When you become a registered user of Legado, we will collect certain personal information about you in order to provide you with relevant information or services, or to fulfil our legal obligations. Below you can read more about what information we collect and how.
You can request to exercise your data rights at any time. For more information about your data rights, please refer to our main privacy policy or to the impartial Information Commissioner’s Office.
What kind of personal information do we collect?
Usage data
We may process data about your use of our website and services (“usage data“). Usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. The legal basis for this processing is our legitimate interests, namely monitoring and improving our services. You cannot be identified from this information and it is only used to assist us in providing an effective service.
Account data
We may process your account data (“account data“). The account data may include your name and email address. The source of the account data is not you. The account data may be processed for the purposes of operating our application, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our application and business, as well as the performance of any contract between you and us (or us and the corporate client providing our service to you) and/or taking steps, at your request, to enter into such a contract (or contract with our corporate client providing our service to you).
Service data
We may process your certain personal information provided by you in the course of the use of our services (“service data“). Service data may include name and email address. Service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our application and business, as well as the performance of any contract between you and us (or us and the corporate client providing our service to you) and/or taking steps, at your request, to enter into such a contract (or contract with our corporate client providing our service to you).
Enquiry data
We may process information contained in any enquiry you submit to us regarding products and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent.
Notification data
We may process information that you provide to us (or our corporate client which is providing these services to you) for the purpose of subscribing you too or sending you email notifications (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications. The legal basis for this processing is consent.
Other circumstances
We may process any of your personal information identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal information set out in this section, we may also process any of your personal information where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Please do not supply any other person’s personal information to us, unless we request that you do so.
Who has access to your personal information?
We may disclose your personal information to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
In addition to these specific disclosures of personal information, we may also disclose your personal information where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We will never sell your information to third parties for marketing purposes.
Please note that, operationally, Legado have no internal access to client data due to mandatory encryption of files resting on our servers. If access to personal information is authorised it is tightly restricted to specific personnel who are under a duty to maintain the confidentiality and security of such information.
How long is your information kept for?
This section sets out our data retention policies and procedures, which help to ensure that we comply with our legal obligations in relation to the retention and deletion of personal information. Any personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain and delete your personal information as follows:
- All personal information will be retained for a maximum of seven years following the date it was submitted, at the end of which period it will be deleted from our systems, unless requested by users.
- Notwithstanding the other provisions of this section, we may retain your personal information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How are you keeping my personal information secure?
We are an award winning data and communication platform, selling software as a service and you can learn more about our team and our values on our website.
Privacy is one of our core business values and we take protecting your data very seriously, so if you have any concerns about how we use your data, do not hesitate to contact us at the details below.
Handling your personal information with respect and transparency is an essential part of upholding your data privacy. At Legado, we therefore work to exceed the minimum requirements set by the UK government’s cyber security accreditation scheme Cyber Essentials Plus; we are voluntarily certified by Alcumus ISOQAR to the ISO/IEC 27001:2013 standards.
When you provide us with personally identifying information, we take steps to ensure that appropriate cybersecurity and organisational controls are in place to protect it. These include:
Data encryption
We encrypt data using industry standard algorithms throughout all verification steps. This means that any data input to our systems for verification is securely sent and received. Data is also encrypted at rest when on our servers.
As mentioned above, operationally, Legado have no internal access to client data due to mandatory encryption of files resting on our servers. If access to personal information is authorised it is tightly restricted to specific personnel who are under a duty to maintain the confidentiality and security of such information.
If you have any questions regarding service-related communication please contact us at:
Data Protection Team
Wsm Advisors Connect House, 133-137 Alexandra Road, Wimbledon, London, United Kingdom, SW19 7JY