any third party without our authorisation or if your account has been used by any unauthorised third party. We will hold you responsible for the use of your account unless and until you have notified any such loss, theft, disclosure or unauthorised use to us or cancelled your registration on the Lawcadia Platform.
4.3 We may suspend access to the Lawcadia Platform for security reasons
If we have reasonable grounds to believe that unauthorised persons are using your account with or without your knowledge, we may, without prior notice, suspend your rights to access and use the Lawcadia Platform. We will use reasonable efforts to limit any suspension to particular users where this is appropriate in the circumstances. You will be able to re-instate your access via our help desk, subject to our security procedures.
5. We provide high standards of service
5.1 We provide our services with care
We provide the Lawcadia Platform and our services with due care and skill.
5.2 We operate the Lawcadia Platform 24/7
We use reasonable efforts to keep the Lawcadia Platform available to you and your clients on a 24 x 7 x 365 basis. We maintain the Lawcadia Platform regularly to keep it up to date with technology, threats to our security and functionality to support law firms and clients.
5.3 We provide support via our help desk
We provide a help desk that is able to receive notifications of incidents, problems and defects relating to the Lawcadia Platform by email and telephone. The Help Desk accepts notifications by telephone from 7:00am – 5:00pm London time only and receives email notifications on a 24×7 basis.
5.4 We keep Lawcadia.co.uk secure
We take information security very seriously. The Lawcadia Platform is certified to ISO 27001:2013 information security standards and we implement appropriate technical and organisational measures to protect data on the Lawcadia Platform.
5.5 But we cannot guarantee everything
Save as expressly provided in these Terms, we make no other warranties, express or implied representations or guarantees as to merchantability and/or fitness for any particular purpose and we do not guarantee that our services are error free. We do not guarantee that you will be instructed to perform any legal work by making use of the Lawcadia Platform. Nothing in these Terms is intended to exclude any implied conditions, guarantees or warranties or any remedies that may be available to you under any applicable laws or regulations, but only so far as those implied conditions, guarantees, warranties or remedies may not be excluded by express agreement.
6. You must comply with our conditions of use
The Lawcadia Platform is used to manage confidential legal work. We need to protect the integrity and security of the Lawcadia Platform and our intellectual property rights. You agree:
(a) not to misuse the Lawcadia Platform;
You agree not to upload to or transmit via the Lawcadia Platform or the Website any materials or information that: (i) you do not have the right to disclose (such as confidential information of others); (ii) infringe the intellectual property rights of others; or (iii) would breach any applicable laws or regulations.
(b) not to infringe our rights;
You agree not to infringe our intellectual property rights, including by using the name Lawcadia or our logos in any business name, email or URL (except with our prior written agreement).
(c) not to copy the Lawcadia Platform or Website;
You agree not to copy or use the information, content, material or data on the Lawcadia Platform or our Website (other than as expressly permitted by these Terms), or monitor the Lawcadia Platform or the Website’s availability, performance or functionality, in order to compete with our business.
(d) not to breach our security or otherwise harm the Lawcadia Platform or the Website;
You agree not to intentionally or recklessly: (i) override any security feature of the Lawcadia Platform or the Website, including by using or attempting to use another law firm’s account on the Lawcadia Platform or by accessing the Lawcadia Platform through interfaces that have not been expressly made available by Lawcadia; or (ii) use the Lawcadia Platform or the Website in any way that would be likely to interrupt, interfere, impair or degrade the Lawcadia Platform or the Website, including posting to or uploading via the Lawcadia Platform or the Website any materials, information, website links or other content or communications that contain software viruses, worms or any other harmful code.
7. Intellectual property rights, content, confidentiality and privacy
7.1 Lawcadia is a platform that is designed to permit clients to share information with law firms – and vice versa – on a confidential basis
The Lawcadia Platform permits clients and law firms to disclose information, content, material and data (“user content”) to each other for the purposes of procuring – or tendering for – legal work and for managing and gaining insight into legal matters that are registered on the Lawcadia Platform. All user content is confidential. It may include a broad range of information about business affairs, products, transactions, disputes, trade secrets, know how and individuals, whether proprietary or not.
We explain below how user content may be used and disclosed by us, by you and by your clients.
7.2 You own your user content but we can use it on a confidential basis for your client
(a) You (or your licensors) shall retain ownership of any intellectual property rights in user content that you communicate, transmit, submit, display, distribute, upload, post, share or otherwise make available on or through the Lawcadia Platform, including your profile and any pitches, proposals or financial reporting information submitted via the Lawcadia Platform.
