Personal data and security
You should read this privacy policy before using the LEGAPASS website and its dedicated application.
This site and its application, accessible at URL https://legapass.com/is published by :
- LEGAPASS, a simplified joint stock company with a capital of 1000 euros, registered in the Nice Trade and Companies Register under the number B 904 291 689, whose registered office is located at 4 rue Cluvier 06000 NICE, represented by CHEMIN Jean-Charles, duly authorized President.
- The individual VAT number of the Operator is FR31904291689.
- The Site is hosted by the company Clever Cloud SAS, located 3 rue de l'Allier 44000 NANTES
Contact : 02 85 52 07 69 - support@clever-cloud.com - The Director of the publication of the Site is CHEMIN Jean-Charles, President.
- The Operator can be reached at the following email address contact@legapass.com Tel: +33 1 84 60 20 50
- The Data Protection Officer (DPO) can be reached at the following address dpo@legapass.com.
PREAMBLE
This Privacy Policy tells you everything you need to know about how LEGAPASS protects the personal data we process and control about you, and what rights you may have with respect to that processing. You should therefore read this Privacy Policy before using the LEGAPASS website and its dedicated application.
We take care of your personal data and we are committed to ensuring its confidentiality and security in compliance with the regulations in force, in particular the French Data Protection Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD).
For any clarification of the definition of specific terms in this document, please refer to our T&Cs which we invite you to consult at : https://legapass.com/cgu/
Why is LEGAPASS privacy strengthened?
The service offered by LEGAPASS is specific in that it concerns sensitive personal data inserted by the Customer in the form of a highly secure end-to-end encrypted secret stored in an off-line safe without LEGAPASS having the possibility, at any time, to access it.
As a result, the only personal data we can process are those entered by the Customer when registering on the site or application. LEGAPASS never has access to its users' secrets because they are encrypted from end to end between the user's terminal and the safe, and the decryption key is kept by a bailiff.
LEGAPASS has no way of accessing its users' secrets.
Therefore, this Privacy Policy does not cover User/Customer secrets. The following clarification applies to all other personal data of our Users/Customers.
For any clarification of the definition of secrecy in this document, please refer to our TOS available at https://legapass.com/cgu/
I - How does LEGAPASS protect your personal data?
When you first visit the site www.legapass.com your consent is requested, collected and retained by AxeptioWe use the services of our RGPD compliant provider for the collection of consent and the management of cookies. It is on the basis of this consent to the processing of your data that the following treatments are implemented.
1. The personal information we collect:
When you visit the site www.legapass.com or its dedicated application, we automatically collect certain information about your device, including information about your web browser, your IP address, your time zone and some of the cookies installed on your device.
In addition, as you browse the Site, we collect information about the individual web pages or products you view, the websites or search terms that referred you to the Site, and how you interact with the Site. We refer to this automatically collected information as "device information.
In addition, we collect the personal data you provide to us (including, but not limited to, name, address, payment information, etc.) when you register and sign up for a free, premium or pro membership in order to fulfill the contract.
In accordance with Article 13 et seq. of the GDPR, you will find below a table detailing the categories of personal data that we may collect, subject to the limits set by local laws:
Type of personal data | Type of personal data classified by category |
Identity and identification data | Name, surname, date of birth, nationality, all types of identifiers and contact information (such as e-mail, phone numbers, address) and occasionally, when necessary and for specific purposes, gender, age, place of birth, social security number. |
Business information. | History and records of products and services you have obtained from LEGAPASS. Correspondence between you and us when addressed to a dedicated mailbox or other electronic means of communication, for the purposes of claims payment processing and business follow-up. |
Marketing and research information. | a. Identifiers - an individual's IP address, social media handle or other online identifiers, email/mobile phone number if used for direct marketing, and name and address. b. Demographics - (e.g., income, family status, age range, gender, interests, pets, home ownership, health, current service providers) c. Browsing history data and preferences expressed when selecting, viewing and purchasing goods, services and content, information about your mobile device, including (if applicable) device type, device identification number and mobile operating system. d. Social media content - blogs, posts and anything posted by an individual online or that mentions/references an individual. e. Written or voice chat services (speech-to-text engines for search requests) without being recorded or stored by the mobile device. |
Access data | LEGAPASS may also collect certain types of sensitive information where permitted by local law or with your consent, such as passwords, cryptocurrency wallet seed phrases, digital asset access... |
Information about the position and the profession or job. | Professional or job-related information, such as current job description, job title, employer, work location, and LEGAPASS contact(s). |
System and application access data and information on Internet and electronic network activity. | We may collect data to enable you to access LEGAPASS systems and applications, such as system ID, LAN ID, email account, instant messaging account, mainframe ID, system passwords, and information about activity on the Internet or other electronic networks, including access logs, activity logs, and electronic content generated using LEGAPASS systems. |
Cookies and geolocation data. | We may also collect geolocation data in certain circumstances. Please see our cookie policy for more details about our use of cookies. |
Documents required for formal identification. | LEGAPASS may collect data relating to citizenship, nationality, civil status (passport, residence permit) (in physical and/or electronic form) |
2. Why do we process your personal data?
Our top priority is the security of Customer data and, as such, we may only process minimal user data to the extent absolutely necessary to maintain the LEGAPASS website and application in accordance with the data minimization principle. Information may be collected automatically during the use of the website or its dedicated application. This statistical information is not otherwise aggregated to identify a particular user of the system.