(b) We will keep your user content confidential and we will only disclose it to the client for whom your user content has been prepared and to the client’s officers, employees and contractors who have been granted access to and use of the Lawcadia Platform. We will not disclose, display or permit access to any of your user content which relates to one client to any other client or other third party without your prior written consent, except as stated below.
(c) We need the right to use your user content in order to operate the Lawcadia Platform and to provide our services to your clients. You hereby grant us a non-exclusive right to use, store, copy and display your user content on the Lawcadia Platform to facilitate the provision of services to you and to your client anywhere in the world, for so long as your client has an agreement that allows them to use the Lawcadia Platform. We will not be required to obtain any further consent, notice or compensation to use your user content for these purposes.
(d) We cannot allow you to revoke the permissions that you have given us in relation to your user content, so far as and for so long as the user content is stored or used by your client. You also agree that your ability to access your user content in relation to matters that are registered on the Lawcadia Platform for a particular client may be restricted or withdrawn in whole or in part at any time by that client and we shall have no liability to you for any such restriction or withdrawal. You may ask your client – but not us – to delete or return any user content that you have submitted to them via the Lawcadia Platform.
(e) We may disclose your user content to our affiliates, officers, employees, contractors or professional advisers (including insurers) on a need to know basis for the purposes of operating the Lawcadia Platform, and then only if the relevant parties are bound by professional, legal or contractual duties of confidence in respect of such confidential information. We may grant equivalent rights to such third parties as you grant us for the purposes described in these Terms.
7.3 You can use your clients’ content on the Lawcadia Platform on a confidential basis for the purposes for which it is disclosed to you
(a) You may also use any of your client’s user content that is disclosed to you, but only for the relevant client and for the purposes for which it was disclosed to you (such as for responding to a request for tender) or for such other purposes as may be permitted by agreement with your client.
(b) You will also keep your client’s user content confidential in accordance with whatever contractual or non-contractual (e.g. professional, legal or statutory) duties of confidence may exist between you and your client. If you do not have any such duties, then you agree to keep your client’s user content confidential pursuant to these Terms, except as may be permitted by agreement with your client or in accordance with the expressly permitted disclosures set out below.
(c) For the avoidance of doubt, the restrictions in these Terms do not apply to any information that is not disclosed to you via the Lawcadia Platform or by us or our affiliates.
7.4 We own the Lawcadia Platform and Website but you can use our content
(a) All intellectual property rights in or to the Lawcadia Platform and Website and all information, content, material or data displayed on the Lawcadia Platform and Website belong to us (or our affiliates or licensors), except for user content, and all our rights are reserved.
(b) You may not and may not permit any third party to use, copy, modify, publish, extract, display, disclose, license, transfer, reproduce, or create derivative works from any information, content, material or data displayed on the Lawcadia Platform and Website without our prior written consent, but you may use, print, copy, download or store such information, content, material or data for your own internal business operations.
(c) Some of the information, content, material or data that we may disclose to you (whether via the Lawcadia Platform or otherwise) is confidential, including any details regarding any fees that we are entitled to charge you and information that we may share with you regarding the design, integrity, security or functionality of the Lawcadia Platform. You agree to keep our confidential information confidential and not to: (a) disclose it to any third party without consent from us, except in accordance with the expressly permitted disclosures set out below; or (b) use it for any purpose other than the purpose for which it has been disclosed to you.
(d) You may only disclose our confidential information to your partners, employees, contractors or professional advisers (including insurers) on a need to know basis for the purposes of complying with these Terms or making proper use of the Lawcadia Platform and then only if the relevant parties have agreed to terms of confidentiality at least as onerous as those set out in these Terms or are subject to professional, legal or statutory duties of confidence in respect of such confidential information.
(e) In addition, Lawcadia® is a registered trade mark and you may not use our name or represent that you are affiliated with us other than to tell others that you are registered on the Lawcadia Platform.
7.5 Some of the usual exceptions apply
The confidentiality restrictions in these Terms shall not apply to any information that:
(a) you or we can demonstrate is in the public domain (other than as a result of a breach of these Terms); or
(b) you or we are required to disclose by law or by order of a court of competent jurisdiction, but then only to the extent of such required disclosure.
7.6 Your client is a controller of personal data contained in all user content that relates to their matters, unless otherwise agreed
(a) Your client will be an independent controller of any personal data contained in your user content. We act as a data processor on behalf of your client in relation to any processing of such personal data on the Lawcadia Platform and process such personal data on the documented instructions of your client in accordance with data processing terms that we have in place governing our relationship with your client.
(b) You are responsible for having separate terms in place with your client to determine the basis on which any personal data in your user content or your client’s user content that is shared via the Lawcadia Platform may be used or processed by you and your client.
(c) You are also responsible for all consents from and/or notifications to individuals or data subjects whose personal data is disclosed to us in your user content, as required by applicable laws and regulations.
(d) Please consult with your client for details of how your client uses personal data disclosed in your user content or otherwise made available to your clients via the Lawcadia Platform. We are not responsible for any processing undertaken by or on behalf of your client with respect to any of such personal data.
7.7 We also process your user account details on your behalf
Although your client will be the controller of your user content that is submitted on the Lawcadia Platform, you will remain the controller of user log in credentials and profile information (“profile information”) that is associated with each of your user accounts. We will process your profile information accordance with the Law Firm Data Processing Addendum to these Terms.
7.8 We also process your personal data for our own limited purposes
We also process personal data for our own limited purposes, such as customer relationship management and billing. We will not use any of your profile information on the Lawcadia Platform for sales or marketing purposes, but we do operate our own sales and account management systems. We do not use personal data for marketing purposes unless we have a lawful basis for doing so and have obtained any consents or made any notifications required at law. Please refer to our UK Privacy Notice for information about personal data that we process as a controller.
8. Subscription fees
8.1 We offer alternate plans for law firms based on their use of Lawcadia
(a) We offer access to the Lawcadia Platform to law firms based on a number of different plans, tailored for different types of law firms, their varying client bases and their use of Lawcadia.
(b) Under our Entry Level plan, your law firm pays a monthly subscription fee per client based on the spend of each client with your law firm.
(c) Under our enterprise plans, your law firm can get access to additional Lawcadia functionality for use with multiple clients, with fees as agreed based on the functionality, number of users and client access.
(d) You must have a plan in place to use the Lawcadia Platform with your clients. Please contact us if you would like to know more about the different plans available to your law firm.
8.2 Payment terms
All of our invoices shall be payable by you within 14 days of the date of the invoice.
All sums required to be paid or other consideration to be provided under or in connection with these Terms for taxable supplies of goods or services are to be treated as exclusive of any goods and services or other value added taxes that may be charged on such sums or other consideration. We will add to our invoices, and you shall be liable to pay, the amount of any goods and services or other value added taxes applicable to the sums or other consideration payable by you at the prevailing rates.
9.1 Neither we or you will be liable for indirect loss
In no circumstances whatsoever will either we or you be liable (whether such liability arises under tort including negligence, under contract or otherwise) for: (a) any indirect or consequential loss or damage or any special or exemplary loss or damage; or (b) any loss of profits, revenues, business, employment or goodwill (whether such losses are direct or indirect).
9.2 We will not be liable for matters that are outside of our reasonable control
We shall not be in breach of these Terms or otherwise be liable to you (whether under tort including negligence, contract or otherwise) for any matter outside of our reasonable control, including:
(a) any failure or delay in performing our obligations under these Terms to the extent that such failure or delay is due to any event or circumstance which could not have reasonably been prevented or avoided by us taking reasonable precautions;
(b) any claim arising out of a breach in the privacy or security of communications or data transmitted over or using your equipment, software, systems or services;
(c) any claim caused from a breach by you of these Terms or by your negligence; or
(d) the confidentiality or security of any of your user content when transmitted over or stored on your, your client’s or any third party’s communications networks, equipment or systems.
9.3 You agree to mitigate your loss
You agree to mitigate any loss, damage, cost, expense or other liability that you may suffer in connection with your use of the Lawcadia Platform or any of our services.
9.4 Nothing excludes liability for fraud
Nothing in these Terms will limit or exclude our or your liability for fraud or fraudulent misrepresentation, personal injury or death arising from our or your negligence or any other matter for which it would be illegal or void at law to limit or exclude liability, even if these Terms would otherwise suggest that such liability is excluded or limited.
9.5 Our affiliates and contractors will not have liability to you
Your relationship is with us and you agree not to bring any claim or initiate any proceedings against our affiliates, contractors or their and our employees or directors (our “Related Parties”). In any event, our Related Parties shall have the benefit of and be entitled to enforce the limitations and exclusions of liability that are expressed for our benefit in these Terms.
10. We may suspend access to the Lawcadia Platform where we have good grounds to do so
We may at any time, suspend your access to the Lawcadia Platform, without liability to you, where:
(a) you are in material breach of these Terms;
(b) you have failed to pay any fees to us when they are due;
(c) we are required to by law or order of a court or other governmental or regulatory authority having jurisdiction over us; or
(d) we consider it necessary for our legitimate business purposes such as upgrading or maintaining the Lawcadia Platform or dealing with actual or suspected security incidents or flaws.