You can visit the website without telling us who you are or revealing any information by which anyone could identify you as a specific, identifiable individual. However, if you wish to use certain features of the website, or if you sign up for a subscription, you must provide us with personal data, such as your e-mail address, first name, last name, place of birth, telephone number.
You can choose not to provide us with your personal data, but you will not be able to take advantage of the website and app features.
3. For what purposes and on what legal basis do we process your personal data?
LEGAPASS uses your personal data for the sole purpose of fulfilling specific objectives. The table below lists the purposes for which LEGAPASS uses your personal data and the legal basis for each purpose.
PURPOSE OF THE PROCESSING | LEGAL BASES |
To manage the contractual relationship between LEGAPASS and the user. | The contract that you have with LEGAPASS materialized by the GTC/CGV. |
To facilitate communication with the user (including in case of emergency, and to provide you with requested information). | Justified on the basis of our legitimate interests in ensuring proper communication and handling of emergency situations within the organization. The contract. |
To operate and manage our business operations as part of the service offering to our customers, their employees/service providers and their customers, for example by collecting their data for surveys, data analysis, marketing research or other purposes. | Justified on the basis of our legitimate interests to ensure the proper functioning of our business activities. |
Ensure compliance with legal requirements. | Necessary to ensure compliance with a legal obligation to which we are subject. |
Monitor the use of our systems (this includes monitoring the use of our website and the applications and tools you use). | Justified on the basis of our legitimate interests in avoiding non-compliance and protecting our reputation. |
Social media monitoring (identifying and evaluating what is being said about LEGAPASS and our clients on social media (only publicly available content) to understand the sentiment, intent, mood and market trends and needs of our stakeholders and thus improve our services. To do this, we conduct keyword research. Our goal is to gain insight into conversation trends over a period of time, not to identify a specific person. To this end, we analyze and monitor conversation streams and track publicly available opinions, statements or other interactions on social networks). | Justified on the basis of our legitimate interest in protecting our assets and brand on social networks but also justified by the need for accurate information for better decision making. |
To improve the security and operation of our website, networks and information. | Justified on the basis of our legitimate interests to ensure the best service to our users. |
Conduct data analysis, i.e., apply analytical processing on business operations and data to describe, predict and improve business performance. | Justified on the basis of our legitimate interests in ensuring the proper functioning of our business operations and the optimal management of our resources. |
Promote our products and services | Justified on the basis of our legitimate interests in conducting and developing our business. |
II - What are your rights in relation to the processing of your personal data?
If you are a European resident, you have the following rights related to your personal data:
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights related to automated decision making and profiling.
If you wish to exercise any of these rights, please contact us at dpo@legapass.com.
With regard to the personal data registered as LEGAPASS secret, all rights are reserved to the user, so their exercise is subject to the conditions of service freely consented by the latter.
In addition, if you are a European resident, please note that we process your information in order to perform the contracts we have with you (for example, if you place an order through the Site), or otherwise to pursue our legitimate business interests listed above.
1. Do we include links to third party websites and programs?
Our website may contain links to other websites that are not owned or controlled by us. We are not responsible for these other websites or the privacy practices of third parties.
We encourage you to be aware when you leave our website or app and to read the privacy statements of each website that may collect personal information.
2. What are our information security practices?
We secure the information you provide on computer servers in a controlled and secure environment, protected from unauthorized access, use or disclosure. We maintain reasonable administrative, technical and physical safeguards to protect against unauthorized access, use, modification and disclosure of personal data in its control and custody.
However, no data transmission over the Internet or a wireless network can be perpetually guaranteed. We therefore invite you to be vigilant in your use of computer tools and networks and to be aware of the risks inherent in their operation and use.
3. May we disclose your data? :
We will disclose any information we collect, use or receive only if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we have a good faith belief that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud or respond to a government request.
However, the data recorded within the framework of LEGAPASS Secrets may not be transferred in any form whatsoever to third parties. Only the user, the legatees or the beneficiaries designated by the user may, after authentication, have access to the secrets at the end of the restitution procedure under bailiff's supervision.
Only in the extreme case of a government request will LEGAPASS be able to transfer the secrets in encrypted form to the authorities. Since we do not have the means to decrypt them, your data will remain secure.
4. Where will your personal data be processed?
All personal data that LEGAPASS collects and processes are kept on French territory. In the event that LEGAPASS' activities are extended to the European Union or beyond, you will be informed and your consent will be sought again in accordance with the European legislation in force.
5. How long will we keep your personal data?
We will only retain your personal data for as long as is strictly necessary. We have specific policies and procedures for managing and retaining records, so that personal data will be deleted after a reasonable period of time according to the following retention criteria:
- We will retain your data for as long as we have an ongoing relationship with you (in particular, if you have an account with us).
- We will only retain your data for as long as your account is active or as long as necessary to provide services to you.
- We will retain your data for as long as is necessary to comply with all our legal and contractual obligations.
III - What other uses are there for your personal data?
1. How do we use cookies and other tracking technologies?
Please see our Cookie Usage Policy for more details including information about your choices regarding advertising cookies, social media cookies and access to our cookie consent manager.
2. Changes and contact information:
This data protection policy may be modified at any time in accordance with the evolution of the regulations in force or in accordance with the evolution of our services. If this is the case, updates will be made and we invite you to consult this section regularly. You may receive an email to inform you of any changes.
If you would like to contact us to understand more about this policy or if you would like to contact us with any questions about your individual rights and your personal information, you can contact us via the email address : dpo@legapass.com
English 
Français 
Deutsch 
Español 
Italiano 
Русский