You will be able to contact our help desk for information if your access to the Lawcadia Platform has been suspended.
11. You cancel your registration to the Lawcadia Platform at any time on 30 days’ notice
You may cancel your relationship to the Lawcadia Platform at any time, in general or with respect to a particular client or user, on 30 days’ written notice to us, unless you have agreed otherwise with us.
12. We may also cancel your registration to the Lawcadia Platform on 30 days’ notice, unless we have agreed otherwise with you
We may cancel your registration to Lawcadia Platform at any time, in general or with respect to a particular client or user, on 30 days’ written notice to you.
13. Cancellation will not affect any of our or your existing rights
13.1 Any provisions in these Terms that must continue after cancellation in order to have their intended effect shall continue in force following cancellation.
13.2 Cancellation will not affect any rights or remedies that we or you have accrued up to the effective date of cancellation.
14. Please note the fine print set out below
If you want to send us notices or service of process, please contact us:
(a) online at: [email protected]; or
(b) by phone at: +44 20 3318 2511
We may send you notices or service of process using the contact details provided with your registration and not to an Authorised User.
14.2 Contracting entity; Governing law
(a) Your contract with Lawcadia will be formed with Lawcadia (UK) Limited (Company no.: 11845823). These Terms shall be governed by and construed in accordance with the laws of England. You agree to submit to the non-exclusive jurisdiction of the courts of England.
(b) If you are not located in the United Kingdom, the European Economic Area (EEA) or Switzerland (the “Region“), then these Terms do not apply to you. Please consult Lawcadia.com for the terms and conditions applicable to your use of the Lawcadia Platform.
(c) Your location shall be determined according to the location in which your firm is incorporated or established. If you have offices or subsidiaries incorporated or established both inside and outside of the Region, you will be deemed to have a separate agreement in place on the terms and conditions available at Lawcadia.com in respect of your use outside of the Region.
14.3 We reserve the right to make changes
We reserve the right to amend these Terms at any time on 30 days’ notice to you. Notice may be given via the Lawcadia Platform. We will not make any of the following changes without your prior written consent:
(a) any changes to your plan or changes to these Terms that result in an increase to your subscription fees; or
(b) any changes that adversely affect the standards of confidentiality or security set out in these Terms.
14.4 Anti-bribery and compliance
You acknowledge that the Lawcadia Platform may be used as a platform for companies to find, engage and manage law firms, and for law firms to win new work. Accordingly, you and we agree not to:
(a) commit any act or omission which would or could cause you, us, any client or any authorised user of the Lawcadia Platform to breach or commit an offence under any laws relating to anti-bribery or anti-corruption;
(b) pay, offer, promise, give or authorise any financial or other advantage directly or indirectly to any client or other authorised user of the Lawcadia Platform that would or may induce that client or such authorised user or any person affiliated with them:
(i) to breach a position of trust or duty of good faith or impartiality;
(ii) to breach these Terms;
(iii) to contravene any applicable fraud, anti-bribery or anti-corruption law;
(c) do anything to cause any person to use their influence improperly to obtain or retain business with you or any other person.
Each party shall promptly notify the other of any breach of this clause unless such notice would constitute a breach of law or regulation.
14.5 No Agency
Nothing in these Terms is intended to or shall operate to create a partnership or joint venture of any kind between the parties or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
14.6 Entire Agreement
These terms and separate agreements relating to subscription fees constitute the entire agreement and understanding between you and us in respect of the matters dealt with in them and supersede and cancel any previous agreement in relation to such matters notwithstanding the terms of any previous agreement or arrangement expressed to survive termination. You agree that you do not rely on, and shall have no remedy in respect of, any statement, representation, warranty or undertaking (whether negligently or innocently made) other than as expressly set out or referred to in or expressly incorporated into these Terms by reference or in any agreement relating to subscription fees. Nothing in this clause shall operate to exclude or limit any liability for fraud or fraudulent misrepresentation by you or us.
14.7 No third party rights
None of these Terms shall be enforceable by any person who is not a party to them, save for your and our successors and permitted assigns, except as expressly provided herein. We and you may agree to vary or rescind these Terms or any provision of them without the consent of any person who is not a party to these Terms.
14.8 No assignment
Neither party may assign, novate or otherwise dispose of any or all of their rights or obligations under these Terms without the other party’s prior written consent. A change in our or your legal status shall not affect the validity of these Terms and these Terms shall be binding on any successor body or partners.
14.9 No waiver
The rights and remedies provided by these Terms may be waived only in writing in a manner that expressly states what such waiver is intended for, and such waiver shall only be operative with regard to, the specific circumstances referred to by that party.
If any of these Terms is held invalid, illegal or unenforceable for any reason by any court of competent jurisdiction, such provision shall be severed without effect to the remainder of the provisions with respect to that jurisdiction. All other Terms will remain in full force and effect and the severed Term will continue to have effect in other jurisdictions where it has not been held invalid, illegal or unenforceable.
14.11 No lawyer-client relationship
These Terms are not intended to govern the engagement of any law firm by any client through the Lawcadia Platform. You are responsible for putting in place terms and conditions that govern your engagement for any matter on which you are instructed, whether or not the matter has been procured through the Lawcadia Platform or is being managed by Lawcadia. We do not have a lawyer-client relationship of any kind with you or with any client.
In these Terms:
(a) where any other word is given a particular meaning, it shall be interpreted in a consistent manner throughout these Terms unless the context otherwise requires;
(b) a reference to a party shall mean either you or us, or you and us, unless the context otherwise requires;
(c) a reference to a clause shall be to a clause of these Terms;
(d) a reference to a document is a reference to the document as from time to time supplemented, varied, assigned and/or novated;
(e) the singular includes the plural and vice versa and the masculine includes the feminine and the neuter genders and vice versa;
(f) a reference to a person shall mean a natural person, legal entity, body corporate or an unincorporated body;(g) a reference to an individual shall mean a natural person, unless the context otherwise requires;
(h) a reference to writing shall include fax transmission, email and similar means of communication; and
(i) the words “include”, “including”, “includes”, “such as”, “in particular” and any similar expression are to be construed as if they were immediately followed by the words “without limitation”, and any word following the term “other” or any similar expression shall not have their meaning limited by any of the words preceding that term or expression.
Version 1.0 | Applicable from September 2022
This Data Processing Addendum (“DPA”) forms part of the agreement between Lawcadia (UK) Ltd (ACN 607 954 843) (“Lawcadia”) and any law firm to whom Lawcadia’s UK Law Firm Terms and Conditions apply (the “Law Firm” or “you“).
1.1 “Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
1.2 “Data Protection Law” means all data protection and privacy laws applicable to the Processing of Personal Data under the Main Agreement, including (where applicable) UK Privacy Law and EU Privacy Law.
1.3 “Data Subject” shall be interpreted in accordance with applicable Data Protection Law.
1.4 “EU Privacy Law” means the General Data Protection Regulation (Regulation EU 2016/679) and any subordinate laws or regulations relevant to privacy or data protection.
1.5 “Law Firm’s Personal Data” means the Personal Data described in Schedule 1.
1.6 “Main Agreement” means collectively, the written agreement between Law Firm and Lawcadia for the provision of the Services to the Law Firm, and the UK Terms & Conditions for Law Firms.
1.7 “Personal Data” means any information relating to an identified or identifiable Data Subject.
1.8 “Personal Data Breach” means a breach of security of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.
1.9 “Process” and “Processing” has the same meaning as in the GDPR.
1.10 “Processor” means an entity that Processes Personal Data on behalf of a Controller.
1.11 “Services” means any offering, including customer support services, provided by Lawcadia to a Law Firm pursuant to the Main Agreement.
1.12 “Sub–Processor” means any Processor engaged by Lawcadia.
1.13 “UK Privacy Law” means the General Data Protection Regulation (Regulation EU 2016/679) as incorporated into the laws of the United Kingdom and amended by the European Union Withdrawal Act 2018 (as amended), the Data Protection Act 2018 and any subordinate laws or regulations relevant to privacy or data protection.
Any other capitalised terms (or terms beginning with a capital letter) that are used but not defined in this DPA shall be given their meaning in accordance with the Main Agreement.
2.1 As between Lawcadia and Law Firm, Lawcadia will Process Law Firm’s Personal Data under the Main Agreement only as a Processor acting on behalf of the Law Firm as described in Schedule 1 and in the UK Law Firm Terms and Conditions.
3. Law Firm obligations
3.1 Law Firm will, in its use of the Services, comply with its obligations under Data Protection Law in respect of its Processing of Personal Data and any Processing instructions it issues Lawcadia. Law Firm represents that it has all rights and authorisations necessary for Lawcadia to Process Personal Data pursuant to the Main Agreement.
4. Lawcadia obligations
4.1 Lawcadia will comply with its Processor obligations under the Data Protection Law and will Process Personal Data in accordance with Law Firm’s documented instructions, including as set out in the Main Agreement and this DPA.
4.2 Lawcadia shall immediately inform the Law Firm if, in its opinion, it considers that an instruction from the Law Firm is in breach of Data Protection Laws. Lawcadia shall be entitled (but not obliged) to suspend execution of the instructions concerned, unless and until the Law Firm confirms such instructions in writing and Lawcadia is satisfied that such instructions will not put Lawcadia in breach of Data Protection Laws.
4.3 A description of the Personal Data, the subject-matter and duration of the Processing, the nature and purposes of the Processing, the type of Personal Data and categories of Data Subjects is set out in Schedule 1 (Details of Processing). This DPA shall not apply to Personal Data that Lawcadia processes as a Controller, as described in the UK Privacy Notice.
5.1 Lawcadia engages Sub-processors to provide certain services on its behalf. Law Firm consents to Lawcadia engaging Sub-processors to Process Personal Data under the Main Agreement. In particular, Lawcadia uses Amazon Web Services as its data hosting provider. Lawcadia will be responsible for any acts, errors or omissions of its Sub-processors that cause Lawcadia to breach any of Lawcadia’s obligations under this DPA.
5.2 Where Lawcadia engages a Sub-processor, Lawcadia will:
5.2.1 Restrict the Sub-processor’s access to the relevant Personal Data for the purposes described in this DPA and the Main Agreement and we will prohibit the Sub-processor from accessing Personal Data for any other purposes; and
5.2.2 enter into an agreement with each Sub-processor that obligates the Sub-processor to protect the Personal Data to the standards required in this DPA and the Main Agreement.
5.3 A list of our authorised Sub-processors shall be provided to the Law Firm at the time on which any agreement or order is entered into with Lawcadia, Lawcadia will provide the Law Firm with reasonable prior notice via email or such other electronic means as Lawcadia may use from time to time (such as in-app messaging on the Lawcadia Platform) if Lawcadia intends to make any changes to such Sub-processors. The Law Firm may object in writing to any such appointment of a new Sub-processor within 14 days of the date of such notice, provided that such objection is based on reasonable grounds relating to data protection. In any event, the Law Firm will discuss such concern with Lawcadia in good faith with a view to achieving resolution. In this is not possible, Lawcadia may suspend or terminate the Services without prejudice to any fees incurred before suspension or termination. If the Law Firm has raised a concern regarding a Sub-processor in accordance with this clause 3, and the parties have not been able to resolve such concern within 30 days following the date of the Law Firm’s notification, the Law Firm shall have the right to terminate the Services to the extent that they are provided by the relevant Sub-processor or, if the Services cannot be terminated in part, the Law Firm may terminate the Main Agreement. Termination shall be the Law Firm’s sole and exclusive remedy with respect to the appointment of a Sub-processor to whom the Law Firm may object.
6. Security Measures
6.1 Lawcadia will implement and maintain appropriate technical and organisational security measures to protect against Personal Data Breaches and to preserve the security and confidentiality of Personal Data Processed by Lawcadia on behalf of the Law Firm in the provision of the Services, a summary of which is included in Schedule 2 (“Security Measures”). Lawcadia may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Law Firm.
6.2 Law Firm is responsible for using and configuring the Services in a manner which enables Law Firm to comply with Data Protection Laws, including implementing appropriate technical and organisational measures.
6.3 Lawcadia will ensure that its personnel required to access Law Firm’s Personal Data are subject to a binding duty of confidentiality in respect of such Personal Data (whether statutory, contractual or otherwise).
7. Personal Data Breach Response
Upon becoming aware of a Personal Data Breach, Lawcadia will notify Law Firm without undue delay and will provide information relating to the Personal Data Breach as reasonably requested by Law Firm. Lawcadia will use reasonable endeavours to assist Law Firm in mitigating, where possible, the adverse effects of any Personal Data Breach.
8.1 Lawcadia will make available to the Law Firm at its reasonable request all information necessary to demonstrate compliance with the obligations set out in this DPA and allow for and contribute to audits, including inspections, conducted by the Law Firm or another auditor mandated by the Law Firm, except if and to the extent that providing such information or permitting such an audit would place us in breach of law or cause us to infringe the rights (including the rights in intellectual property or confidential information) of any of Lawcadia’s other customers. No more than one audit may be conducted in any calendar year, except if and when required by instruction of a competent data protection authority. Lawcadia shall be entitled to recover its reasonable costs of complying with requests for information and audits from the Law Firm on demand.
8.2 Lawcadia audits its compliance against data protection and information security standards on a regular basis. Such audits are conducted by third party auditors engaged by Lawcadia. Where Lawcadia has appoint a third party auditor to assess any of its technical or organisational measures to protect Personal Data (for the purposes of any industry certification or otherwise, including ISO27001 certification), Lawcadia may make available to Law Firm a summary of its most recent audit report or certificate in lieu of providing other information or allowing for other audits by you or another auditor.
8.3 Where the Law Firm wishes to undertake an audit or obtain information in accordance with clause 1, the Law Firm shall coordinate (at Lawcadia’s reasonable request) with any other client or third party seeking to undertake an audit or obtain similar information.
9. Data Transfers and Exports
9.1 Without prejudice to the restrictions set out in Data Protection Laws and to the process of appointing Sub-processors in this DPA, Lawcadia may transfer and Process Personal Data to and in any locations around the world where Lawcadia or its Sub-processors maintain data Processing operations.
9.2 Lawcadia will at all times provide an adequate level of protection for the Personal Data Processed in accordance with Data Protection Laws. In particular, Lawcadia may transfer Personal Data to a third country outside the United Kingdom where the transfer is:
9.2.1 To a recipient in an Adequate Territory;
9.2.2 To a recipient that has achieved binding corporate rules authorisation in accordance with Data Protection Law; or
9.2.3 To a recipient that has executed the Standard Contractual Clauses.
9.3 In certain limited circumstances, Lawcadia may transfer Personal Data in the absence of such safeguards where permitted under Data Protection Law (including where necessary for the establishment, exercise or defence of legal claims).
9.4 For the avoidance of doubt, the Law Firm is responsible for ensuring that any transfers of Personal Data that it makes using the Services comply with Data Protection Law, including where any functionality allows the Law Firm to disclose Personal Data to other users via the Services or via communications or messages sent using them.
10. Deletion or Return of Personal Data
Following expiration or termination of the Main Agreement, Lawcadia will delete or return to Law Firm all Personal Data in Lawcadia’s possession, except to the extent Lawcadia is required by applicable law to retain some or all of the Personal Data (in which case Lawcadia will archive the data and implement reasonable measures to prevent the Personal Data from any further Processing and the terms of this DPA will continue to apply to such Personal Data).
11.1 Lawcadia shall, taking into account the nature of the Processing of Personal Data pursuant to this DPA, assist the Law Firm by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Law Firm’s obligations to respond to requests by Data Subjects to exercise their rights and in completing data protection impact assessments required under Data Protection Law.
11.2 If Lawcadia receives any requests from individuals or applicable data protection authorities relating to the Processing of Personal Data under this DPA, including requests from individuals seeking to exercise their rights under Data Protection Law, Lawcadia will promptly redirect the request to the Law Firm. Lawcadia will not respond to such communication directly without Law Firm’s prior authorisation, unless legally compelled to do so. If Lawcadia is required to respond to such a request, Lawcadia will promptly notify Law Firm and provide Law Firm with a copy of the request, unless legally prohibited from doing so.
11.3 Lawcadia will reasonably co-operate with Law Firm, at Law Firm’s expense and taking into account the nature of the processing, to permit Law Firm to respond to any requests from individuals or applicable data protection authorities relating to the Processing of Personal Data under this DPA to the extent that Law Firm is unable to access the relevant Personal Data in their use of the Services.
11.4 To the extent required by EU Data Protection Law, Lawcadia will, upon reasonable notice and at Law Firm’s expense, provide reasonably requested information regarding the Services to enable Law Firm to carry out data protection assessments and/or consultations with data protection authorities.
12.1 Any claims brought under this DPA will be subject to the terms and conditions of the Main Agreement, including the exclusions and limitations set forth in the Main Agreement, to the fullest extent permitted under applicable law.
12.2 In the event of any conflict between this DPA and any privacy-related provision in the Main Agreement, the terms of this DPA will prevail, but only to the extent of the conflict.
12.3 Lawcadia may modify the terms of this DPA as provided in the Main Agreement, in circumstances such as (a) if required to do so by a supervisory authority or other government or regulatory entity; (b) if necessary to comply with Data Protection Law; or (c) to implement or adhere to standard contractual clauses, approved codes of conduct or certifications or other compliance mechanisms which may be permitted under Data Protection Law. Supplemental terms may be added as an Annex or Appendix to this DPA where such terms only apply to the Processing of Personal Data under the Data Protection Law of specific countries or jurisdictions. Lawcadia will provide notice of such changes to the Law Firm, and the modified Addendum will become effective, in accordance with the terms of the Main Agreement.
SCHEDULE 1 – DETAILS OF PROCESSING
DESCRIPTION OF PROCESSING
|Categories of data subjects whose personal data is transferred:
|Law Firm’s personnel and end users.
|Categories of personal data transferred:
|Law Firm personnel and end user information, such as login credentials, contact information, employee ID, job title and organisation and other profile information; and login location (e.g. city/country/region).
|Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
|Lawcadia does not process sensitive Personal Data.
|The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):
|Nature of the processing:
|Processing to facilitate the purposes set out below.
|Purpose(s) of the data transfer and further processing:
|Lawcadia processes Personal Data as necessary to:
· Provide the services under the Main Agreement;
· Perform its obligations under the Main Agreement and this DPA;
· Improve, enhance or analyse the performance of the Services;
· Comply with applicable laws and regulations; and
· Comply with or assist the Law Firm in complying with Data Subject requests.
|The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
|On termination of the Main Agreement, or on request by the Law Firm, whichever is earlier, unless applicable law requires Lawcadia to retain the Personal Data for longer.
SCHEDULE 2 – Technical & Organisational Security Measures
All data on Lawcadia is encrypted both at rest and in transit.
Lawcadia has an Information Security Management System (ISMS) that is audited to ISO 27001 requirements. The overall aim of Lawcadia’s ISMS is to ensure that data remains confidential, retains its integrity and remains available for use.
As part of Lawcadia’s ISMS, it has a Disaster Recovery Plan that is regularly tested to ensure availability and access to Personal Data can be restored in a timely manner in the event of a physical or technical incident.
Lawcadia has various policies and processes in place for testing assessing and evaluating the effectiveness of Lawcadia’s measures, including regular ISMS management committee meetings, Risk and Threat Assessment and treatments, QA processes and automated testing prior to deploying platform upgrades, regular independent penetration tests and annual ISO 27001 certification audits.
Account creation and passwords, Single Sign-On, Automatic provisioning and de-provisioning available
All data on Lawcadia is encrypted both at rest and in transit.
All data on Lawcadia is encrypted both at rest and in transit.
Lawcadia’s office is subject to keycard access, and the building and floors are locked-down out of hours. However, personal data is not processed on Lawcadia’s premises, but processed at AWS locations within Australia (or such other hosting location specified in the Main Agreement) and protected by the security and environmental controls of AWS.
All key actions on the Lawcadia platform are logged. Log activities are investigated when necessary and escalated appropriately.
The Lawcadia platform is a highly configurable platform. As part of Lawcadia onboarding a new client, Lawcadia will either:
IT and IT security governance and management are covered by Lawcadia’s ISO 27001-audited ISMS.
Lawcadia has a number of policies and processes to ensure assurance of its platform, including Release Management Procedures, Patch & Maintenance Procedures, Infrastructure Back-up Procedures and Platform Monitoring Procedures. These policies and processes are independently certified and audited annually as part of our ISO 27001 audit.
Lawcadia’s Law Firms unilaterally determine what Law Firm data they send to Lawcadia’s services and how the services are configured. Lawcadia provides tools within its service that gives customers control over exactly what data enters our platform.
Lawcadia only collects data that is required for the efficient use of its platform and to allow the Law Firm to utilise the platform in the manner contemplated by the Main Agreement.
Each Lawcadia Law Firm chooses what Law Firm data they send to Lawcadia’s services. Lawcadia ensures that data quality is maintained from the time a customer sends their customer data into the services and until the customer data leaves Lawcadia’s services to flow to a downstream destination. Additionally, the overall aim of Lawcadia’s ISMS is to ensure that Law Firm data remains confidential, retains its integrity and remains available for use.
Under the terms of the Main Agreement, Law Firm’s are responsible for when their data is held by Lawcadia.
Lawcadia has adopted measures for ensuring accountability, such as having, as part of Lawcadia’s ISMS, a Crisis Management Plan and Incident Response Plan. As part of these, any failure by Lawcadia to ensure customer data remains confidential must be reported to the customer.
The Lawcadia platform includes certain functionality for allowing customers to export data in various formats. Business Intelligence Reporting is also available to Lawcadia clients on request. Under the terms of the Main Agreement, customers are responsible for when their data is held by Lawcadia.
Lawcadia’s entities in the United Kingdom, Australia and the Philippines comply with the security requirements described in this Schedule.
For AWS, Lawcadia applies encryption at rest and otherwise applies the controls described in this Schedule to its AWS instances.
Transform your legal operations with the award-winning, two-sided intelligent platform built for in-house legal teams and law firms with legal intake & triage, matter management, workflow automation, document automation, collaboration and in-depth reporting.